CVE-2023-40085

2024-02-1619:15:08

google_android

web.nvd.nist.gov

5191

cve-2023-40085

information security

local information disclosure

bounds check

shimconverter

nvd

AI Score

Confidence

High

EPSS

Percentile

9.0%

JSON

In convertSubgraphFromHAL of ShimConverter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

Affected configurations

Vulners

Node

googleandroidMatch13

googleandroidMatch12l

googleandroidMatch13

googleandroidMatch12l

googleandroidMatch12

VendorProductVersionCPE
googleandroid13cpe:2.3:o:google:android:13:*:*:*:*:*:*:*
googleandroid12lcpe:2.3:o:google:android:12l:*:*:*:*:*:*:*
googleandroid12cpe:2.3:o:google:android:12:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
google	android	13	cpe:2.3:o:google:android:13:::::::*
google	android	12l	cpe:2.3:o:google:android:12l:::::::*
google	android	12	cpe:2.3:o:google:android:12:::::::*

CNA Affected

[
  {
    "vendor": "Google",
    "product": "Android",
    "versions": [
      {
        "version": "13",
        "status": "affected"
      },
      {
        "version": "12L",
        "status": "affected"
      },
      {
        "version": "12",
        "status": "affected"
      }
    ],
    "defaultStatus": "unaffected"
  }
]