CVE-2023-44128

he vulnerability is to delete arbitrary files in LGInstallService ("com.lge.lginstallservies") app. The app contains the exported "com.lge.lginstallservies.InstallService" service that exposes an AIDL interface. All its "installPackage*" methods are finally calling the "installPackageVerify()" method that performs signature validation after the delete file method. An attacker can control conditions so this security check is never performed and an attacker-controlled file is deleted.

CVSS v3 3.6 LOW

3.6^/10

CVSS v3 : LOW

Vector :

Exploitability : 1.0 / Impact : 2.5

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://lgsecurity.lge.com/bulletins/mobile#updateDetails	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:google:android:*:*:*:*:*:*:*:*

cpe:2.3:h:lg:v60_thin_q_5g:-:*:*:*:*:*:*:*

History

02 Oct 2023, 18:20

Type	Values Removed	Values Added
First Time		Lg Lg v60 Thin Q 5g Google Google android
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 3.6
CWE		CWE-367
CPE		cpe:2.3:o:google:android:::::::: cpe:2.3:h:lg:v60_thin_q_5g:-:::::::*
References	~~(MISC) https://lgsecurity.lge.com/bulletins/mobile#updateDetails -~~	(MISC) https://lgsecurity.lge.com/bulletins/mobile#updateDetails - Vendor Advisory

27 Sep 2023, 15:19

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-09-27 15:19

Updated : 2023-12-10 15:14

NVD link : CVE-2023-44128

Mitre link : CVE-2023-44128

CVE.ORG link : CVE-2023-44128

JSON object : View

Products Affected

lg

v60_thin_q_5g

google

android

CWE

CWE-367

Time-of-check Time-of-use (TOCTOU) Race Condition

{"id": "CVE-2023-44128", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.6, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 2.5, "exploitabilityScore": 1.0}, {"type": "Secondary", "source": "product.security@lge.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.0, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 1.8}]}, "published": "2023-09-27T15:19:37.217", "references": [{"url": "https://lgsecurity.lge.com/bulletins/mobile#updateDetails", "tags": ["Vendor Advisory"], "source": "product.security@lge.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-367"}]}, {"type": "Secondary", "source": "product.security@lge.com", "description": [{"lang": "en", "value": "CWE-367"}]}], "descriptions": [{"lang": "en", "value": "he vulnerability is to delete arbitrary files in LGInstallService (\"com.lge.lginstallservies\") app. The app contains the exported \"com.lge.lginstallservies.InstallService\" service that exposes an AIDL interface. All its \"installPackage*\" methods are finally calling the \"installPackageVerify()\" method that performs signature validation after the delete file method. An attacker can control conditions so this security check is never performed and an attacker-controlled file is deleted."}, {"lang": "es", "value": "La vulnerabilidad consiste en eliminar archivos arbitrarios en la aplicaci\u00f3n LGInstallService (\"com.lge.lginstallservies\"). La aplicaci\u00f3n contiene el servicio \"com.lge.lginstallservies.InstallService\" exportado que expone una interfaz AIDL. Todos sus m\u00e9todos \"installPackage*\" finalmente llaman al m\u00e9todo \"installPackageVerify()\" que realiza la validaci\u00f3n de la firma despu\u00e9s del m\u00e9todo de eliminaci\u00f3n del archivo. Un atacante puede controlar las condiciones para que esta verificaci\u00f3n de seguridad nunca se realice y se elimine un archivo controlado por el atacante."}], "lastModified": "2023-10-02T18:20:59.393", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:google:android:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5D92B47F-F5BA-4C09-A194-4FE2D23CE28D", "versionEndIncluding": "13.0", "versionStartIncluding": "4.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:lg:v60_thin_q_5g:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "85B3B7D2-762E-4DD5-90F9-5246907748C4"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "product.security@lge.com"}