CVE-2023-21355 – CVE-2023-21355 is a use-after-free vulnerabilit... (How to Fix)

Q: What is the severity of CVE-2023-21355?

CVE-2023-21355 has a CVSS score of 7.8 (HIGH). CVE-2023-21355 is a use-after-free vulnerability in Android's libaudioclient library that allows local privilege escalation without user interaction. Attackers can exploit this to gain elevated system privileges on vulnerable Android devices. This affects Android devices running vulnerable versions of the operating system.

📋 TL;DR

CVE-2023-21355 is a use-after-free vulnerability in Android's libaudioclient library that allows local privilege escalation without user interaction. Attackers can exploit this to gain elevated system privileges on vulnerable Android devices. This affects Android devices running vulnerable versions of the operating system.

💻 Affected Systems

Products:

Android

Versions: Android versions prior to Android 14

Operating Systems: Android

Default Config Vulnerable: ⚠️ Yes

Notes: All Android devices running vulnerable versions are affected regardless of manufacturer or specific device model.

📦 What is this software?

Android by Google

View all CVEs affecting Android →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise allowing attackers to execute arbitrary code with system privileges, install persistent malware, access sensitive data, and bypass security controls.

🟠

Likely Case

Local privilege escalation allowing malicious apps to break out of sandbox restrictions and access system resources they shouldn't have permission to access.

🟢

If Mitigated

Limited impact with proper app sandboxing and security controls in place, though privilege escalation would still be possible if exploited.

🌐 Internet-Facing: LOW - This is a local privilege escalation vulnerability requiring local access to the device, not directly exploitable over the internet.

🏢 Internal Only: HIGH - Malicious apps or users with physical access can exploit this to gain system privileges on vulnerable Android devices within an organization.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires local access to the device and knowledge of the vulnerability, but no user interaction is needed once an app is installed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Android 14 and later

Vendor Advisory: https://source.android.com/docs/security/bulletin/android-14

Restart Required: Yes

Instructions:

1. Check for Android system updates in Settings > System > System update. 2. Install Android 14 or later security update. 3. Reboot device after installation completes.

🔧 Temporary Workarounds

Restrict app installations

android

Only allow installation of apps from trusted sources like Google Play Store and disable unknown sources

Use Android Enterprise restrictions

android

For managed devices, use Android Enterprise policies to restrict app installations and permissions

🧯 If You Can't Patch

Isolate vulnerable devices from sensitive networks and data
Implement strict app whitelisting and only allow trusted applications

🔍 How to Verify

Check if Vulnerable:

Check Android version in Settings > About phone > Android version. If version is below 14, device is vulnerable.

Check Version:

adb shell getprop ro.build.version.release

Verify Fix Applied:

Verify Android version is 14 or higher in Settings > About phone > Android version and check that latest security patch is installed.

📡 Detection & Monitoring

Log Indicators:

Unusual privilege escalation attempts in system logs
Suspicious audio service crashes or restarts

Network Indicators:

Unusual network activity from system-level processes

SIEM Query:

Process elevation from non-system to system context on Android devices

📊 Metadata

CVE ID: CVE-2023-21355

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-416

Published: October 30, 2023

Last Updated: November 21, 2024

🔗 References

https://source.android.com/docs/security/bulletin/android-14 Vendor Advisory
https://source.android.com/docs/security/bulletin/android-14 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-21355, you might also want to check these: