CVE-2023-35685

In DevmemIntMapPages of devicemem_server.c, there is a possible physical page uaf due to a logic error in the code. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.

CVSS v3 7.8 HIGH

7.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://issuetracker.google.com/issues/42420027	Exploit Mailing List

Configurations

Configuration 1 (hide)

cpe:2.3:o:google:android:-:*:*:*:*:*:*:*

History

31 Jan 2025, 18:15

Type	Values Removed	Values Added
CWE		CWE-416

10 Jan 2025, 15:30

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 7.8
CPE		cpe:2.3:o:google:android:-:::::::*
CWE		NVD-CWE-noinfo
First Time		Google Google android
References	~~() https://issuetracker.google.com/issues/42420027 -~~	() https://issuetracker.google.com/issues/42420027 - Exploit, Mailing List
Summary		(es) En DevmemIntMapPages de devicemem_server.c, existe una posible página física uaf debido a un error lógico en el código. Esto podría provocar una escalada local de privilegios en el núcleo sin necesidad de permisos de ejecución adicionales. No se necesita interacción del usuario para la explotación.

08 Jan 2025, 18:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-01-08 18:15

Updated : 2025-01-31 18:15

NVD link : CVE-2023-35685

Mitre link : CVE-2023-35685

CVE.ORG link : CVE-2023-35685

JSON object : View

Products Affected

google

android

CWE

NVD-CWE-noinfo CWE-416

Use After Free

{"id": "CVE-2023-35685", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2025-01-08T18:15:15.033", "references": [{"url": "https://issuetracker.google.com/issues/42420027", "tags": ["Exploit", "Mailing List"], "source": "security@android.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-416"}]}], "descriptions": [{"lang": "en", "value": "In DevmemIntMapPages of devicemem_server.c, there is a possible physical\u00a0page uaf due to a logic error in the code. This could lead to local\u00a0escalation of privilege in the kernel with no additional execution\u00a0privileges needed. User interaction is not needed for exploitation."}, {"lang": "es", "value": "En DevmemIntMapPages de devicemem_server.c, existe una posible p\u00e1gina f\u00edsica uaf debido a un error l\u00f3gico en el c\u00f3digo. Esto podr\u00eda provocar una escalada local de privilegios en el n\u00facleo sin necesidad de permisos de ejecuci\u00f3n adicionales. No se necesita interacci\u00f3n del usuario para la explotaci\u00f3n."}], "lastModified": "2025-01-31T18:15:34.180", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26"}], "operator": "OR"}]}], "sourceIdentifier": "security@android.com"}