{"api_version":"1","generated_at":"2026-04-25T23:43:24+00:00","cve":"CVE-2023-35654","urls":{"html":"https://cve.report/CVE-2023-35654","api":"https://cve.report/api/cve/CVE-2023-35654.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2023-35654","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2023-35654"},"summary":{"title":"CVE-2023-35654","description":"In ctrl_roi of stmvl53l1_module.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.","state":"PUBLIC","assigner":"security@android.com","published_at":"2023-10-11 20:15:00","updated_at":"2023-10-14 01:44:00"},"problem_types":["CWE-125"],"metrics":[],"references":[{"url":"https://source.android.com/security/bulletin/pixel/2023-10-01","name":"https://source.android.com/security/bulletin/pixel/2023-10-01","refsource":"MISC","tags":[],"title":"Pixel Update Bulletin—October 2023  |  Android Open Source Project","mime":"text/html","httpstatus":"200","archivestatus":"429"},{"url":"https://www.cve.org/CVERecord?id=CVE-2023-35654","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-35654","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2023","cve_id":"35654","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"google","cpe5":"android","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2023-35654","qid":"610512","title":"Google Pixel Android October 2023 Security Patch Missing"}]},"source_records":{"cve_program":{"data_version":"4.0","data_type":"CVE","data_format":"MITRE","CVE_data_meta":{"ID":"CVE-2023-35654","ASSIGNER":"security@android.com","STATE":"PUBLIC"},"description":{"description_data":[{"lang":"eng","value":"In ctrl_roi of stmvl53l1_module.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.\n\n"}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Elevation of privilege"}]}]},"affects":{"vendor":{"vendor_data":[{"vendor_name":"Google","product":{"product_data":[{"product_name":"Android","version":{"version_data":[{"version_affected":"=","version_value":"Android kernel"}]}}]}}]}},"references":{"reference_data":[{"url":"https://source.android.com/security/bulletin/pixel/2023-10-01","refsource":"MISC","name":"https://source.android.com/security/bulletin/pixel/2023-10-01"}]}},"nvd":{"publishedDate":"2023-10-11 20:15:00","lastModifiedDate":"2023-10-14 01:44:00","problem_types":["CWE-125"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":6.7,"baseSeverity":"MEDIUM"},"exploitabilityScore":0.8,"impactScore":5.9}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:google:android:-:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":null,"notes":[]}}}