Ubuntu.comUB:CVE-2023-21106CVE-2023-21106
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
4.3 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:S/C:P/I:P/A:P
0.0004 Low
EPSS
Percentile
5.2%
In adreno_set_param of adreno_gpu.c, there is a possible memory corruption
due to a double free. This could lead to local escalation of privilege with
no additional execution privileges needed. User interaction is not needed
for exploitation.Product: AndroidVersions: Android kernelAndroid ID:
A-265016072References: Upstream kernel
Notes
| Author | Note |
|---|---|
| sbeattie | this affects the Qualcomm ARM Adreno GPU driver. |
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| ubuntu | 22.10 | noarch | linux | < 5.19.0-42.43 | UNKNOWN |
| ubuntu | 22.10 | noarch | linux-aws | < 5.19.0-1025.26 | UNKNOWN |
| ubuntu | 22.10 | noarch | linux-azure | < 5.19.0-1026.29 | UNKNOWN |
| ubuntu | 22.04 | noarch | linux-azure-5.19 | < 5.19.0-1026.29~22.04.1 | UNKNOWN |
| ubuntu | 22.10 | noarch | linux-gcp | < 5.19.0-1024.26 | UNKNOWN |
| ubuntu | 24.04 | noarch | linux-gke | < any | UNKNOWN |
| ubuntu | 22.04 | noarch | linux-hwe-5.19 | < 5.19.0-42.43~22.04.1 | UNKNOWN |
| ubuntu | 22.10 | noarch | linux-ibm | < 5.19.0-1022.24 | UNKNOWN |
| ubuntu | 22.10 | noarch | linux-kvm | < 5.19.0-1023.24 | UNKNOWN |
| ubuntu | 22.10 | noarch | linux-lowlatency | < 5.19.0-1024.25 | UNKNOWN |
References
git.kernel.org/linus/a66f1efcf748febea7758c4c3c8b5bc5294949ef (6.2-rc5)
launchpad.net/bugs/cve/CVE-2023-21106
lore.kernel.org/all/[email protected]/
nvd.nist.gov/vuln/detail/CVE-2023-21106
patchwork.freedesktop.org/patch/517778/
security-tracker.debian.org/tracker/CVE-2023-21106
ubuntu.com/security/notices/USN-6079-1
ubuntu.com/security/notices/USN-6091-1
ubuntu.com/security/notices/USN-6096-1
ubuntu.com/security/notices/USN-6248-1
www.cve.org/CVERecord?id=CVE-2023-21106
Related
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
4.3 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:S/C:P/I:P/A:P
0.0004 Low
EPSS
Percentile
5.2%