CVE-2023-21164

2023-12-0422:40:47

google_android

www.cve.org

arbitrary code execution

local privilege escalation

kernel vulnerability

use after free

devicemem_server.c

AI Score

9.2

Confidence

High

EPSS

0.001

Percentile

32.0%

JSON

In DevmemIntMapPMR of devicemem_server.c, there is a possible arbitrary code execution due to a use after free. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.

CNA Affected

[
  {
    "vendor": "Google",
    "product": "Android",
    "versions": [
      {
        "version": "Android SoC",
        "status": "affected"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

References

source.android.com/security/bulletin/2023-12-01