CVE-2023-21374
Description
In System UI, there is a possible factory reset protection bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A logic error in Android System UI allows local escalation of privilege via factory reset protection bypass.
Vulnerability
A logic error in Android System UI allows a local attacker to bypass factory reset protection. The vulnerability exists in Android 14 prior to the 2023-10-01 security patch level. No user interaction is required for exploitation [1].
Exploitation
An attacker with local access and no additional execution privileges can trigger the logic error to bypass factory reset protection. User interaction is not needed; the attacker can exploit the vulnerability by executing a crafted application or using existing privileges on the device [1].
Impact
Successful exploitation leads to local escalation of privilege, enabling the attacker to bypass factory reset protection. This could allow the attacker to reset the device or gain elevated access to system functions, compromising device integrity and confidentiality [1].
Mitigation
The issue is fixed in Android 14 with the 2023-10-01 security patch level. Users should update their devices to this patch level or later. There are no reported workarounds. No active exploitation has been reported [1].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: < 14
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.