CVE-2023-35685 – CVE-2023-35685 is a use-after-free vulnerabilit... (How to Fix)

Q: What is the severity of CVE-2023-35685?

CVE-2023-35685 has a CVSS score of 7.8 (HIGH). CVE-2023-35685 is a use-after-free vulnerability in the Android kernel's device memory management that allows local attackers to escalate privileges without user interaction. This affects Android devices running vulnerable kernel versions, potentially giving attackers kernel-level access.

📋 TL;DR

CVE-2023-35685 is a use-after-free vulnerability in the Android kernel's device memory management that allows local attackers to escalate privileges without user interaction. This affects Android devices running vulnerable kernel versions, potentially giving attackers kernel-level access.

💻 Affected Systems

Products:

Android

Versions: Android versions with vulnerable kernel implementations (specific versions not publicly detailed)

Operating Systems: Android

Default Config Vulnerable: ⚠️ Yes

Notes: Affects devices with vulnerable kernel implementations of devicemem_server.c; requires local access to exploit.

📦 What is this software?

Android by Google

View all CVEs affecting Android →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with kernel-level access, allowing attackers to install persistent malware, bypass security controls, and access all system resources.

🟠

Likely Case

Local privilege escalation from a limited user or app to root/kernel privileges, enabling data theft, surveillance, or further system exploitation.

🟢

If Mitigated

Limited impact if SELinux/AppArmor policies restrict kernel access, but still significant risk due to kernel-level vulnerability.

🌐 Internet-Facing: LOW

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires local access and kernel exploitation knowledge; no public exploit available as of analysis.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Android security updates from October 2023 onward

Vendor Advisory: https://source.android.com/docs/security/bulletin/2023-10-01

Restart Required: Yes

Instructions:

1. Check for Android security updates in Settings > System > System update. 2. Install available updates. 3. Reboot device to apply kernel patches.

🔧 Temporary Workarounds

Restrict local user access

all

Limit physical and remote local access to vulnerable devices

🧯 If You Can't Patch

Isolate vulnerable devices from critical networks
Implement strict application whitelisting and monitor for privilege escalation attempts

🔍 How to Verify

Check if Vulnerable:

Check Android security patch level in Settings > About phone > Android version. If before October 2023, likely vulnerable.

Check Version:

adb shell getprop ro.build.version.security_patch

Verify Fix Applied:

Verify Android security patch level is October 2023 or later in Settings > About phone.

📡 Detection & Monitoring

Log Indicators:

Kernel panic logs, unusual privilege escalation attempts in audit logs

Network Indicators:

Unusual outbound connections from Android devices post-exploitation

SIEM Query:

source="android_logs" AND (event_type="kernel_panic" OR process="escalation")

📊 Metadata

CVE ID: CVE-2023-35685

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-416

EPSS Score: 0.03% exploit probability (8.1th percentile)

Published: January 8, 2025

Last Updated: January 31, 2025

🔗 References

https://issuetracker.google.com/issues/42420027 Exploit,Mailing List

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-35685, you might also want to check these: