CVE-2023-35685 - Vulnerability Details - OpenCVE

In DevmemIntMapPages of devicemem_server.c, there is a possible physical page uaf due to a logic error in the code. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.0003.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Google Subscribe	Android Subscribe

Configuration 1 [-]

cpe:2.3:o:google:android:-:*:*:*:*:*:*:*

No data.

No data.

Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://issuetracker.google.com/issues/42420027

History

Fri, 31 Jan 2025 18:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-416
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Fri, 10 Jan 2025 16:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Google Google android
Weaknesses		NVD-CWE-noinfo
CPEs		cpe:2.3:o:google:android:-:::::::*
Vendors & Products		Google Google android
Metrics		cvssV3_1 `{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}`

Wed, 08 Jan 2025 17:45:00 +0000

Type	Values Removed	Values Added
Description		In DevmemIntMapPages of devicemem_server.c, there is a possible physical page uaf due to a logic error in the code. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.
References		https://issuetracker.google.com/issues/42420027

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: google_android

Published: 2025-01-08T17:35:14.462Z

Updated: 2025-01-31T17:59:16.638Z

Reserved: 2023-06-15T02:50:33.961Z

Link: CVE-2023-35685

Vulnrichment

Updated: 2025-01-14T17:26:19.655Z

NVD

Status : Modified

Published: 2025-01-08T18:15:15.033

Modified: 2025-01-31T18:15:34.180

Link: CVE-2023-35685

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-35685", "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "state": "PUBLISHED", "assignerShortName": "google_android", "dateReserved": "2023-06-15T02:50:33.961Z", "datePublished": "2025-01-08T17:35:14.462Z", "dateUpdated": "2025-01-31T17:59:16.638Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Android", "vendor": "Google", "versions": [{"status": "affected", "version": "Android SoC"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(252, 252, 252);\">In DevmemIntMapPages of devicemem_server.c, there is a possible physical</span><span style=\"background-color: rgb(252, 252, 252);\"> page uaf due to a logic error in the code. This could lead to local </span><span style=\"background-color: rgb(252, 252, 252);\">escalation of privilege in the kernel with no additional execution </span><span style=\"background-color: rgb(252, 252, 252);\">privileges needed. User interaction is not needed for exploitation.</span><br>"}], "value": "In DevmemIntMapPages of devicemem_server.c, there is a possible physical\u00a0page uaf due to a logic error in the code. This could lead to local\u00a0escalation of privilege in the kernel with no additional execution\u00a0privileges needed. User interaction is not needed for exploitation."}], "providerMetadata": {"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android", "dateUpdated": "2025-01-17T23:22:38.410Z"}, "references": [{"url": "https://issuetracker.google.com/issues/42420027"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-416", "lang": "en", "description": "CWE-416 Use After Free"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-01-10T19:26:37.229378Z", "id": "CVE-2023-35685", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-31T17:59:16.638Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2023-35685", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-01-10T19:26:37.229378Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-416", "description": "CWE-416 Use After Free"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-14T17:26:19.655Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "affected": [{"vendor": "Google", "product": "Android", "versions": [{"status": "affected", "version": "Android SoC"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://issuetracker.google.com/issues/42420027"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "In DevmemIntMapPages of devicemem_server.c, there is a possible physical\u00a0page uaf due to a logic error in the code. This could lead to local\u00a0escalation of privilege in the kernel with no additional execution\u00a0privileges needed. User interaction is not needed for exploitation.", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(252, 252, 252);\">In DevmemIntMapPages of devicemem_server.c, there is a possible physical</span><span style=\"background-color: rgb(252, 252, 252);\"> page uaf due to a logic error in the code. This could lead to local </span><span style=\"background-color: rgb(252, 252, 252);\">escalation of privilege in the kernel with no additional execution </span><span style=\"background-color: rgb(252, 252, 252);\">privileges needed. User interaction is not needed for exploitation.</span><br>", "base64": false}]}], "providerMetadata": {"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android", "dateUpdated": "2025-01-17T23:22:38.410Z"}}}, "cveMetadata": {"cveId": "CVE-2023-35685", "state": "PUBLISHED", "dateUpdated": "2025-01-31T17:59:16.638Z", "dateReserved": "2023-06-15T02:50:33.961Z", "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "datePublished": "2025-01-08T17:35:14.462Z", "assignerShortName": "google_android"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", "matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In DevmemIntMapPages of devicemem_server.c, there is a possible physical\u00a0page uaf due to a logic error in the code. This could lead to local\u00a0escalation of privilege in the kernel with no additional execution\u00a0privileges needed. User interaction is not needed for exploitation."}, {"lang": "es", "value": "En DevmemIntMapPages de devicemem_server.c, existe una posible p\u00e1gina f\u00edsica uaf debido a un error l\u00f3gico en el c\u00f3digo. Esto podr\u00eda provocar una escalada local de privilegios en el n\u00facleo sin necesidad de permisos de ejecuci\u00f3n adicionales. No se necesita interacci\u00f3n del usuario para la explotaci\u00f3n."}], "id": "CVE-2023-35685", "lastModified": "2025-01-31T18:15:34.180", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2025-01-08T18:15:15.033", "references": [{"source": "security@android.com", "tags": ["Exploit", "Mailing List"], "url": "https://issuetracker.google.com/issues/42420027"}], "sourceIdentifier": "security@android.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-416"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}