{"id":"ASB-A-258188673","details":"In multiple functions of cdm_engine.cpp, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-258188673","CVE-2023-21120"],"modified":"2026-04-28T15:17:37.552933Z","published":"2023-06-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2023-06-01"}],"affected":[{"package":{"name":":unknown:","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"SoCVersion:0"},{"fixed":"SoCVersion:2023-06-05"}]}],"versions":["SoCVersion"],"ecosystem_specific":{"types":["Unknown"],"severity":"High","spl":"2023-06-05"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-258188673.json"}}],"schema_version":"1.7.5"}