CVE-2024-23716 - Vulnerability Details - OpenCVE

In DevmemIntPFNotify of devicemem_server.c, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact total

Vendors	Products
Google	Android
Imaginationtech	Ddk

Configuration 1 [-]

cpe:2.3:o:google:android:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://source.android.com/security/bulletin/2024-09-01

History

Tue, 17 Dec 2024 19:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Google Google android
CPEs		cpe:2.3:o:google:android:-:::::::*
Vendors & Products		Google Google android

Thu, 12 Sep 2024 14:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Imaginationtech Imaginationtech ddk
Weaknesses		CWE-416
CPEs		cpe:2.3:a:imaginationtech:ddk::::::::
Vendors & Products		Imaginationtech Imaginationtech ddk
Metrics		cvssV3_1 `{'score': 7.4, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H'}` ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Wed, 11 Sep 2024 00:15:00 +0000

Type	Values Removed	Values Added
Description		In DevmemIntPFNotify of devicemem_server.c, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.
References		https://source.android.com/security/bulletin/2024-09-01

MITRE

Status: PUBLISHED

Assigner: google_android

Published: 2024-09-11T00:09:16.547Z

Updated: 2024-09-12T13:33:14.558Z

Reserved: 2024-01-20T00:17:16.593Z

Link: CVE-2024-23716

Vulnrichment

Updated: 2024-09-12T13:32:14.669Z

NVD

Status : Analyzed

Published: 2024-09-11T00:15:10.957

Modified: 2024-12-17T19:08:12.907

Link: CVE-2024-23716

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-23716", "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "state": "PUBLISHED", "assignerShortName": "google_android", "dateReserved": "2024-01-20T00:17:16.593Z", "datePublished": "2024-09-11T00:09:16.547Z", "dateUpdated": "2024-09-12T13:33:14.558Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android", "dateUpdated": "2024-09-11T00:09:16.547Z"}, "problemTypes": [{"descriptions": [{"lang": "en", "description": "Elevation of privilege"}]}], "affected": [{"vendor": "Google", "product": "Android", "versions": [{"version": "Android SoC", "status": "affected"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "In DevmemIntPFNotify of devicemem_server.c, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation."}], "references": [{"url": "https://source.android.com/security/bulletin/2024-09-01"}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-416", "lang": "en", "description": "CWE-416 Use After Free"}]}], "affected": [{"vendor": "imaginationtech", "product": "ddk", "cpes": ["cpe:2.3:a:imaginationtech:ddk:*:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "23.3", "versionType": "custom"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.4, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-09-12T13:31:36.859940Z", "id": "CVE-2024-23716", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-12T13:33:14.558Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.4, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-23716", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-09-12T13:31:36.859940Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:imaginationtech:ddk:*:*:*:*:*:*:*:*"], "vendor": "imaginationtech", "product": "ddk", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "23.3"}], "defaultStatus": "unaffected"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-416", "description": "CWE-416 Use After Free"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-12T13:32:14.669Z"}}], "cna": {"affected": [{"vendor": "Google", "product": "Android", "versions": [{"status": "affected", "version": "Android SoC"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://source.android.com/security/bulletin/2024-09-01"}], "descriptions": [{"lang": "en", "value": "In DevmemIntPFNotify of devicemem_server.c, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Elevation of privilege"}]}], "providerMetadata": {"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android", "dateUpdated": "2024-09-11T00:09:16.547Z"}}}, "cveMetadata": {"cveId": "CVE-2024-23716", "state": "PUBLISHED", "dateUpdated": "2024-09-12T13:33:14.558Z", "dateReserved": "2024-01-20T00:17:16.593Z", "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "datePublished": "2024-09-11T00:09:16.547Z", "assignerShortName": "google_android"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", "matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In DevmemIntPFNotify of devicemem_server.c, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation."}, {"lang": "es", "value": "En DevmemIntPFNotify de devicemem_server.c, existe un posible use after free debido a una condici\u00f3n de ejecuci\u00f3n. Esto podr\u00eda provocar una escalada local de privilegios en el n\u00facleo sin necesidad de permisos de ejecuci\u00f3n adicionales. No se necesita interacci\u00f3n del usuario para la explotaci\u00f3n."}], "id": "CVE-2024-23716", "lastModified": "2024-12-17T19:08:12.907", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.0, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.4, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-09-11T00:15:10.957", "references": [{"source": "security@android.com", "tags": ["Vendor Advisory"], "url": "https://source.android.com/security/bulletin/2024-09-01"}], "sourceIdentifier": "security@android.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-416"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-416"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}