CVE-2023-20924

Published Jan 26, 2023

Last updated 2 years ago

Overview

Description: In (TBD) of (TBD), there is a possible way to bypass the lockscreen due to Biometric Auth Failure. This could lead to local escalation of privilege with physical access to the device with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-240428519References: N/A
Source: security@android.com
NVD status: Analyzed

Hype score: Not currently trending

Risk scores

CVSS 3.1

Type: Primary
Base score: 6.8
Impact score: 5.9
Exploitability score: 0.9
Vector string: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: MEDIUM

Weaknesses

nvd@nist.gov: CWE-287

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References