CVE-2023-45779

HIGH

AOSP - Privilege Escalation

Title source: llm

Description

In the APEX module framework of AOSP, there is a possible malicious update to platform components due to improperly used crypto. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. More details on this can be found in the referenced links.

Exploits (1)

nomisec WORKING POC 103 stars

by metaredteam · poc

https://github.com/metaredteam/rtx-cve-2023-45779

View Code ZIP pw:eip

References (4)

Core 4

Core References

Vendor Advisory

https://source.android.com/security/bulletin/2023-12-01

Various Sources

https://rtx.meta.security/exploitation/2024/01/30/Android-vendors-APEX-test-keys.html

Various Sources

https://www.fairphone.com/en/2024/01/30/security-update-apex-modules-vulnerability-fixed/

Vendor Advisory

https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-wmcc-g67r-9962

Scores

CVSS v3 7.8

EPSS 0.0021

EPSS Percentile 42.5%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

Status published

Products (1)

google/android

Published Dec 04, 2023

Tracked Since Feb 18, 2026