CVE-2023-21065 – This CVE describes an integer overflow vulnerab... (How to Fix)

Q: What is the severity of CVE-2023-21065?

CVE-2023-21065 has a CVSS score of 6.7 (MEDIUM). This CVE describes an integer overflow vulnerability in Android's fdt.c that could allow local privilege escalation. An attacker could exploit this to gain elevated system privileges on affected Android devices. Only Android devices with vulnerable kernel versions are affected.

📋 TL;DR

This CVE describes an integer overflow vulnerability in Android's fdt.c that could allow local privilege escalation. An attacker could exploit this to gain elevated system privileges on affected Android devices. Only Android devices with vulnerable kernel versions are affected.

💻 Affected Systems

Products:

Android

Versions: Android kernel versions prior to March 2023 security patches

Operating Systems: Android

Default Config Vulnerable: ⚠️ Yes

Notes: Requires system execution privileges to exploit, but default Android configurations are vulnerable.

📦 What is this software?

Android by Google

View all CVEs affecting Android →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full device compromise with kernel-level access, allowing complete control over the Android system and all user data.

🟠

Likely Case

Local privilege escalation where a malicious app could gain system-level permissions to access sensitive data or install persistent malware.

🟢

If Mitigated

Limited impact if devices are patched or have proper app sandboxing and SELinux policies enforced.

🌐 Internet-Facing: LOW - This is a local privilege escalation vulnerability requiring local access to the device.

🏢 Internal Only: MEDIUM - Malicious apps or compromised user accounts could exploit this to escalate privileges on internal devices.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires local access and system execution privileges. No user interaction needed once initial access is obtained.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: March 2023 Android Security Bulletin patches

Vendor Advisory: https://source.android.com/security/bulletin/pixel/2023-03-01

Restart Required: Yes

Instructions:

1. Apply March 2023 Android Security Update via Settings > System > System Update. 2. For Pixel devices, ensure build number TQ2A.230305.008.C1 or later. 3. For other Android devices, check manufacturer's security update schedule.

🔧 Temporary Workarounds

Restrict app permissions

android

Limit app permissions to reduce attack surface for potential malicious apps

Enable Google Play Protect

android

Ensure Google Play Protect is enabled to detect potentially harmful apps

🧯 If You Can't Patch

Restrict installation of apps from unknown sources
Implement mobile device management (MDM) policies to control app installations

🔍 How to Verify

Check if Vulnerable:

Check Android security patch level in Settings > About phone > Android version. If patch level is earlier than March 2023, device is vulnerable.

Check Version:

adb shell getprop ro.build.version.security_patch

Verify Fix Applied:

Verify security patch level shows 'March 5, 2023' or later in Settings > About phone > Android version.

📡 Detection & Monitoring

Log Indicators:

Kernel panic logs
SELinux denials related to fdt operations
Abnormal privilege escalation attempts

Network Indicators:

None - this is a local vulnerability

SIEM Query:

source="android_kernel" AND (event="kernel_panic" OR event="oops") AND message="*fdt*"

📊 Metadata

CVE ID: CVE-2023-21065

CVSS v3 Score: 6.7 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-190

Published: March 24, 2023

Last Updated: November 21, 2024

🔗 References

https://source.android.com/security/bulletin/pixel/2023-03-01 Vendor Advisory
https://source.android.com/security/bulletin/pixel/2023-03-01 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-21065, you might also want to check these: