Android Pixel Information Disclosure Vulnerability
Summary
| CVE | CVE-2023-21237 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2023-06-28 18:15:00 UTC |
| Updated | 2023-07-06 13:06:00 UTC |
| Description | In applyRemoteView of NotificationContentInflater.java, there is a possible way to hide foreground service notification due to misleading or insufficient UI. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-251586912 |
Risk And Classification
EPSS: 0.007240000 probability, percentile 0.725040000 (date 2026-04-02)
CISA KEV: Listed on 2024-03-05; due 2024-03-26; ransomware use Unknown
Problem Types: NVD-CWE-noinfo
CISA Known Exploited Vulnerability
| Vendor | Android |
|---|---|
| Product | Pixel |
| Name | Android Pixel Information Disclosure Vulnerability |
| Required Action | Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. |
| Notes | https://source.android.com/docs/security/bulletin/pixel/2023-06-01; https://nvd.nist.gov/vuln/detail/CVE-2023-21237 |
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Pixel Update Bulletin—June 2023 | Android Open Source Project | MISC | source.android.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
| CISA Known Exploited Vulnerabilities catalog | CISA | www.cisa.gov | kev |
No vendor comments have been submitted for this CVE.