CVE-2023-21115 is a vulnerability in Google Android
Published on June 15, 2023

In btm_sec_encrypt_change of btm_sec.cc, there is a possible way to downgrade the link key type due to improperly used crypto. This could lead to paired device escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12LAndroid ID: A-258834033

Vendor Advisory NVD

Vulnerability Analysis

Use of a Broken or Risky Cryptographic Algorithm

The use of a broken or risky cryptographic algorithm is an unnecessary risk that may result in the exposure of sensitive information. The use of a non-standard algorithm is dangerous because a determined attacker may be able to break the algorithm and compromise whatever data has been protected. Well-known techniques may exist to break the algorithm.

Products Associated with CVE-2023-21115

You can be notified by stack.watch whenever vulnerabilities like CVE-2023-21115 are published in these products:

Google Android

What versions of Android are vulnerable to CVE-2023-21115?

Google Android Version 11.0
Google Android Version 12.0
Google Android Version 12.1

CVE-2023-21115 is a vulnerability in Google AndroidPublished on June 15, 2023

Vulnerability Analysis

Use of a Broken or Risky Cryptographic Algorithm

Products Associated with CVE-2023-21115

What versions of Android are vulnerable to CVE-2023-21115?

CVE-2023-21115 is a vulnerability in Google Android
Published on June 15, 2023