CVE-2023-35685
Published: 08 January 2025
Summary
CVE-2023-35685 is a high-severity Use After Free (CWE-416) vulnerability in Google Android. Its CVSS base score is 7.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 8.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2023-35685 is a vulnerability in the DevmemIntMapPages function of devicemem_server.c, where a logic error in the code can result in a physical page use-after-free (UAF). This issue affects the kernel and is associated with CWE-416.
A local attacker with low privileges (PR:L) can exploit this vulnerability due to its low attack complexity (AC:L) and lack of required user interaction (UI:N). Successful exploitation enables kernel escalation of privilege with no additional execution privileges needed, leading to high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H), as reflected in its CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
Mitigation details are available in the advisory published on the Google Issue Tracker at https://issuetracker.google.com/issues/42420027.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2023-39685
Vulnerability details
In DevmemIntMapPages of devicemem_server.c, there is a possible physical page uaf due to a logic error in the code. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not…
more
needed for exploitation.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Kernel UAF in devicemem_server.c directly enables local privilege escalation to kernel level without additional privileges.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly remediates the kernel logic error causing the physical page UAF by requiring timely installation of security patches for this specific CVE.
Provides memory protection mechanisms such as KASLR and guard pages that hinder exploitation of the use-after-free vulnerability even if unpatched.
Enables detection of the specific CVE-2023-35685 vulnerability through regular scanning of kernel components for known flaws.