Lucene search
HistoryDec 04, 2023 - 11:15 p.m.
CVE-2023-40077
uaf write
metadatabase.cpp
remote privilege escalation
race condition
8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
0.001 Low
EPSS
Percentile
39.4%
In multiple functions of MetaDataBase.cpp, there is a possible UAF write due to a race condition. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Affected configurations
Node
googleandroidMatch11.0
ORgoogleandroidMatch12.0
ORgoogleandroidMatch12.1
ORgoogleandroidMatch13.0
ORgoogleandroidMatch14.0
Related
prion
prion
Race condition
2023-12-04 23:15:00
cnvd
cnvd
Google Android elevation of privilege vulnerability (CNVD-2024-07114)
2023-12-06 00:00:00
cvelist
cvelist
CVE-2023-40077
2023-12-04 22:40:50
osv
osv
use-after-free in libstagefright_httplive
2023-12-01 00:00:00
cve
cve
CVE-2023-40077
2023-12-04 23:15:23
malwarebytes
malwarebytes
Android phones can be taken over remotely – update when you can
2023-12-07 12:07:42
8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
0.001 Low
EPSS
Percentile
39.4%
Related for NVD:CVE-2023-40077