9.8

CVE-2023-40082

In modify_for_next_stage of fdt.rs, there is a possible way to render KASLR ineffective due to improperly used crypto. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
GoogleAndroid Version14.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.64% 0.458
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Es wurden noch keine Informationen zu CWE veröffentlicht.
https://source.android.com/security/bulletin/2023-12-01
Patch
Third Party Advisory
https://android.googlesource.com/platform/packages/modules/Virtualization/+/0cf463e9949db2d30755fc63a79225a6158928d3
Patch
Mailing List