CVE-2023-21264
Summary
| CVE | CVE-2023-21264 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2023-08-14 21:15:00 UTC |
| Updated | 2023-08-24 15:31:00 UTC |
| Description | In multiple functions of mem_protect.c, there is a possible way to access hypervisor memory due to a memory access check in the wrong place. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. |
Risk And Classification
Problem Types: CWE-119
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| b35a06182451f - kernel/common - Git at Google | MISC | android.googlesource.com | |
| Android Security Bulletin—August 2023 | Android Open Source Project | MISC | source.android.com | |
| 53625a846a7b4 - kernel/common - Git at Google | MISC | android.googlesource.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 199769 Ubuntu Security Notification for Linux kernel Vulnerabilities (USN-6383-1)
- 199883 Ubuntu Security Notification for Linux kernel (NVIDIA) Vulnerabilities (USN-6466-1)
- 356113 Amazon Linux Security Advisory for kernel : ALAS2023-2023-349
- 610500 Google Android Devices August 2023 Security Patch Missing
- 6140111 AWS Bottlerocket Security Update for kernel (GHSA-3p5w-63g5-248f)