AI description
Automated description summarized from trusted sources.
CVE-2023-48409 is an out-of-bounds write vulnerability found in the `gpu_pixel_handle_buffer_liveness_update_ioctl` function within `private/google-modules/gpu/mali_kbase/mali_kbase_core_linux.c` in the Android kernel. The vulnerability stems from an integer overflow. Successful exploitation of this vulnerability could allow a local attacker to escalate their privileges without needing additional execution privileges or user interaction. The vulnerability can be triggered by writing data past the end of an intended buffer.
- Description
- In gpu_pixel_handle_buffer_liveness_update_ioctl of private/google-modules/gpu/mali_kbase/mali_kbase_core_linux.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
- Source
- dsap-vuln-management@google.com
- NVD status
- Modified
CVSS 3.1
- Type
- Primary
- Base score
- 7.8
- Impact score
- 5.9
- Exploitability score
- 1.8
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
- nvd@nist.gov
- CWE-190
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
16
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26"
}
],
"operator": "OR"
}
]
}
]