CVE-2023-40127

LOW

Android - Local Information Disclosure via Confused Deputy in Screenshot Access

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 5 public exploits for CVE-2023-40127. PoCs published by RenukaSelvar, saurabh2088, Trinadh465.

AI-analyzed exploit summary The repository contains patched source code for Android's MediaProvider, specifically addressing CVE-2023-40127. The changes include fixes in LegacyMediaScanner and MediaProvider, but no functional exploit code is present.

Description

In multiple locations, there is a possible way to access screenshots due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Exploits (5)

nomisec WRITEUP
by RenukaSelvar · poc
https://github.com/RenukaSelvar/packages_providers_MediaProvider_CVE-2023-40127

The repository contains patched source code for Android's MediaProvider, specifically addressing CVE-2023-40127. The changes include fixes in LegacyMediaScanner and MediaProvider, but no functional exploit code is present.

Classification
Writeup 90%
Attack Type
Other
Complexity
Moderate
Reliability
Theoretical
Target: Android MediaProvider (versions affected by CVE-2023-40127)
No auth needed
Prerequisites: Access to vulnerable Android device · Ability to trigger media scanning
devstral-2 · analyzed Feb 18, 2026 Full analysis →
nomisec WRITEUP
by RenukaSelvar · poc
https://github.com/RenukaSelvar/platform_packages_providers_MediaProvider_CVE-2023-40127

The repository contains patched source code for Android's MediaProvider and related components, addressing CVE-2023-40127. The changes appear to focus on input validation and path canonicalization in media scanning functionality.

Classification
Writeup 90%
Attack Type
Other
Complexity
Moderate
Reliability
Theoretical
Target: Android MediaProvider (AOSP)
No auth needed
Prerequisites: Access to Android device with vulnerable MediaProvider
devstral-2 · analyzed Feb 18, 2026 Full analysis →
nomisec WRITEUP
by saurabh2088 · poc
https://github.com/saurabh2088/platform_packages_providers_MediaProvider_CVE-2023-40127

The repository contains source code files related to CVE-2023-40127, specifically focusing on the MediaProvider and LegacyMediaScanner components in Android. It provides technical details about the implementation but lacks explicit exploit code or a detailed vulnerability analysis.

Classification
Writeup 90%
Attack Type
Other
Complexity
Moderate
Reliability
Theoretical
Target: Android MediaProvider
No auth needed
Prerequisites: Access to Android system with vulnerable MediaProvider
devstral-2 · analyzed Feb 18, 2026 Full analysis →
nomisec WRITEUP
by Trinadh465 · poc
https://github.com/Trinadh465/CVE-2023-40127

The repository contains partial Android MediaProvider and MediaScanner source code, likely intended to illustrate the vulnerability context for CVE-2023-40127. However, it lacks exploit code or a detailed technical analysis of the vulnerability itself.

Classification
Writeup 90%
Attack Type
Other
Complexity
Moderate
Reliability
Theoretical
Target: Android MediaProvider
No auth needed
Prerequisites: Access to Android device with vulnerable MediaProvider
devstral-2 · analyzed Feb 18, 2026 Full analysis →
nomisec WRITEUP
by Trinadh465 · poc
https://github.com/Trinadh465/platform_packages_providers_MediaProvider_CVE-2023-40127

This repository contains source code files from the Android MediaProvider component, specifically related to CVE-2023-40127. The files include various classes such as MediaProvider, MediaScannerService, and related utilities, but there is no explicit exploit code or proof-of-concept. The content appears to be a snapshot of the vulnerable codebase for analysis purposes.

Classification
Writeup 90%
Attack Type
Other
Complexity
Moderate
Reliability
Theoretical
Target: Android MediaProvider
No auth needed
Prerequisites: Access to vulnerable Android device · Knowledge of Android MediaProvider internals
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (2)

Core 2

Scores

CVSS v3 3.3
EPSS 0.0018
EPSS Percentile 8.1%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact partial

Details

Status published
Products (4)
google/android 11.0
google/android 12.0
google/android 12.1
google/android 13.0
Published Oct 27, 2023
Tracked Since Feb 18, 2026