Headline
CVE-2023-21274
In convertSubgraphFromHAL of ShimConverter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
)]}’ { "commit": "2bffd7f5e66dd0cf7e5668fb65c4f2b2e9f87cf7", "tree": "0a10917fa10721a8923ca524ec4ab32282386c77", "parents": [ “fc3117e0d8bad19c08b38078f17f58293dd4f3ef” ], "author": { "name": "Przemysław Szczepaniak", "email": "[email protected]", "time": “Mon Mar 13 14:38:28 2023 +0000” }, "committer": { "name": "Android Build Coastguard Worker", "email": "[email protected]", "time": “Thu Jun 08 20:34:43 2023 +0000” }, "message": "Fix OOB Read in setOperandValue\n\nBug: 269456018\nTest: Run the POC\n(cherry picked from https://android-review.googlesource.com/q/commit:c45bdb6ac47bf8cf2853144e82910f43f2f0b1e9)\n(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:5d81dcf032155c2967f613629bb67f629f835636)\nMerged-In: I7325d56a380f05753356875623a2b5eaba3ca578\nChange-Id: I7325d56a380f05753356875623a2b5eaba3ca578\n", "tree_diff": [ { "type": "modify", "old_id": "2cbdc092dadb65d743325f082d2a747f18b4bd42", "old_mode": 33188, "old_path": "shim_and_sl/ShimConverter.cpp", "new_id": "1ed0e31cf87bdf6b2d75ad52bf21218a578ca666", "new_mode": 33188, "new_path": “shim_and_sl/ShimConverter.cpp” } ] }
Related news
In doKeyguardLocked of KeyguardViewMediator.java, there is a possible way to bypass lockdown mode with screen pinning due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.