CVE-2022-40507
published 2023-06-06CVE-2022-40507: Memory corruption due to double free in Core while mapping HLOS address to the list.
PriorityP340high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
EPSS
1.31%
67.0th percentile
Memory corruption due to double free in Core while mapping HLOS address to the list.
Affected
235 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| android | — | — | |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
| qualcomm_inc | snapdragon | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Android
CVE-2022-40507: Closed-source component
vendor_android·2023-12-01·CVSS 8.4
CVE-2022-40507 [HIGH] CVE-2022-40507: Closed-source component
Android Security Bulletin 2023-12-01
CVE: CVE-2022-40507
Severity: CRITICAL
Component: Closed-source component
References: A-261468680
*
GHSA
GHSA-wcg5-6pc8-hjf5: Memory corruption due to double free in Core while mapping HLOS address to the list
ghsa_unreviewed·2023-06-06
CVE-2022-40507 [HIGH] CWE-415 GHSA-wcg5-6pc8-hjf5: Memory corruption due to double free in Core while mapping HLOS address to the list
Memory corruption due to double free in Core while mapping HLOS address to the list.
No detection rules found.
No public exploits indexed.
Checkpoint
11th December – Threat Intelligence Report
blogs_checkpoint·2023-12-11
CVE-2023-40088 11th December – Threat Intelligence Report
Latest Publications
CPR Podcast Channel
AI Research
Web 3.0 Security
Intelligence Reports
ThreatCloud AI
Threat Intelligence & Research
Zero Day Protection
Sandblast File Analysis
About Us
SUBSCRIBE
2026
2025
2024
2023
2022
2021
2020
2019
2018
2017
2016
## 11th December – Threat Intelligence Report
For the latest discoveries in cyber research for the week of 11th December, please download our Threat_Intelligence Bulletin .
TOP ATTACKS AND BREACHES
The American Greater Richmond Transit Company (GRTC), which provides services for millions of people, has been a victim of cyber-attack that impacted certain applications and parts of the GRTC network. The Play ransomware gang claimed responsibility for the attack.
Check Point Harmony Endpoint and Threat Emulation prov
Bleepingcomputer
December Android updates fix critical zero-click RCE flaw
blogs_bleepingcomputer·2023-12-04·CVSS 8.4
CVE-2023-40088 [HIGH] December Android updates fix critical zero-click RCE flaw
## December Android updates fix critical zero-click RCE flaw
## Sergiu Gatlan
Google announced today that the December 2023 Android security updates tackle 85 vulnerabilities, including a critical severity zero-click remote code execution (RCE) bug.
Tracked as CVE-2023-40088, the zero-click RCE bug was found in Android's System component and doesn't require additional privileges to be exploited.
While the company has yet to reveal if attackers have targeted this security flaw in the wild, threat actors could exploit it to gain arbitrary code execution without user interaction.
"The most severe of these issues is a critical security vulnerability in the System component that could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User int
2023-06-06
Published