Headline
CVE-2023-21287
In multiple locations, there is a possible code execution due to type confusion. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
)]}’ { "commit": "a79e80a25874dacaa266906a9048f13d4bac41c6", "tree": "20675215494af58053a383e6cfcb82e597490dcd", "parents": [ “5d803bd3a68c98e1e9157ab187ee27c62ae0b4ec” ], "author": { "name": "Seigo Nonaka", "email": "[email protected]", "time": “Tue May 02 10:01:38 2023 +0900” }, "committer": { "name": "Android Build Coastguard Worker", "email": "[email protected]", "time": “Thu Jun 08 20:33:24 2023 +0000” }, "message": "Cherrypick following three changes\n\n[cherrypick 545bf3a27] [sfnt, truetype] Add `size_reset` to `MetricsVariations`.\n[cherrypick daad10810] [truetype] tt_size_reset_height to take FT_Size\n[cherrypick 51ad7b243] [services] FT_Size_Reset_Func to return FT_Error\n\nBug: 278221085\nTest: TreeHugger\n(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:9fe9411db4b7e715a39c0ccf48d1e0328f1d8e7c)\n(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:cff127c5bc4a47ef88df305380ee2a47318a865b)\nMerged-In: I7e839b2a36e35c27974a82cc76e853996a7c7688\nChange-Id: I7e839b2a36e35c27974a82cc76e853996a7c7688\n", "tree_diff": [ { "type": "modify", "old_id": "b9c95a7c9c8454637f0ddffacfc0b05153002be4", "old_mode": 33188, "old_path": "include/freetype/internal/services/svmetric.h", "new_id": "ade6e9a6561bc67a479cce85684738a1b9dc44e7", "new_mode": 33188, "new_path": “include/freetype/internal/services/svmetric.h” }, { "type": "modify", "old_id": "651131c8d36befa85ef7892b8c2e6b2d9882ba75", "old_mode": 33188, "old_path": "include/freetype/internal/tttypes.h", "new_id": "afd7d024ad24c4842c6e14f0bdfa5dad5a53f9de", "new_mode": 33188, "new_path": “include/freetype/internal/tttypes.h” }, { "type": "modify", "old_id": "59210f37c52272e1c43b230b92a23e9d089ffe42", "old_mode": 33188, "old_path": "src/cff/cffdrivr.c", "new_id": "b3c018f78e80df458d963dabc4f6d41036ae1459", "new_mode": 33188, "new_path": “src/cff/cffdrivr.c” }, { "type": "modify", "old_id": "3a4d47dbddd9c34ef2b7b011d0b37e6b6a1a2d93", "old_mode": 33188, "old_path": "src/cff/cffobjs.c", "new_id": "80a25b7163edaaae735899e7a6519c8d40a4f069", "new_mode": 33188, "new_path": “src/cff/cffobjs.c” }, { "type": "modify", "old_id": "789102479009ef7e053b28d3dbe27ba8e2d99a8e", "old_mode": 33188, "old_path": "src/sfnt/sfobjs.c", "new_id": "64202aad8769613611c3cb0dd8c1e0e1d321cd2e", "new_mode": 33188, "new_path": “src/sfnt/sfobjs.c” }, { "type": "modify", "old_id": "7aece36fb01ae87fe0ad35a3e9f0ae20485bf7d1", "old_mode": 33188, "old_path": "src/sfnt/ttmtx.c", "new_id": "62cd021631f251463b73633ae79d50be500a90de", "new_mode": 33188, "new_path": “src/sfnt/ttmtx.c” }, { "type": "modify", "old_id": "6fcfdb23e48a907482d14156afd4e9e07a8094fe", "old_mode": 33188, "old_path": "src/truetype/ttdriver.c", "new_id": "bd7f2cea3865ebe409d8457014e493a2133e6fc3", "new_mode": 33188, "new_path": “src/truetype/ttdriver.c” }, { "type": "modify", "old_id": "7f2db0cbdc0c8cafe8d0bfd2047758b48050e42c", "old_mode": 33188, "old_path": "src/truetype/ttgxvar.c", "new_id": "bbd2640483a5b32a03d7a6e92620eb0ed1b57728", "new_mode": 33188, "new_path": “src/truetype/ttgxvar.c” }, { "type": "modify", "old_id": "93fc548447398dc691d6ce1205e47884579d1318", "old_mode": 33188, "old_path": "src/truetype/ttobjs.c", "new_id": "929f2c3fa0fd3e9379d22d8cf9732ce6f2686d76", "new_mode": 33188, "new_path": “src/truetype/ttobjs.c” }, { "type": "modify", "old_id": "fd72378721bd951126693feea95394779b8d004b", "old_mode": 33188, "old_path": "src/truetype/ttobjs.h", "new_id": "7e9c6a207b19014966112c9fe776c29aa1f3fdbd", "new_mode": 33188, "new_path": “src/truetype/ttobjs.h” } ] }
Related news
DoS vulnerability in the PMS module. Successful exploitation of this vulnerability may cause the system to restart.
In doKeyguardLocked of KeyguardViewMediator.java, there is a possible way to bypass lockdown mode with screen pinning due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.