Lucene search

GoogleOSV:ASB-A-264029575

HistoryApr 01, 2023 - 12:00 a.m.

Privilege escalation may be achieved by exploiting a buffer overflow in the implementation of USB accessory gadget.

2023-04-0100:00:00

Google

osv.dev

privilege escalation

usb accessory

buffer overflow

access control

bounds check

user interaction

6.6 Medium

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

0.0005 Low

EPSS

Percentile

17.8%

JSON

In acc_ctrlrequest_composite of f_accessory.c, there is a possible out of bounds write due to a missing bounds check. This could lead to physical escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

CPENameOperatorVersion
:linux_kernel:eqKernel

CPE	Name	Operator	Version
	:linux_kernel:	eq	Kernel

References

android.googlesource.com/kernel/common/+/f63204236560b6f38b6e015c53eb6304d9889791

source.android.com/security/bulletin/2023-04-01

6.6 Medium

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

0.0005 Low

EPSS

Percentile

17.8%

JSON

Related for OSV:ASB-A-264029575