Description
In run of MDnsSdListener.cpp, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Exploits (1)
nomisec
WORKING POC
by Trinadh465 · poc
https://github.com/Trinadh465/platform_system_netd_AOSP10_r33_CVE-2023-40084
References (2)
Core 2
Core References
Mailing List, Patch
https://android.googlesource.com/platform/system/netd/+/1b8bddd96b2efd4074b6d4eee377b62077c031bd
Patch, Vendor Advisory
https://source.android.com/security/bulletin/2023-12-01
Scores
CVSS v3
7.8
EPSS
0.0005
EPSS Percentile
16.7%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-416
Status
published
Products (5)
google/android
11.0
google/android
12.0
google/android
12.1
google/android
13.0
google/android
14.0
Published
Dec 04, 2023
Tracked Since
Feb 18, 2026