Lucene search
GoogleOSV:ASB-A-264029575HistoryApr 01, 2023 - 12:00 a.m.
Privilege escalation may be achieved by exploiting a buffer overflow in the implementation of USB accessory gadget.
2023-04-0100:00:00
Google
osv.dev
12
privilege escalation
usb accessory
buffer overflow
access control
bounds check
user interaction
CVSS3
6.6
Attack Vector
PHYSICAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
0.001
Percentile
17.6%
In acc_ctrlrequest_composite of f_accessory.c, there is a possible out of bounds write due to a missing bounds check. This could lead to physical escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
Related
cve
cve
CVE-2023-20941
2023-04-19 20:15:11
cnvd
cnvd
Google Android elevation of privilege vulnerability (CNVD-2023-55367)
2023-04-23 00:00:00
ubuntucve
ubuntucve
CVE-2023-20941
2023-04-19 00:00:00
cvelist
cvelist
CVE-2023-20941
2023-04-19 00:00:00
nvd
nvd
CVE-2023-20941
2023-04-19 20:15:11
prion
prion
Out-of-bounds
2023-04-19 20:15:00
debiancve
debiancve
CVE-2023-20941
2023-04-19 20:15:11
CVSS3
6.6
Attack Vector
PHYSICAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
0.001
Percentile
17.6%
Related for OSV:ASB-A-264029575