CVE-2023-21400

In multiple functions of io_uring.c, there is a possible kernel memory corruption due to improper locking. This could lead to local escalation of privilege in the kernel with System execution privileges needed. User interaction is not needed for exploitation.

CVSS v3.0 6.7 MEDIUM

6.7^/10

CVSS v3.0 : MEDIUM

Vector :

Exploitability : 0.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://source.android.com/security/bulletin/pixel/2023-07-01	Vendor Advisory
http://www.openwall.com/lists/oss-security/2023/07/14/2	Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2023/07/19/2	Exploit Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2023/07/19/7	Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2023/07/25/7
https://www.debian.org/security/2023/dsa-5480

Configurations

Configuration 1 (hide)

cpe:2.3:o:google:android:-:*:*:*:*:*:*:*

Information

Published : 2023-07-13 00:15

Updated : 2023-08-19 18:15

NVD link : CVE-2023-21400

Mitre link : CVE-2023-21400

JSON object : View

Products Affected

google

android

CWE

CWE-667

Improper Locking

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://source.android.com/security/bulletin/pixel/2023-07-01", "name": "https://source.android.com/security/bulletin/pixel/2023-07-01", "tags": ["Vendor Advisory"], "refsource": "MISC"}, {"url": "http://www.openwall.com/lists/oss-security/2023/07/14/2", "name": "http://www.openwall.com/lists/oss-security/2023/07/14/2", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "MISC"}, {"url": "http://www.openwall.com/lists/oss-security/2023/07/19/2", "name": "http://www.openwall.com/lists/oss-security/2023/07/19/2", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "refsource": "MISC"}, {"url": "http://www.openwall.com/lists/oss-security/2023/07/19/7", "name": "http://www.openwall.com/lists/oss-security/2023/07/19/7", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "MISC"}, {"url": "http://www.openwall.com/lists/oss-security/2023/07/25/7", "name": "http://www.openwall.com/lists/oss-security/2023/07/25/7", "tags": [], "refsource": "MISC"}, {"url": "https://www.debian.org/security/2023/dsa-5480", "name": "https://www.debian.org/security/2023/dsa-5480", "tags": [], "refsource": "MISC"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "In multiple functions of io_uring.c, there is a possible kernel memory corruption due to improper locking. This could lead to local escalation of privilege in the kernel with System execution privileges needed. User interaction is not needed for exploitation.\n\n"}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-667"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2023-21400", "ASSIGNER": "security@android.com"}}, "impact": {"baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.7, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 0.8}}, "publishedDate": "2023-07-13T00:15Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2023-08-19T18:15Z"}