Headline
CVE-2023-21271
In parseInputs of ShimPreparedModel.cpp, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
)]}’ { "commit": "e44e1064ccec2aa09fc66bd750d66919129ae6b4", "tree": "9198945d05321169b5fb304d31b0ffadec1a056a", "parents": [ “2bffd7f5e66dd0cf7e5668fb65c4f2b2e9f87cf7” ], "author": { "name": "Przemysław Szczepaniak", "email": "[email protected]", "time": “Fri Mar 17 16:01:05 2023 +0000” }, "committer": { "name": "Android Build Coastguard Worker", "email": "[email protected]", "time": “Thu Jun 08 20:34:46 2023 +0000” }, "message": "Fix OOB read in parseInputs in ShimPreparedModel.cpp\n\nBug: 269455813\nTest: built image\n(cherry picked from https://android-review.googlesource.com/q/commit:404c6882edc91a34f60cd56f724d745b06a73756)\n(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:553bc285b36b6312b24087bd085f12620028fac8)\nMerged-In: Ib93baacd45f394568eb789b5196a5d0b4e1edd41\nChange-Id: Ib93baacd45f394568eb789b5196a5d0b4e1edd41\n", "tree_diff": [ { "type": "modify", "old_id": "178cc1c3309db8539d2f796f1fa5f5b9143de3c9", "old_mode": 33188, "old_path": "shim_and_sl/ShimPreparedModel.cpp", "new_id": "840d65a1996b9e325e99123693727f8a59bba6af", "new_mode": 33188, "new_path": “shim_and_sl/ShimPreparedModel.cpp” } ] }
Related news
In doKeyguardLocked of KeyguardViewMediator.java, there is a possible way to bypass lockdown mode with screen pinning due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.