Headline
CVE-2023-21273
In SDP_AddAttribute of sdp_db.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
)]}’ { "commit": "1e27ef69755a0735278a1c6af130c71a92b94e3f", "tree": "63f98a325a45a88a2c5a73c39e1d0c814909660d", "parents": [ “8d608f6473a1bdecfd6319bf332fa506c598a1ff” ], "author": { "name": "Hui Peng", "email": "[email protected]", "time": “Tue Dec 20 22:48:23 2022 +0000” }, "committer": { "name": "Justin Dunlap", "email": "[email protected]", "time": “Mon Jan 30 09:55:42 2023 -0800” }, "message": "Fix an OOB write in SDP_AddAttribute\n\nWhen the `attr_pad` becomes full, it is possible\nthat un index of `-1` is computed write\na zero byte to `p_val`, rusulting OOB write.\n\n```\n p_val[SDP_MAX_PAD_LEN - p_rec-\u003efree_pad_ptr - 1] \u003d \u0027\\0\u0027;\n```\n\nBug: 261867748\nTest: manual\nTag: #security\nIgnore-AOSP-First: security\nMerged-In: I937d22a2df26fca1d7f06b10182c4e713ddfed1b\nChange-Id: I937d22a2df26fca1d7f06b10182c4e713ddfed1b\n(cherry picked from commit 0846b5b746e844464fb728478fea3c2ad6aaef1f)\nMerged-In: I937d22a2df26fca1d7f06b10182c4e713ddfed1b\n", "tree_diff": [ { "type": "modify", "old_id": "297b31251db285438b165c62767ce72a457cce38", "old_mode": 33188, "old_path": "system/stack/sdp/sdp_db.cc", "new_id": "acef4a5aa904556cea12f4a1d4f574f2409beee1", "new_mode": 33188, "new_path": “system/stack/sdp/sdp_db.cc” } ] }
Related news
DoS vulnerability in the PMS module. Successful exploitation of this vulnerability may cause the system to restart.
Plus: Mozilla patches more than a dozen vulnerabilities in Firefox, and enterprise companies Ivanti, Cisco, and SAP roll out a slew of updates to get rid of some high-severity bugs.
In doKeyguardLocked of KeyguardViewMediator.java, there is a possible way to bypass lockdown mode with screen pinning due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.