GoogleOSV:ASB-A-257443051GKI kernels contain broken non-upstream Speculative Page Faults MM code
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.0004 Low
EPSS
Percentile
5.1%
In several functions of the Android Linux kernel, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
| CPE | Name | Operator | Version |
|---|---|---|---|
| :linux_kernel: | eq | Kernel |
References
android.googlesource.com/kernel/common/+/3f311327f910e5c73d5bd602a80afcad371e83cd
android.googlesource.com/kernel/common/+/4ea18cd059a4986a6a6f94a7f6d019b750bece65
android.googlesource.com/kernel/common/+/50d2b75b860a6495aac6127a27f75b309e91b689
android.googlesource.com/kernel/common/+/533a88fed7d0107eff64d723d853e9a2c4a1053c
android.googlesource.com/kernel/common/+/5844c8e7aaa946341f0d30441adc8f2cd97efbfc
android.googlesource.com/kernel/common/+/a1f65b39ba08a0f24bde9f07921ff48277761132
android.googlesource.com/kernel/common/+/ca96bd7bf10e62eccc583726be502f219ab02c1e
source.android.com/security/bulletin/2023-02-01
Related
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.0004 Low
EPSS
Percentile
5.1%