CVE-2023-20938

Name of the Vulnerable Software and Affected Versions Android kernel

Description The issue is related to a possible use after free due to improper input validation in the binder transaction buffer release of binder.c. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. The vulnerability is also related to incorrect handling of objects of type BINDER TYPE FDA of zero size.

Recommendations For Android kernel, consider disabling the vulnerable function until a patch is available. Restrict access to the binder module to minimize the risk of exploitation. Avoid using the BINDER TYPE FDA object in the affected binder.c until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.