CVE-2023-35661 – This vulnerability allows remote attackers to r... (How to Fix)

Q: What is the severity of CVE-2023-35661?

CVE-2023-35661 has a CVSS score of 7.5 (HIGH). This vulnerability allows remote attackers to read memory beyond intended boundaries in Android's ROHC packet decompression code. It affects Android devices running vulnerable versions, potentially exposing sensitive information without user interaction.

📋 TL;DR

This vulnerability allows remote attackers to read memory beyond intended boundaries in Android's ROHC packet decompression code. It affects Android devices running vulnerable versions, potentially exposing sensitive information without user interaction.

💻 Affected Systems

Products:

Android

Versions: Android versions prior to October 2023 security patch

Operating Systems: Android

Default Config Vulnerable: ⚠️ Yes

Notes: Specifically affects the ROHC (Robust Header Compression) packet processing component in Android's networking stack.

📦 What is this software?

Android by Google

View all CVEs affecting Android →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote information disclosure leading to exposure of sensitive memory contents, potentially including authentication tokens, encryption keys, or other protected data.

🟠

Likely Case

Information leakage that could aid attackers in developing further exploits or understanding system memory layout.

🟢

If Mitigated

No impact if patched; limited impact if network segmentation prevents external access to vulnerable services.

🌐 Internet-Facing: HIGH - Remote exploitation requires no authentication or user interaction.

🏢 Internal Only: MEDIUM - Still exploitable from internal networks but requires network access to affected services.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires sending specially crafted network packets to trigger the out-of-bounds read condition.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: October 2023 Android security patch level or later

Vendor Advisory: https://source.android.com/security/bulletin/pixel/2023-10-01

Restart Required: Yes

Instructions:

1. Check for system updates in Settings > System > System update. 2. Install October 2023 or later security patch. 3. Reboot device after installation.

🔧 Temporary Workarounds

Network segmentation

all

Restrict network access to devices running vulnerable Android versions

Disable ROHC compression

all

If possible, disable Robust Header Compression in network configurations

🧯 If You Can't Patch

Isolate affected devices from untrusted networks
Implement network monitoring for anomalous packet patterns

🔍 How to Verify

Check if Vulnerable:

Check Android security patch level in Settings > About phone > Android version > Security patch level

Check Version:

adb shell getprop ro.build.version.security_patch

Verify Fix Applied:

Verify security patch level shows October 2023 or later date

📡 Detection & Monitoring

Log Indicators:

Kernel panic logs
Network stack crash reports
Memory access violation logs

Network Indicators:

Unusual ROHC packet patterns
Malformed TCP SACK option packets

SIEM Query:

source="android_system" AND (event_type="kernel_panic" OR event_type="segfault") AND process="network_stack"

📊 Metadata

CVE ID: CVE-2023-35661

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-125

Published: October 11, 2023

Last Updated: November 21, 2024

🔗 References

https://source.android.com/security/bulletin/pixel/2023-10-01 Vendor Advisory
https://source.android.com/security/bulletin/pixel/2023-10-01 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-35661, you might also want to check these: