Headline
CVE-2023-21282
In TRANSPOSER_SETTINGS of lpp_tran.h, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.
)]}’ { "commit": "4242f97d149b0bf0cd96f00cd1e9d30d5922cd46", "tree": "171f0bb02a5a419e237be316cae8fa72d45031ed", "parents": [ “2474d98134b5fdf5d4d344bbc19a9ec070a06e58” ], "author": { "name": "Fraunhofer IIS FDK", "email": "[email protected]", "time": “Tue May 30 16:39:32 2023 +0200” }, "committer": { "name": "Android Build Coastguard Worker", "email": "[email protected]", "time": “Thu Jun 08 20:33:22 2023 +0000” }, "message": "Increase patchParam array size by one and fix out-of-bounce write in resetLppTransposer().\n\nBug: 279766766\nTest: see POC\n(cherry picked from commit f682b8787eb312b9f8997dac4c2c18bb779cf0df)\n(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:2f8c08a4e7b228a55e4c89f0931069de8eda2df6)\nMerged-In: I206973e0bb21140865efffd930e39f920f477359\nChange-Id: I206973e0bb21140865efffd930e39f920f477359\n", "tree_diff": [ { "type": "modify", "old_id": "51b4395ae4ac74ec7f5c33c3078e2ba7a8e25033", "old_mode": 33188, "old_path": "libSBRdec/src/lpp_tran.h", "new_id": "21c41011115d1ffb73fba08ab96606046aaa3dae", "new_mode": 33188, "new_path": “libSBRdec/src/lpp_tran.h” } ] }
Related news
DoS vulnerability in the PMS module. Successful exploitation of this vulnerability may cause the system to restart.
Plus: Mozilla patches more than a dozen vulnerabilities in Firefox, and enterprise companies Ivanti, Cisco, and SAP roll out a slew of updates to get rid of some high-severity bugs.
In doKeyguardLocked of KeyguardViewMediator.java, there is a possible way to bypass lockdown mode with screen pinning due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.