CVE-2023-20938
Summary
| CVE | CVE-2023-20938 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2023-02-28 17:15:00 UTC |
| Updated | 2023-03-06 19:32:00 UTC |
| Description | In binder_transaction_buffer_release of binder.c, there is a possible use after free due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-257685302References: Upstream kernel |
Risk And Classification
Problem Types: CWE-416
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Android Security Bulletin—February 2023 | Android Open Source Project | MISC | source.android.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 181571 Debian Security Update for linux (CVE-2023-20938)
- 199212 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-5917-1)
- 199224 Ubuntu Security Notification for Linux kernel (Raspberry Pi) Vulnerabilities (USN-5934-1)
- 199226 Ubuntu Security Notification for Linux kernel (GCP) Vulnerabilities (USN-5939-1)
- 199230 Ubuntu Security Notification for Linux kernel (Raspberry Pi) Vulnerabilities (USN-5940-1)
- 199239 Ubuntu Security Notification for Linux kernel (IBM) Vulnerabilities (USN-5951-1)
- 199276 Ubuntu Security Notification for Linux kernel (BlueField) Vulnerabilities (USN-6000-1)
- 199342 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-6080-1)
- 199346 Ubuntu Security Notification for Linux kernel (Raspberry Pi) Vulnerabilities (USN-6085-1)
- 199351 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-6090-1)
- 199385 Ubuntu Security Notification for Linux kernel (Intel IoTG) Vulnerabilities (USN-6134-1)
- 199389 Ubuntu Security Notification for Linux kernel (Intel IoTG) Vulnerabilities (USN-6133-1)
- 378710 Alibaba Cloud Linux Security Update for cloud-kernel (ALINUX3-SA-2023:0079)
- 379043 Alibaba Cloud Linux Security Update for cloud-kernel (ALINUX3-SA-2023:0136)
- 610466 Google Android Devices February 2023 Security Patch Missing
- 610472 Google Android March 2023 Security Patch Missing for Samsung