Login Sign Up

CVE-2023-21117

7.8 HIGH

📋 TL;DR

This vulnerability allows isolated processes on Android 13 devices to register broadcast receivers without proper permissions, bypassing security restrictions. It enables local privilege escalation without requiring user interaction or additional execution privileges. Only Android 13 devices are affected.

💻 Affected Systems

Products:
  • Android
Versions: Android 13
Operating Systems: Android
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects Android 13. Isolated processes are security features that should be restricted from certain system interactions.

📦 What is this software?

Android by Google

View all CVEs affecting Android →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker gains elevated privileges on the device, potentially accessing sensitive data, installing malware, or taking full control of the device.

🟠

Likely Case

Malicious apps could bypass security sandboxing to access protected system functions or data they shouldn't have access to.

🟢

If Mitigated

With proper app isolation and security controls, impact is limited to the specific vulnerable component, but privilege escalation remains possible.

🌐 Internet-Facing: LOW - This is a local privilege escalation vulnerability requiring local access to the device.
🏢 Internal Only: HIGH - Any compromised app or malicious user with physical access could exploit this to escalate privileges on affected Android devices.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires local access and ability to run code on the device. No user interaction needed once code is executing.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Android Security Bulletin May 2023 patches

Vendor Advisory: https://source.android.com/security/bulletin/2023-05-01

Restart Required: Yes

Instructions:

1. Check for Android system updates in Settings > System > System update. 2. Install the May 2023 security patch or later. 3. Reboot device after installation.

🔧 Temporary Workarounds

Disable unknown sources

android

Prevent installation of apps from unknown sources to reduce attack surface

Settings > Security > Install unknown apps > Disable for all apps

🧯 If You Can't Patch

  • Restrict app installations to Google Play Store only
  • Use mobile device management (MDM) to enforce security policies and monitor for suspicious activity

🔍 How to Verify

Check if Vulnerable:

Check Android version in Settings > About phone > Android version. If it shows Android 13 without May 2023 security patch, device is vulnerable.

Check Version:

adb shell getprop ro.build.version.release && adb shell getprop ro.build.version.security_patch

Verify Fix Applied:

Verify Android version is 13 with security patch level May 5, 2023 or later in Settings > About phone > Android security update.

📡 Detection & Monitoring

Log Indicators:

  • Unusual broadcast receiver registrations from isolated processes
  • Permission denial logs for ActivityManagerService

Network Indicators:

  • None - this is a local privilege escalation

SIEM Query:

source="android_system_logs" AND ("registerReceiverWithFeature" OR "ActivityManagerService" AND "permission denied")

📊 Metadata

CVE ID: CVE-2023-21117
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-863
Published: May 15, 2023
Last Updated: January 31, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-21117, you might also want to check these:

CVE-2023-4617 10.0

This vulnerability allows remote attackers to bypass authorization controls in the Govee Home mobile...

Same vulnerability type (CWE-863)
CVE-2025-54253 10.0

CVE-2025-54253 is a critical misconfiguration vulnerability in Adobe Experience Manager Forms that a...

Same vulnerability type (CWE-863)
CVE-2021-38503 10.0

This vulnerability allows malicious iframes to bypass sandbox restrictions when loading XSLT stylesh...

Same vulnerability type (CWE-863)