CVE-2021-39698
Description
In aio_poll_complete_work of aio.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-185125206References: Upstream kernel
Risk Information
Base Score
7.8
MODERATE
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.03
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Linux kernel (USN-5337-1) linux-image-aws_5.13.0.1019.20_amd64.deb | Linux |
| Linux kernel (USN-5337-1) linux-image-aws_5.13.0.1022.24~20.04.15_amd64.deb | Linux |
| Linux kernel (USN-5337-1) linux-image-gcp_5.13.0.1021.19_amd64.deb | Linux |
| Linux kernel (USN-5337-1) linux-image-gke_5.13.0.1021.19_amd64.deb | Linux |
| Linux kernel (USN-5337-1) linux-image-kvm_5.13.0.1018.18_amd64.deb | Linux |
| Linux kernel (USN-5337-1) linux-image-generic_5.13.0.37.46_amd64.deb | Linux |
| Linux kernel (USN-5337-1) linux-image-virtual_5.13.0.37.46_amd64.deb | Linux |
| Linux kernel (USN-5337-1) linux-image-oem-20.04_5.13.0.37.46_amd64.deb | Linux |
| Linux kernel (USN-5337-1) linux-image-lowlatency_5.13.0.37.46_amd64.deb | Linux |
| Linux kernel (USN-5337-1) linux-image-5.13.0-1018-kvm_5.13.0-1018.19_amd64.deb | Linux |
| Linux kernel (USN-5337-1) linux-image-5.13.0-1019-aws_5.13.0-1019.21_amd64.deb | Linux |
| Linux kernel (USN-5337-1) linux-image-5.13.0-1019-aws_5.13.0-1019.21~20.04.1_amd64.deb | Linux |
| Linux kernel (USN-5337-1) linux-image-5.13.0-1021-gcp_5.13.0-1021.25_amd64.deb | Linux |
| Linux kernel (USN-5337-1) linux-image-5.13.0-37-generic_5.13.0-37.42_amd64.deb | Linux |
| Linux kernel (USN-5337-1) linux-image-5.13.0-37-generic_5.13.0-37.42~20.04.1_amd64.deb | Linux |
| Linux kernel (USN-5337-1) linux-image-generic-hwe-20.04_5.13.0.37.42~20.04.22_amd64.deb | Linux |
| Linux kernel (USN-5337-1) linux-image-virtual-hwe-20.04_5.13.0.37.42~20.04.22_amd64.deb | Linux |
| Linux kernel (USN-5337-1) linux-image-5.13.0-37-lowlatency_5.13.0-37.42_amd64.deb | Linux |
| Linux kernel (USN-5337-1) linux-image-5.13.0-37-lowlatency_5.13.0-37.42~20.04.1_amd64.deb | Linux |
| Linux kernel (USN-5337-1) linux-image-lowlatency-hwe-20.04_5.13.0.37.42~20.04.22_amd64.deb | Linux |
| Linux kernel for Microsoft Azure cloud systems (USN-5368-1) linux-image-azure_5.13.0.1021.24~20.04.10_amd64.deb | Linux |
| Linux kernel for Microsoft Azure cloud systems (USN-5368-1) linux-image-oracle_5.13.0.1025.30~20.04.1_amd64.deb | Linux |
| Linux kernel for Microsoft Azure cloud systems (USN-5368-1) linux-image-5.13.0-1021-azure_5.13.0-1021.24~20.04.1_amd64.deb | Linux |
| Linux kernel for Microsoft Azure cloud systems (USN-5368-1) linux-image-5.13.0-1025-oracle_5.13.0-1025.30~20.04.1_amd64.deb | Linux |
| Linux kernel (USN-5337-1) linux-image-5.13.0-1021-gcp_5.13.0-1021.25~20.04.1_amd64.deb | Linux |
| SUSE-SU-2024:2019-1(Public Cloud Module 15-SP5) kernel-syms-azure-5.14.21-150500.33.57.1.x86_64.rpm | Linux |
| SUSE-SU-2024:2019-1(Public Cloud Module 15-SP5) kernel-source-azure-5.14.21-150500.33.57.1.noarch.rpm | Linux |
| SUSE-SU-2024:2019-1(Public Cloud Module 15-SP5) kernel-devel-azure-5.14.21-150500.33.57.1.noarch.rpm | Linux |
| SUSE-SU-2024:2019-1(Public Cloud Module 15-SP5) kernel-azure-devel-debuginfo-5.14.21-150500.33.57.1.x86_64.rpm | Linux |
| SUSE-SU-2024:2019-1(Public Cloud Module 15-SP5) kernel-azure-devel-5.14.21-150500.33.57.1.x86_64.rpm | Linux |
| SUSE-SU-2024:2019-1(Public Cloud Module 15-SP5) kernel-azure-debugsource-5.14.21-150500.33.57.1.x86_64.rpm | Linux |
| SUSE-SU-2024:2019-1(Public Cloud Module 15-SP5) kernel-azure-debuginfo-5.14.21-150500.33.57.1.x86_64.rpm | Linux |
| SUSE-SU-2024:2019-1(Public Cloud Module 15-SP5) kernel-azure-5.14.21-150500.33.57.1.x86_64.rpm | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234