CVE-2023-40131: Use After Free
First published: Mon Oct 02 2023(Updated: )
In GpuService of GpuService.cpp, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Credit: security@android.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Google Android | ||
| Google Android | =11.0 | |
| Google Android | =12.0 | |
| Google Android | =12.1 | |
| Google Android | =13.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this vulnerability?
The vulnerability ID for this vulnerability is CVE-2023-40131.
What is the severity level of CVE-2023-40131?
The severity level of CVE-2023-40131 is high.
How does CVE-2023-40131 occur?
CVE-2023-40131 occurs due to a possible use after free vulnerability caused by a race condition in the GpuService of GpuService.cpp.
What is the potential impact of CVE-2023-40131?
CVE-2023-40131 could lead to local escalation of privilege with no additional execution privileges needed.
Is user interaction required for exploitation of CVE-2023-40131?
No, user interaction is not needed for the exploitation of CVE-2023-40131.
- agent/weakness
- agent/type
- agent/remedy
- agent/softwarecombine
- agent/first-publish-date
- collector/nvd-api
- agent/software-canonical-lookup-request
- collector/android-source
- source/Android
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/severity
- agent/references
- agent/author
- agent/tags
- agent/description
- agent/event
- collector/mitre-cve
- source/MITRE
- vendor/google
- canonical/google android
- version/google android/11.0
- version/google android/12.0
- version/google android/12.1
- version/google android/13.0