CVE-2023-21241 — Integer Overflow or Wraparound in System NFC

CWE-190 — Integer Overflow or Wraparound5 documents5 sources

Severity

7.8HIGHNVD

EPSS

0.0%

top 94.58%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Platform System NFC Google Android

Timeline

PublishedJul 13

Description

In rw_i93_send_to_upper of rw_i93.cc, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

▶Androidplatform/system_nfc13-next:0 — 13-next:2023-07-01+4

▶CVEListV5google/android4 versions+3

▶NVDgoogle/android4 versions+3

Patches

Patch: android.googlesource.com ↗Patch: source.android.com ↗Patch: android.googlesource.com ↗

🔴Vulnerability Details

GHSA

GHSA-j2q4-x9p4-5wx9: In rw_i93_send_to_upper of rw_i93↗2023-07-13

▶

CVEList

CVE-2023-21241: In rw_i93_send_to_upper of rw_i93↗2023-07-12

▶

OSV

CVE-2023-21241: In rw_i93_send_to_upper of rw_i93↗2023-07-01

▶

📋Vendor Advisories

Android

CVE-2023-21241: Android Security Bulletin 2023-07-01 CVE: CVE-2023-21241 Severity: HIGH Type: EoP Affected AOSP versions: 11, 12, 12L, 13 References: A-271849189↗2023-07-01

▶