CVE-2023-48409

In gpu_pixel_handle_buffer_liveness_update_ioctl of private/google-modules/gpu/mali_kbase/mali_kbase_core_linux.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Configurations

Configuration 1 (hide)

cpe:2.3:o:google:android:-:*:*:*:*:*:*:*

History

21 Nov 2024, 08:31

Type Values Removed Values Added
References () https://source.android.com/security/bulletin/pixel/2023-12-01 - Vendor Advisory () https://source.android.com/security/bulletin/pixel/2023-12-01 - Vendor Advisory

12 Mar 2024, 21:15

Type Values Removed Values Added
Summary (en) In gpu_pixel_handle_buffer_liveness_update_ioctl of private/google-modules/gpu/mali_kbase/mali_kbase_core_linux.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. (en) In gpu_pixel_handle_buffer_liveness_update_ioctl of private/google-modules/gpu/mali_kbase/mali_kbase_core_linux.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

12 Dec 2023, 23:46

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.8
CWE CWE-190
CPE cpe:2.3:o:google:android:-:*:*:*:*:*:*:*
References () https://source.android.com/security/bulletin/pixel/2023-12-01 - () https://source.android.com/security/bulletin/pixel/2023-12-01 - Vendor Advisory

08 Dec 2023, 16:37

Type Values Removed Values Added
New CVE

Information

Published : 2023-12-08 16:15

Updated : 2024-11-21 08:31


NVD link : CVE-2023-48409

Mitre link : CVE-2023-48409

CVE.ORG link : CVE-2023-48409


JSON object : View

Products Affected

google

  • android
CWE
CWE-190

Integer Overflow or Wraparound