CVE-2023-20835

CVSS 3.1 Score 6.4 of 10 (medium)

Details

Published Sep 4, 2023

Updated: Sep 7, 2023

CWE ID 362

CWE ID 416

Summary

CVE-2023-20835 is a vulnerability affecting the camsys software that involves a race condition leading to a possible use after free. This issue can result in local privilege escalation, granting System execution privileges to an attacker. Notably, user interaction is not required for exploitation. The patch for this vulnerability is identified as ALPS07341261, and the issue was tracked under ALPS07326570.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Android

Affected Vendors

Google
Linux Foundation
Mediatek Inc.

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/sjd29y
https://www.cve.org/CVERecord?id=CVE-2023-20835
https://nvd.nist.gov/vuln/detail/CVE-2023-20835

Back to Vulnerability Database