In DevmemIntPFNotify of devicemem_server.c, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://source.android.com/security/bulletin/2024-09-01 |
History
Tue, 17 Dec 2024 19:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Google
Google android |
|
CPEs | cpe:2.3:o:google:android:-:*:*:*:*:*:*:* | |
Vendors & Products |
Google
Google android |
Thu, 12 Sep 2024 14:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Imaginationtech
Imaginationtech ddk |
|
Weaknesses | CWE-416 | |
CPEs | cpe:2.3:a:imaginationtech:ddk:*:*:*:*:*:*:*:* | |
Vendors & Products |
Imaginationtech
Imaginationtech ddk |
|
Metrics |
cvssV3_1
|
Wed, 11 Sep 2024 00:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | In DevmemIntPFNotify of devicemem_server.c, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation. | |
References |
|
MITRE
Status: PUBLISHED
Assigner: google_android
Published: 2024-09-11T00:09:16.547Z
Updated: 2024-09-12T13:33:14.558Z
Reserved: 2024-01-20T00:17:16.593Z
Link: CVE-2024-23716
Vulnrichment
Updated: 2024-09-12T13:32:14.669Z
NVD
Status : Analyzed
Published: 2024-09-11T00:15:10.957
Modified: 2024-12-17T19:08:12.907
Link: CVE-2024-23716
Redhat
No data.