CVE-2023-40082: In modify_for_next_stage of fdt.rs, there is a possible way to render KASLR ineffective due to improperly used crypto. This could lead to remote...

0.0 CVSS

Description

In modify_for_next_stage of fdt.rs, there is a possible way to render KASLR ineffective due to improperly used crypto. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Classification

CVE ID: CVE-2023-40082

CVSS Base Severity: LOW

CVSS Base Score: 0.0

Affected Products

Vendor: Google

Product: Android

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.16% (probability of being exploited)

EPSS Percentile: 52.76% (scored less or equal to compared to others)

EPSS Date: 2025-02-03 (when was this score calculated)

References

https://android.googlesource.com/platform/packages/modules/Virtualization/+/0cf463e9949db2d30755fc63a79225a6158928d3
https://source.android.com/security/bulletin/2023-12-01

Timeline

2024-12-03 00:11:29 UTC
CVE

In modify_for_next_stage of fdt.rs, there is a possible way to render KASLR ineffective due to improperly used crypto. This could lead to remote...