CVE-2023-21106Double Free in Google Android

CWE-415Double Free14 documents7 sources
Severity
7.8HIGHNVD
OSV5.5OSV4.7
EPSS
0.0%
top 94.28%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Linux KernelDebian LinuxGoogle Android
Timeline
PublishedMay 15
Latest updateJul 25

Description

In adreno_set_param of adreno_gpu.c, there is a possible memory corruption due to a double free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-265016072References: Upstream kernel

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

Debianlinux/linux_kernel< 6.1.11-1+2
debiandebian/linux< linux 6.1.11-1 (bookworm)

Patches

Patch: source.android.comPatch: source.android.com

🔴Vulnerability Details

6
OSV
linux-oem-6.0 vulnerabilities2023-07-25
OSV
linux-gcp, linux-hwe-5.19 vulnerabilities2023-05-22
GHSA
GHSA-jqcf-frh4-x2vj: In adreno_set_param of adreno_gpu2023-05-16
OSV
linux, linux-aws, linux-azure, linux-azure-5.19, linux-kvm, linux-lowlatency, linux-raspi vulnerabilities2023-05-16
OSV
CVE-2023-21106: In adreno_set_param of adreno_gpu2023-05-15

📋Vendor Advisories

7
Ubuntu
Linux kernel (OEM) vulnerabilities2023-07-25
Ubuntu
Linux kernel vulnerabilities2023-05-22
Ubuntu
Linux kernel vulnerabilities2023-05-18
Ubuntu
Linux kernel vulnerabilities2023-05-16
Red Hat
kernel: possible memory corruption due to double free2023-05-01