Vulnerability Details : CVE-2023-20938
In binder_transaction_buffer_release of binder.c, there is a possible use after free due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-257685302References: Upstream kernel
Published
2023-02-28 17:15:11
Updated
2024-07-03 01:39:20
Vulnerability category: Memory Corruption
Exploit prediction scoring system (EPSS) score for CVE-2023-20938
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 6 %
Percentile, the proportion of vulnerabilities that are scored at or less