CVE-2023-21378 – This vulnerability in Android's Telecomm compon... (How to Fix)

Q: What is the severity of CVE-2023-21378?

CVE-2023-21378 has a CVSS score of 7.8 (HIGH). This vulnerability in Android's Telecomm component allows secondary users to silence incoming calls without proper permission checks, enabling local privilege escalation. It affects Android devices running vulnerable versions, requiring no user interaction for exploitation.

📋 TL;DR

This vulnerability in Android's Telecomm component allows secondary users to silence incoming calls without proper permission checks, enabling local privilege escalation. It affects Android devices running vulnerable versions, requiring no user interaction for exploitation.

💻 Affected Systems

Products:

Android

Versions: Android versions before Android 14

Operating Systems: Android

Default Config Vulnerable: ⚠️ Yes

Notes: Affects devices with multiple user profiles enabled. Primary user devices with single user may be less vulnerable.

📦 What is this software?

Android by Google

View all CVEs affecting Android →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker with secondary user access could silence important calls (emergency, security alerts) and potentially combine with other vulnerabilities for further system compromise.

🟠

Likely Case

Malicious apps or users could silence calls to bypass security notifications or disrupt communication on shared devices.

🟢

If Mitigated

With proper Android security updates, the vulnerability is eliminated and permission checks are enforced.

🌐 Internet-Facing: LOW - This is a local privilege escalation requiring physical or secondary user access to the device.

🏢 Internal Only: MEDIUM - On shared or managed Android devices, secondary users could exploit this to disrupt communications.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires secondary user access but no special permissions. No user interaction needed once access is obtained.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Android 14 (October 2023 security update)

Vendor Advisory: https://source.android.com/docs/security/bulletin/android-14

Restart Required: Yes

Instructions:

1. Check for Android system updates in Settings > System > System update. 2. Install Android 14 update if available. 3. Restart device after installation. 4. Verify Android version is 14 or later.

🔧 Temporary Workarounds

Disable secondary user profiles

android

Remove or disable secondary user accounts to eliminate attack vector

Settings > System > Multiple users > Remove secondary users

Restrict app permissions

android

Review and restrict MODIFY_PHONE_STATE permissions for non-essential apps

Settings > Apps > [App Name] > Permissions > Phone > Deny

🧯 If You Can't Patch

Disable multiple user profiles on shared devices
Monitor for suspicious call silencing patterns and implement device usage policies

🔍 How to Verify

Check if Vulnerable:

Check Android version in Settings > About phone > Android version. If version is below 14, device is vulnerable.

Check Version:

adb shell getprop ro.build.version.release

Verify Fix Applied:

Verify Android version is 14 or later and check that October 2023 security patch is installed in Settings > About phone > Android version.

📡 Detection & Monitoring

Log Indicators:

Unexpected call silencing events in telephony logs
Permission denial logs for MODIFY_PHONE_STATE from secondary users

Network Indicators:

None - this is a local exploit

SIEM Query:

source="android_system" AND (event="call_silenced" OR permission="android.permission.MODIFY_PHONE_STATE") AND user_type="secondary"

📊 Metadata

CVE ID: CVE-2023-21378

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-862

Published: October 30, 2023

Last Updated: November 21, 2024

🔗 References

https://source.android.com/docs/security/bulletin/android-14 Vendor Advisory
https://source.android.com/docs/security/bulletin/android-14 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-21378, you might also want to check these: