Lucene search

[email protected]CVE-2023-35690

HistoryDec 04, 2023 - 11:15 p.m.

CVE-2023-35690

2023-12-0423:15:23

[email protected]

web.nvd.nist.gov

elevation of privilege

cve-2023-35690

nvd

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.8

Confidence

High

EPSS

0.001

Percentile

32.0%

JSON

In RGXDestroyHWRTData of rgxta3d.c, there is a possible arbitrary code execution due to an uncaught exception. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.

Affected configurations

NVD

Node

googleandroidMatch-

CPENameOperatorVersion
google:androidgoogle androideq-

CPE	Name	Operator	Version
google:android	google android	eq	-

CNA Affected

[
  {
    "vendor": "Google",
    "product": "Android",
    "versions": [
      {
        "version": "Android SoC",
        "status": "affected"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

References

source.android.com/security/bulletin/2023-12-01

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.8

Confidence

High

EPSS

0.001

Percentile

32.0%

JSON

Related for CVE-2023-35690

nvd1 cvelist1 prion1