Android InputMethodManagerService Local Priv Esc Improper Input Validation
CVE-2023-21192 Published on June 28, 2023

In setInputMethodWithSubtypeIdLocked of InputMethodManagerService.java, there is a possible way to setup input methods that are not enabled due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-227207653

NVD

Products Associated with CVE-2023-21192

Want to know whenever a new CVE is published for Google Android? stack.watch will email you.

Google Android

Exploit Probability

EPSS

0.02%

Percentile

6.63%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

Android InputMethodManagerService Local Priv Esc Improper Input ValidationCVE-2023-21192 Published on June 28, 2023

Products Associated with CVE-2023-21192

Exploit Probability

Android InputMethodManagerService Local Priv Esc Improper Input Validation
CVE-2023-21192 Published on June 28, 2023