Insecure Device Serial Number Exposure in Mobile Devices
CVE-2023-38301
Currently unrated
What is CVE-2023-38301?
An identified vulnerability in a third-party component affects a range of popular Android devices, where sensitive device serial numbers can be accessed without any explicit permissions. This issue arises from the exposure of the 'vendor.gsm.serial' system property, which is indirectly accessible to any local application because of the flawed design in the software builds. Although Android imposes restrictions on accessing non-resettable device identifiers, this vulnerability allows for exploitation through a high-privilege process, posing potential privacy risks to users. Device manufacturers must address this security flaw across their affected product models.