VDB
ASB-A-257685302
ASB-A-257685302
PUBLISHED
CVSS 8.600000381469727 HIGH
In binder_transaction_buffer_release of binder.c, there is a possible use after free due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Risk Scores
CVSS v4.0
8.600000381469727
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Android | :linux_kernel: | :0, Kernel, Kernel |
Timeline
- Feb 1, 2023 CVE Published
- May 15, 2026 CVE Updated
References
- https://source.android.com/security/bulletin/2023-02-01 advisory
- https://android.googlesource.com/kernel/common/+/baa23246e93f patch
- https://android.googlesource.com/kernel/common/+/3d213a626d2d patch
- https://android.googlesource.com/kernel/common/+/9d1efccf5ec3 patch
- https://android.googlesource.com/kernel/common/+/b83173bf86a9 patch
- https://android.googlesource.com/kernel/common/+/aaf236971732 patch
- https://android.googlesource.com/kernel/common/+/ecf61e4e1117 patch