CVE-2023-21281

HIGH

Android - Local Privilege Escalation via KeyguardViewMediator Logic Error

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-21281. PoCs published by Trinadh465.

AI-analyzed exploit summary This repository contains a proof-of-concept for CVE-2023-21281, an autofill-related vulnerability in Android. The test cases demonstrate the exploitation of autofill service behavior, including scenarios where the service is disabled, returns null responses, or autofills both username and password fields.

Description

In multiple functions of KeyguardViewMediator.java, there is a possible failure to lock after screen timeout due to a logic error in the code. This could lead to local escalation of privilege across users with no additional execution privileges needed. User interaction is not needed for exploitation.

Exploits (1)

nomisec WORKING POC
by Trinadh465 · poc
https://github.com/Trinadh465/platform_frameworks_base_CVE-2023-21281

This repository contains a proof-of-concept for CVE-2023-21281, an autofill-related vulnerability in Android. The test cases demonstrate the exploitation of autofill service behavior, including scenarios where the service is disabled, returns null responses, or autofills both username and password fields.

Classification
Working Poc 90%
Attack Type
Other
Complexity
Moderate
Reliability
Reliable
Target: Android (specific version not explicitly stated in the provided code)
No auth needed
Prerequisites: Access to an Android device with the vulnerable autofill service
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Scores

CVSS v3 7.8
EPSS 0.0019
EPSS Percentile 8.4%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

Status published
Products (4)
google/android 11.0
google/android 12.0
google/android 12.1
google/android 13.0
Published Aug 14, 2023
Tracked Since Feb 18, 2026