GoogleOSV:ASB-A-238177877[nfc_nci_nxp.so OOB Read Vulnerability]
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
0.0004 Low
EPSS
Percentile
5.1%
In SendIncDecRestoreCmdPart2 of NxpMfcReader.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
| CPE | Name | Operator | Version |
|---|---|---|---|
| platform/hardware/nxp/nfc | eq | 13 | |
| platform/hardware/nxp/nfc | eq | 12L | |
| platform/hardware/nxp/nfc | eq | 11 | |
| platform/hardware/nxp/nfc | eq | 12 |
References
android.googlesource.com/platform/hardware/nxp/nfc/+/1164ee536ecf6504e73dcaac0ccb1ee887f3a19c
android.googlesource.com/platform/hardware/nxp/nfc/+/334645060efe1ef0889385512f74513ea1bb29a2
android.googlesource.com/platform/hardware/nxp/nfc/+/50779bfee26842816f0c241f5dc5a8b8b5f12f37
source.android.com/security/bulletin/2023-04-01
Related
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
0.0004 Low
EPSS
Percentile
5.1%