Login Sign Up

CVE-2023-40111

7.8 HIGH

📋 TL;DR

This vulnerability in Android's MediaSessionRecord allows a malicious app to send a pending intent on behalf of the system_server process, enabling local privilege escalation. It affects Android devices and requires user interaction for exploitation, meaning the user must install and interact with a malicious app.

💻 Affected Systems

Products:
  • Android
Versions: Android versions prior to the November 2023 security patch
Operating Systems: Android
Default Config Vulnerable: ⚠️ Yes
Notes: Affects devices running vulnerable Android versions; exploitation requires a malicious app to be installed and user interaction.

📦 What is this software?

Android by Google

View all CVEs affecting Android →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker gains full system-level privileges, potentially compromising the entire device, accessing sensitive data, or installing persistent malware.

🟠

Likely Case

A malicious app escalates its privileges to perform unauthorized actions like accessing protected system components or user data.

🟢

If Mitigated

With proper app vetting and user caution, exploitation is prevented, limiting impact to isolated app-level issues.

🌐 Internet-Facing: LOW, as exploitation requires local app installation and user interaction, not direct internet exposure.
🏢 Internal Only: MEDIUM, due to the risk from malicious apps installed on internal devices, but mitigated by user interaction requirements.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires crafting a malicious app and tricking the user into interacting with it; no public proof-of-concept is known.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Android security patch level November 2023 or later

Vendor Advisory: https://source.android.com/security/bulletin/2023-11-01

Restart Required: Yes

Instructions:

1. Check for system updates in device settings. 2. Apply the November 2023 Android security patch or later. 3. Restart the device after installation.

🔧 Temporary Workarounds

Restrict app installations

all

Only install apps from trusted sources like Google Play Store to reduce risk of malicious apps.

Disable unknown sources

all

Turn off installation from unknown sources in device security settings.

🧯 If You Can't Patch

  • Monitor for suspicious app behavior and uninstall untrusted apps.
  • Implement mobile device management (MDM) to control app installations and enforce security policies.

🔍 How to Verify

Check if Vulnerable:

Check the Android security patch level in Settings > About phone > Android version. If it's earlier than November 2023, the device is vulnerable.

Check Version:

On Android, use: adb shell getprop ro.build.version.security_patch

Verify Fix Applied:

Confirm the security patch level is November 2023 or later in device settings after applying the update.

📡 Detection & Monitoring

Log Indicators:

  • Unusual system_server activity or pending intent errors in Android logs

Network Indicators:

  • None, as this is a local privilege escalation vulnerability

SIEM Query:

Not applicable for typical SIEM; monitor device logs for anomalies in system_server processes.

📊 Metadata

CVE ID: CVE-2023-40111
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-441
Published: February 15, 2024
Last Updated: March 29, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-40111, you might also want to check these:

CVE-2021-20042 9.8

CVE-2021-20042 allows unauthenticated remote attackers to use SonicWall SMA 100 series appliances as...

Same vulnerability type (CWE-441)
CVE-2025-64123 9.8

This vulnerability in Nuvation Energy Multi-Stack Controller allows the device to act as an unintend...

Same vulnerability type (CWE-441)
CVE-2025-11393 8.7

A misconfigured proxy in runtimes-inventory-rhel8-operator attaches cluster administrative credentia...

Same vulnerability type (CWE-441)