CVE-2023-35685 (GCVE-0-2023-35685)

Vulnerability from cvelistv5 – Published: 2025-01-08 17:35 – Updated: 2025-01-31 17:59
VLAI?
Summary
In DevmemIntMapPages of devicemem_server.c, there is a possible physical page uaf due to a logic error in the code. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity ?
7.8 (High)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE
Assigner
References
Impacted products
Vendor Product Version
Google Android Affected: Android SoC
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 7.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2023-35685",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-10T19:26:37.229378Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-416",
                "description": "CWE-416 Use After Free",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-01-31T17:59:16.638Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Android",
          "vendor": "Google",
          "versions": [
            {
              "status": "affected",
              "version": "Android SoC"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003eIn DevmemIntMapPages of devicemem_server.c, there is a possible physical\u003c/span\u003e\u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003e\u0026nbsp;page uaf due to a logic error in the code. This could lead to local\u0026nbsp;\u003c/span\u003e\u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003eescalation of privilege in the kernel with no additional execution\u0026nbsp;\u003c/span\u003e\u003cspan style=\"background-color: rgb(252, 252, 252);\"\u003eprivileges needed. User interaction is not needed for exploitation.\u003c/span\u003e\u003cbr\u003e"
            }
          ],
          "value": "In DevmemIntMapPages of devicemem_server.c, there is a possible physical\u00a0page uaf due to a logic error in the code. This could lead to local\u00a0escalation of privilege in the kernel with no additional execution\u00a0privileges needed. User interaction is not needed for exploitation."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-01-17T23:22:38.410Z",
        "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
        "shortName": "google_android"
      },
      "references": [
        {
          "url": "https://issuetracker.google.com/issues/42420027"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
    "assignerShortName": "google_android",
    "cveId": "CVE-2023-35685",
    "datePublished": "2025-01-08T17:35:14.462Z",
    "dateReserved": "2023-06-15T02:50:33.961Z",
    "dateUpdated": "2025-01-31T17:59:16.638Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:google:android:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"In DevmemIntMapPages of devicemem_server.c, there is a possible physical\\u00a0page uaf due to a logic error in the code. This could lead to local\\u00a0escalation of privilege in the kernel with no additional execution\\u00a0privileges needed. User interaction is not needed for exploitation.\"}, {\"lang\": \"es\", \"value\": \"En DevmemIntMapPages de devicemem_server.c, existe una posible p\\u00e1gina f\\u00edsica uaf debido a un error l\\u00f3gico en el c\\u00f3digo. Esto podr\\u00eda provocar una escalada local de privilegios en el n\\u00facleo sin necesidad de permisos de ejecuci\\u00f3n adicionales. No se necesita interacci\\u00f3n del usuario para la explotaci\\u00f3n.\"}]",
      "id": "CVE-2023-35685",
      "lastModified": "2025-01-10T15:30:48.627",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 7.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 5.9}]}",
      "published": "2025-01-08T18:15:15.033",
      "references": "[{\"url\": \"https://issuetracker.google.com/issues/42420027\", \"source\": \"security@android.com\", \"tags\": [\"Exploit\", \"Mailing List\"]}]",
      "sourceIdentifier": "security@android.com",
      "vulnStatus": "Analyzed",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-35685\",\"sourceIdentifier\":\"security@android.com\",\"published\":\"2025-01-08T18:15:15.033\",\"lastModified\":\"2025-01-31T18:15:34.180\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In DevmemIntMapPages of devicemem_server.c, there is a possible physical\u00a0page uaf due to a logic error in the code. This could lead to local\u00a0escalation of privilege in the kernel with no additional execution\u00a0privileges needed. User interaction is not needed for exploitation.\"},{\"lang\":\"es\",\"value\":\"En DevmemIntMapPages de devicemem_server.c, existe una posible p\u00e1gina f\u00edsica uaf debido a un error l\u00f3gico en el c\u00f3digo. Esto podr\u00eda provocar una escalada local de privilegios en el n\u00facleo sin necesidad de permisos de ejecuci\u00f3n adicionales. No se necesita interacci\u00f3n del usuario para la explotaci\u00f3n.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-416\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26\"}]}]}],\"references\":[{\"url\":\"https://issuetracker.google.com/issues/42420027\",\"source\":\"security@android.com\",\"tags\":[\"Exploit\",\"Mailing List\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.8, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-35685\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-01-10T19:26:37.229378Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-416\", \"description\": \"CWE-416 Use After Free\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-01-14T17:26:19.655Z\"}}], \"cna\": {\"source\": {\"discovery\": \"UNKNOWN\"}, \"affected\": [{\"vendor\": \"Google\", \"product\": \"Android\", \"versions\": [{\"status\": \"affected\", \"version\": \"Android SoC\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://issuetracker.google.com/issues/42420027\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"In DevmemIntMapPages of devicemem_server.c, there is a possible physical\\u00a0page uaf due to a logic error in the code. This could lead to local\\u00a0escalation of privilege in the kernel with no additional execution\\u00a0privileges needed. User interaction is not needed for exploitation.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cspan style=\\\"background-color: rgb(252, 252, 252);\\\"\u003eIn DevmemIntMapPages of devicemem_server.c, there is a possible physical\u003c/span\u003e\u003cspan style=\\\"background-color: rgb(252, 252, 252);\\\"\u003e\u0026nbsp;page uaf due to a logic error in the code. This could lead to local\u0026nbsp;\u003c/span\u003e\u003cspan style=\\\"background-color: rgb(252, 252, 252);\\\"\u003eescalation of privilege in the kernel with no additional execution\u0026nbsp;\u003c/span\u003e\u003cspan style=\\\"background-color: rgb(252, 252, 252);\\\"\u003eprivileges needed. User interaction is not needed for exploitation.\u003c/span\u003e\u003cbr\u003e\", \"base64\": false}]}], \"providerMetadata\": {\"orgId\": \"baff130e-b8d5-4e15-b3d3-c3cf5d5545c6\", \"shortName\": \"google_android\", \"dateUpdated\": \"2025-01-17T23:22:38.410Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2023-35685\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-01-31T17:59:16.638Z\", \"dateReserved\": \"2023-06-15T02:50:33.961Z\", \"assignerOrgId\": \"baff130e-b8d5-4e15-b3d3-c3cf5d5545c6\", \"datePublished\": \"2025-01-08T17:35:14.462Z\", \"assignerShortName\": \"google_android\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.