PT-2023-1000 · Google+7 · Android Kernel+7

Published

2022-12-05

Updated

2025-01-24

CVE-2023-21102

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified) Android kernel (affected versions not specified)

Description The issue is related to a logic error in the code of efi rt asm wrapper in efi-rt-wrapper.S, which could lead to a bypass of shadow stack protection. This might allow an attacker to escalate privileges locally without needing additional execution privileges. User interaction is not required for exploitation.

Recommendations For Linux kernel, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For Android kernel, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Improper Check for Exceptional Conditions

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-413CWE-754

Related Identifiers

ALSA-2023:5069

ALSA-2023:5091

ASB-A-260821414

AZL-26872

BDU:2023-02530

CVE-2023-21102

OPENSUSE-SU-2023_2646-1

OPENSUSE-SU-2023_2871-1

RHSA-2023:5069

RHSA-2023:5091

RHSA-2023_5069

RHSA-2023_5091

RLSA-2023:5091

SUSE-SU-2023:2646-1

SUSE-SU-2023:2782-1

SUSE-SU-2023:2809-1

SUSE-SU-2023:2820-1

SUSE-SU-2023:2831-1

SUSE-SU-2023:2871-1

USN-6079-1

USN-6091-1

USN-6096-1

USN-6134-1

Affected Products

Almalinux

Android Kernel

Astra Linux

Linuxmint

Red Hat

Rocky Linux

Suse

Ubuntu

PT-2023-1000 · Google+7 · Android Kernel+7

CVE-2023-21102

Weakness Enumeration

Related Identifiers

Affected Products

References · 704