In rw_i93_send_to_upper of rw_i93.cc, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
References
Link | Resource |
---|---|
https://android.googlesource.com/platform/system/nfc/+/907d17eeefec6f672ea824e126406e6d8f6b56d8 | Patch |
https://source.android.com/security/bulletin/2023-07-01 | Patch Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
25 Jul 2023, 16:35
Type | Values Removed | Values Added |
---|---|---|
First Time |
Google android
|
|
CPE | cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:* cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:* cpe:2.3:o:google:android:12.1:*:*:*:*:*:*:* cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:* |
|
CWE | CWE-190 | |
References | (MISC) https://android.googlesource.com/platform/system/nfc/+/907d17eeefec6f672ea824e126406e6d8f6b56d8 - Patch | |
References | (MISC) https://source.android.com/security/bulletin/2023-07-01 - Patch, Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.8 |
13 Jul 2023, 00:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-07-13 00:15
Updated : 2023-12-10 15:14
NVD link : CVE-2023-21241
Mitre link : CVE-2023-21241
CVE.ORG link : CVE-2023-21241
JSON object : View
Products Affected
- android
CWE
CWE-190
Integer Overflow or Wraparound