CVE-2023-40140
7.8HIGH
Key Information
- Vendor
- Status
- Android
- Vendor
- CVE Published:
- 27 October 2023
Badges
👾 Exploit Exists🔴 Public PoC
Summary
In android_view_InputDevice_create of android_view_InputDevice.cpp, there is a possible way to execute arbitrary code due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Affected Version(s)
Android = 13
Android = 12L
Android = 12
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
CVSS V3.1
Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
- 👾
Exploit exists.
Vulnerability published.
Vulnerability Reserved.
Collectors
NVD DatabaseMitre Database1 Proof of Concept(s)