CVE-2023-21094 in Android
Summary
by MITRE • 04/19/2023
In sanitize of LayerState.cpp, there is a possible way to take over the screen display and swap the display content due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-248031255
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
by VulDB Data Team • 09/10/2025
The vulnerability identified as CVE-2023-21094 resides within the sanitize function of LayerState.cpp in Android operating systems spanning versions 11 through 13. This flaw represents a critical security weakness that allows for unauthorized screen manipulation through improper permission validation mechanisms. The issue manifests in the display layer management system where the sanitization process fails to properly verify user permissions before executing display content swaps. This missing permission check creates a pathway for malicious actors to potentially hijack screen display functionality and swap content without requiring additional execution privileges, effectively enabling local privilege escalation.
The technical implementation of this vulnerability stems from insufficient access control validation within the Android graphics layer subsystem. When the LayerState.cpp component processes display sanitization operations, it fails to validate whether the requesting process possesses adequate permissions to modify screen content. This weakness aligns with CWE-284, which addresses improper access control mechanisms, and specifically relates to inadequate permission checking in system-level components. The vulnerability operates at the Android framework level where display management occurs, making it particularly dangerous as it can be exploited by any local process with basic execution privileges, without requiring user interaction or additional attack vectors.
The operational impact of this vulnerability extends beyond simple display manipulation to encompass potential full system compromise through local privilege escalation. Attackers can leverage this flaw to swap display content, potentially redirecting users to malicious interfaces or displaying false information that could deceive users into performing actions that benefit the attacker. The absence of user interaction requirements makes this vulnerability particularly concerning as it can be exploited automatically without any human intervention. This type of vulnerability falls under ATT&CK technique T1068, which addresses local privilege escalation, and specifically targets the Android operating system's display management subsystem where unauthorized processes can gain elevated privileges through display manipulation.
Mitigation strategies for CVE-2023-21094 should focus on implementing robust permission validation within the LayerState.cpp sanitize function and strengthening access controls for display-related operations. Android developers and security teams should ensure that all display manipulation functions perform proper permission checks before executing any content swap operations. System updates and patches should enforce mandatory permission verification for all graphics layer operations, particularly those involving screen content modification. Organizations should also consider implementing additional monitoring for unusual display behavior patterns and establish comprehensive security auditing procedures for graphics layer components. The fix should align with Android security best practices and ensure that all display management operations require proper authorization tokens and process validation before execution.