Cyber Resilience

CVE-2023-35685

HighPublic PoC

Published: 08 January 2025

Published
08 January 2025
Modified
31 January 2025
KEV Added
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0003 8.2th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-35685 is a high-severity Use After Free (CWE-416) vulnerability in Google Android. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 8.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2023-35685 is a vulnerability in the DevmemIntMapPages function of devicemem_server.c, where a logic error in the code can result in a physical page use-after-free (UAF). This issue affects the kernel and is associated with CWE-416.

A local attacker with low privileges (PR:L) can exploit this vulnerability due to its low attack complexity (AC:L) and lack of required user interaction (UI:N). Successful exploitation enables kernel escalation of privilege with no additional execution privileges needed, leading to high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H), as reflected in its CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

Mitigation details are available in the advisory published on the Google Issue Tracker at https://issuetracker.google.com/issues/42420027.

EU & UK References

Vulnerability details

In DevmemIntMapPages of devicemem_server.c, there is a possible physical page uaf due to a logic error in the code. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not…

more

needed for exploitation.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Kernel UAF in devicemem_server.c directly enables local privilege escalation to kernel level without additional privileges.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2024-40651Same product: Google Android
CVE-2024-40649Same product: Google Android
CVE-2025-22410Same product: Google Android
CVE-2025-48543Same product: Google Android
CVE-2024-40669Same product: Google Android
CVE-2024-40670Same product: Google Android
CVE-2025-22409Same product: Google Android
CVE-2025-22404Same product: Google Android
CVE-2024-34748Same product: Google Android
CVE-2026-0112Same product: Google Android

Affected Assets

google
android
all versions

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly remediates the kernel logic error causing the physical page UAF by requiring timely installation of security patches for this specific CVE.

prevent

Provides memory protection mechanisms such as KASLR and guard pages that hinder exploitation of the use-after-free vulnerability even if unpatched.

detect

Enables detection of the specific CVE-2023-35685 vulnerability through regular scanning of kernel components for known flaws.

References