PT-2023-1000 · Google+7 · Android Kernel+7

Publicado

2022-12-05

Atualizado

2025-01-24

CVE-2023-21102

CVSS v3.1

7.8

Alta

Vetor

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified) Android kernel (affected versions not specified)

Description The issue is related to a logic error in the code of efi rt asm wrapper in efi-rt-wrapper.S, which could lead to a bypass of shadow stack protection. This might allow an attacker to escalate privileges locally without needing additional execution privileges. User interaction is not required for exploitation.

Recommendations For Linux kernel, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For Android kernel, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Improper Check for Exceptional Conditions

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-413CWE-754

Identificadores relacionados

ALSA-2023:5069

ALSA-2023:5091

ASB-A-260821414

AZL-26872

BDU:2023-02530

CVE-2023-21102

OPENSUSE-SU-2023_2646-1

OPENSUSE-SU-2023_2871-1

RHSA-2023:5069

RHSA-2023:5091

RHSA-2023_5069

RHSA-2023_5091

RLSA-2023:5091

SUSE-SU-2023:2646-1

SUSE-SU-2023:2782-1

SUSE-SU-2023:2809-1

SUSE-SU-2023:2820-1

SUSE-SU-2023:2831-1

SUSE-SU-2023:2871-1

USN-6079-1

USN-6091-1

USN-6096-1

USN-6134-1

Produtos afetados

Almalinux

Android Kernel

Astra Linux

Linuxmint

Red Hat

Rocky Linux

Suse

Ubuntu

PT-2023-1000 · Google+7 · Android Kernel+7

CVE-2023-21102

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 704