gsd-2023-40107
Vulnerability from gsd
Modified
2023-12-13 01:20
Details
In ARTPWriter of ARTPWriter.cpp, there is a possible use after free due to uninitialized data. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2023-40107",
"id": "GSD-2023-40107"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2023-40107"
],
"details": "In ARTPWriter of ARTPWriter.cpp, there is a possible use after free due to uninitialized data. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.",
"id": "GSD-2023-40107",
"modified": "2023-12-13T01:20:43.710062Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2023-40107",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "14"
},
{
"version_affected": "=",
"version_value": "13"
},
{
"version_affected": "=",
"version_value": "12L"
},
{
"version_affected": "=",
"version_value": "12"
}
]
}
}
]
},
"vendor_name": "Google"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In ARTPWriter of ARTPWriter.cpp, there is a possible use after free due to uninitialized data. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://android.googlesource.com/platform/frameworks/av/+/acb81624b4f50fed52cb1b3829809ee2f7377093",
"refsource": "MISC",
"url": "https://android.googlesource.com/platform/frameworks/av/+/acb81624b4f50fed52cb1b3829809ee2f7377093"
},
{
"name": "https://source.android.com/security/bulletin/2023-11-01",
"refsource": "MISC",
"url": "https://source.android.com/security/bulletin/2023-11-01"
}
]
}
},
"nvd.nist.gov": {
"cve": {
"descriptions": [
{
"lang": "en",
"value": "In ARTPWriter of ARTPWriter.cpp, there is a possible use after free due to uninitialized data. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation."
},
{
"lang": "es",
"value": "En ARTPWriter de ARTPWriter.cpp, existe un posible use after free debido a datos no inicializados. Esto podr\u00eda conducir a una escalada local de privilegios sin necesidad de permisos de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n."
}
],
"id": "CVE-2023-40107",
"lastModified": "2024-02-16T13:37:55.033",
"metrics": {},
"published": "2024-02-15T23:15:08.197",
"references": [
{
"source": "security@android.com",
"url": "https://android.googlesource.com/platform/frameworks/av/+/acb81624b4f50fed52cb1b3829809ee2f7377093"
},
{
"source": "security@android.com",
"url": "https://source.android.com/security/bulletin/2023-11-01"
}
],
"sourceIdentifier": "security@android.com",
"vulnStatus": "Awaiting Analysis"
}
}
}
}
Loading...