CVE-2023-21271

MEDIUM

Google Android - Out-of-Bounds Read

Title source: rule

Description

In parseInputs of ShimPreparedModel.cpp, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

References (2)

Core 2

Core References

Patch

https://android.googlesource.com/platform/packages/modules/NeuralNetworks/+/e44e1064ccec2aa09fc66bd750d66919129ae6b4

Vendor Advisory

https://source.android.com/security/bulletin/2023-08-01

Scores

CVSS v3 5.5

EPSS 0.0002

EPSS Percentile 6.0%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-125

Status published

Products (3)

google/android 12.0

google/android 12.1

google/android 13.0

Published Aug 14, 2023

Tracked Since Feb 18, 2026