CVE-2023-20928

In binder_vma_close of binder.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-254837884References: Upstream kernel
Configurations

Configuration 1 (hide)

cpe:2.3:o:google:android:-:*:*:*:*:*:*:*

History

06 Feb 2023, 19:15

Type Values Removed Values Added
References
  • (MISC) http://packetstormsecurity.com/files/170855/Android-Binder-VMA-Management-Security-Issues.html -

01 Feb 2023, 19:24

Type Values Removed Values Added
CPE cpe:2.3:o:google:android:-:*:*:*:*:*:*:*
First Time Google android
Google
CWE CWE-667
CWE-416
References (MISC) https://source.android.com/security/bulletin/2023-01-01 - (MISC) https://source.android.com/security/bulletin/2023-01-01 - Vendor Advisory
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.8

26 Jan 2023, 21:18

Type Values Removed Values Added
New CVE

Information

Published : 2023-01-26 21:18

Updated : 2023-12-10 14:48


NVD link : CVE-2023-20928

Mitre link : CVE-2023-20928

CVE.ORG link : CVE-2023-20928


JSON object : View

Products Affected

google

  • android
CWE
CWE-416

Use After Free

CWE-667

Improper Locking