CVE-2024-0023 — Out-of-bounds Write in Frameworks AV

CWE-787 — Out-of-bounds Write6 documents6 sources

Severity

7.8HIGHNVD

CISA9.8

EPSS

3.7%

top 11.99%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Platform Frameworks AV Google Android

Timeline

PublishedFeb 16

Description

In ConvertRGBToPlanarYUV of Codec2BufferUtils.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

▶Androidplatform/frameworks_av14-next:0 — 14-next:2024-01-01+5

▶CVEListV5google/android5 versions+4

▶NVDgoogle/android5 versions+4

Patches

Patch: android.googlesource.com ↗Patch: source.android.com ↗Patch: android.googlesource.com ↗

🔴Vulnerability Details

CVEList

CVE-2024-0023: In ConvertRGBToPlanarYUV of Codec2BufferUtils↗2024-02-16

▶

GHSA

GHSA-3x35-4hvx-j24p: In ConvertRGBToPlanarYUV of Codec2BufferUtils↗2024-02-16

▶

OSV

CVE-2024-0023: In ConvertRGBToPlanarYUV of Codec2BufferUtils↗2024-01-01

▶

📋Vendor Advisories

CISA

VMware vCenter Server Out-of-Bounds Write Vulnerability↗2024-01-22

▶

Android

CVE-2024-0023: Android Security Bulletin 2024-01-01 CVE: CVE-2024-0023 Severity: HIGH Type: EoP Affected AOSP versions: 11, 12, 12L, 13, 14 References: A-283099444 [↗2024-01-01

▶