Lucene search

[email protected]NVD:CVE-2023-21054

HistoryMar 24, 2023 - 8:15 p.m.

CVE-2023-21054

2023-03-2420:15:14

CWE-787

[email protected]

web.nvd.nist.gov

eutran_lcs_convertlcs_molrreq

out of bounds write

logic error

remote code execution

system execution privileges

android kernel

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

46.3%

JSON

In EUTRAN_LCS_ConvertLCS_MOLRReq of LPP_CommonUtil.c, there is a possible out of bounds write due to a logic error in the code. This could lead to remote code execution with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-244556535References: N/A

Affected configurations

Nvd

Node

googleandroidMatch-

VendorProductVersionCPE
googleandroid-cpe:2.3:o:google:android:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
google	android	-	cpe:2.3:o:google:android:-:::::::*

References

source.android.com/security/bulletin/pixel/2023-03-01

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

46.3%

JSON

Related for NVD:CVE-2023-21054

prion1 cvelist1 cve1