CVE-2023-21215

2023-12-0422:40:47

google_android

www.cve.org

cve-2023-21215

devmemintacquireremotectx

arbitrary code execution

local privilege escalation

kernel

race condition

AI Score

9.2

Confidence

High

EPSS

0.001

Percentile

32.0%

JSON

In DevmemIntAcquireRemoteCtx of devicemem_server.c, there is a possible arbitrary code execution due to a race condition. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.

CNA Affected

[
  {
    "vendor": "Google",
    "product": "Android",
    "versions": [
      {
        "version": "Android SoC",
        "status": "affected"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

References

source.android.com/security/bulletin/2023-12-01