Login Sign Up

CVE-2023-21127

8.8 HIGH
Remote Code Execution

📋 TL;DR

This vulnerability allows an attacker to execute arbitrary code on affected Android devices by exploiting an uninitialized data condition in the NuMediaExtractor component. Attackers could achieve remote code execution without requiring additional privileges, though user interaction is needed for exploitation. All Android devices running versions 11 through 13 are affected.

💻 Affected Systems

Products:
  • Android
Versions: Android 11, 12, 12L, 13
Operating Systems: Android
Default Config Vulnerable: ⚠️ Yes
Notes: All devices running affected Android versions with default configurations are vulnerable

📦 What is this software?

Android by Google

View all CVEs affecting Android →

Android by Google

View all CVEs affecting Android →

Android by Google

View all CVEs affecting Android →

Android by Google

View all CVEs affecting Android →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full device compromise allowing attacker to install malware, steal sensitive data, or join device to botnet

🟠

Likely Case

Malicious app or file triggers exploit to gain elevated privileges and install persistent malware

🟢

If Mitigated

Exploit fails due to security controls like ASLR, sandboxing, or updated libraries

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires user interaction (opening malicious media file) but no authentication needed once triggered

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Android Security Bulletin June 2023 patches

Vendor Advisory: https://source.android.com/security/bulletin/2023-06-01

Restart Required: Yes

Instructions:

1. Check for Android system updates in Settings > System > System update. 2. Install June 2023 security patch or later. 3. Reboot device after installation.

🔧 Temporary Workarounds

Disable automatic media processing

android

Prevent automatic parsing of media files by untrusted applications

Use alternative media players

android

Use third-party media players that don't use vulnerable NuMediaExtractor component

🧯 If You Can't Patch

  • Restrict installation of untrusted applications
  • Implement network segmentation to isolate vulnerable devices

🔍 How to Verify

Check if Vulnerable:

Check Android version in Settings > About phone > Android version. If version is 11, 12, 12L, or 13 without June 2023 security patch, device is vulnerable.

Check Version:

adb shell getprop ro.build.version.security_patch

Verify Fix Applied:

Verify Android Security Patch Level shows 'June 5, 2023' or later in Settings > About phone > Android version

📡 Detection & Monitoring

Log Indicators:

  • Media process crashes
  • Unexpected system service restarts
  • Privilege escalation attempts

Network Indicators:

  • Unusual outbound connections from media-related processes
  • Command and control traffic from unexpected sources

SIEM Query:

process_name:mediaserver AND (event_type:crash OR privilege_change:escalation)

📊 Metadata

CVE ID: CVE-2023-21127
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-908
Published: June 15, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-21127, you might also want to check these:

CVE-2021-26305 9.8

CVE-2021-26305 is a deserialization vulnerability in the cdr crate for Rust that allows a malicious ...

Same vulnerability type (CWE-908)
CVE-2020-36443 9.8

This vulnerability in libp2p-deflate crate for Rust allows reading uninitialized memory due to passi...

Same vulnerability type (CWE-908)
CVE-2020-36452 9.8

This vulnerability in the array-tools Rust crate allows attackers to cause memory corruption by expl...

Same vulnerability type (CWE-908)