CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
5.1%
In several functions of the Android Linux kernel, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
android.googlesource.com/kernel/common/+/3f311327f910e5c73d5bd602a80afcad371e83cd
android.googlesource.com/kernel/common/+/4ea18cd059a4986a6a6f94a7f6d019b750bece65
android.googlesource.com/kernel/common/+/50d2b75b860a6495aac6127a27f75b309e91b689
android.googlesource.com/kernel/common/+/533a88fed7d0107eff64d723d853e9a2c4a1053c
android.googlesource.com/kernel/common/+/5844c8e7aaa946341f0d30441adc8f2cd97efbfc
android.googlesource.com/kernel/common/+/a1f65b39ba08a0f24bde9f07921ff48277761132
android.googlesource.com/kernel/common/+/ca96bd7bf10e62eccc583726be502f219ab02c1e
source.android.com/security/bulletin/2023-02-01