Google Android 13.0 HWC2.cpp Display::setPowerMode out-of-bounds

CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
---|---|---|
3.9 | $0-$5k | 0.00 |
A vulnerability was found in Google Android 13.0 (Smartphone Operating System). It has been declared as problematic. This vulnerability affects the function Display::setPowerMode
of the file HWC2.cpp. The manipulation with an unknown input leads to a out-of-bounds vulnerability. The CWE definition for the vulnerability is CWE-125. The product reads data past the end, or before the beginning, of the intended buffer. As an impact it is known to affect confidentiality. CVE summarizes:
In Display::setPowerMode of HWC2.cpp, there is a possible out of bounds read due to a race condition. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-242688355
The weakness was presented 03/25/2023 as A-242688355. The advisory is available at source.android.com. This vulnerability was named CVE-2023-21031 since 11/03/2022. Technical details are known, but there is no available exploit. The structure of the vulnerability defines a possible price range of USD $0-$5k at the moment (estimation calculated on 04/14/2023). It is expected to see the exploit prices for this product increasing in the near future.
Applying a patch is able to eliminate this problem.
Product
Type
Vendor
Name
Version
License
CPE 2.3
CPE 2.2
CVSSv3
VulDB Meta Base Score: 4.0VulDB Meta Temp Score: 3.9
VulDB Base Score: 3.3
VulDB Temp Score: 3.2
VulDB Vector: 🔒
VulDB Reliability: 🔍
NVD Base Score: 4.7
NVD Vector: 🔒
CVSSv2
AV | AC | Au | C | I | A |
---|---|---|---|---|---|
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
---|---|---|---|---|---|
unlock | unlock | unlock | unlock | unlock | unlock |
unlock | unlock | unlock | unlock | unlock | unlock |
unlock | unlock | unlock | unlock | unlock | unlock |
VulDB Base Score: 🔒
VulDB Temp Score: 🔒
VulDB Reliability: 🔍
Exploiting
Class: Out-of-boundsCWE: CWE-125 / CWE-119
ATT&CK: Unknown
Local: Yes
Remote: No
Availability: 🔒
Status: Not defined
EPSS Score: 🔒
EPSS Percentile: 🔒
Price Prediction: 🔍
Current Price Estimation: 🔒
0-Day | unlock | unlock | unlock | unlock |
---|---|---|---|---|
Today | unlock | unlock | unlock | unlock |
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: PatchStatus: 🔍
0-Day Time: 🔒
Timeline
11/03/2022 CVE reserved03/25/2023 Advisory disclosed
03/25/2023 VulDB entry created
04/14/2023 VulDB entry last update
Sources
Vendor: google.comAdvisory: A-242688355
Status: Confirmed
CVE: CVE-2023-21031 (🔒)
scip Labs: https://www.scip.ch/en/?labs.20150917
Entry
Created: 03/25/2023 08:20 AMUpdated: 04/14/2023 03:24 PM
Changes: 03/25/2023 08:20 AM (43), 04/14/2023 03:24 PM (11)
Complete: 🔍
No comments yet. Languages: en.
Please log in to comment.