Unidentified VCU Use-After-Free Enables Local Privilege Escalation
CVE-2023-20744 Published on June 6, 2023

In vcu, there is a possible use after free due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07519142; Issue ID: ALPS07519200.

NVD

Vulnerability Analysis

CVE-2023-20744 is exploitable with local system access, and requires user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be very high.

Attack Vector:
LOCAL
Attack Complexity:
LOW
Privileges Required:
HIGH
User Interaction:
NONE
Scope:
UNCHANGED
Confidentiality Impact:
HIGH
Integrity Impact:
HIGH
Availability Impact:
HIGH

Weakness Type

What is a Dangling pointer Vulnerability?

Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.

CVE-2023-20744 has been classified to as a Dangling pointer vulnerability or weakness.


Products Associated with CVE-2023-20744

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2023-20744 are published in these products:

Linux Foundation Iot Yocto
 
Linux Foundation Yocto
 
Google Android
 

Affected Versions

MediaTek, Inc. MT6789, MT6855, MT8185, MT8195, MT8365, MT8395, MT8781, MT8786, MT8789, MT8791, MT8797 Version Android 12.0, 13.0 / Yocto 4.0 / Iot-Yocto 22.2 is affected by CVE-2023-20744

Exploit Probability

EPSS
0.02%
Percentile
6.27%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.