Login Sign Up

CVE-2023-40100

7.8 HIGH

📋 TL;DR

This vulnerability allows local privilege escalation on Android devices due to memory corruption in DNS64 configuration handling. It affects Android systems with the vulnerable DNS resolver component, potentially enabling attackers to gain elevated privileges without user interaction.

💻 Affected Systems

Products:
  • Android
Versions: Android versions prior to the November 2023 security patch
Operating Systems: Android
Default Config Vulnerable: ⚠️ Yes
Notes: Affects devices with the DNS resolver module; specific versions depend on vendor updates.

📦 What is this software?

Android by Google

View all CVEs affecting Android →

Android by Google

View all CVEs affecting Android →

Android by Google

View all CVEs affecting Android →

Android by Google

View all CVEs affecting Android →

Android by Google

View all CVEs affecting Android →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker gains full system control (root access) on the device, compromising all data and functionality.

🟠

Likely Case

Local privilege escalation leading to unauthorized access to sensitive system resources or data.

🟢

If Mitigated

Limited impact if patched; otherwise, risk persists for unpatched devices.

🌐 Internet-Facing: LOW, as exploitation requires local access to the device.
🏢 Internal Only: HIGH, as it can be exploited by malicious apps or users with physical access.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires local access but no user interaction; memory corruption techniques may be needed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Android security patch level November 2023 or later

Vendor Advisory: https://source.android.com/security/bulletin/2023-11-01

Restart Required: Yes

Instructions:

1. Check for system updates in device settings. 2. Apply the November 2023 Android security patch. 3. Reboot the device after installation.

🔧 Temporary Workarounds

Disable DNS64 if not needed

android

Turn off DNS64 configuration to reduce attack surface, but this may affect IPv6 connectivity.

🧯 If You Can't Patch

  • Restrict app installations to trusted sources only to reduce risk of malicious local exploitation.
  • Monitor device logs for unusual activity related to DNS resolver processes.

🔍 How to Verify

Check if Vulnerable:

Check the Android security patch level in Settings > About phone > Android version; if before November 2023, it may be vulnerable.

Check Version:

Use 'adb shell getprop ro.build.version.security_patch' to check patch level via ADB.

Verify Fix Applied:

Confirm the security patch level is November 2023 or later after applying updates.

📡 Detection & Monitoring

Log Indicators:

  • Unusual crashes or errors in DNS resolver logs (e.g., logcat entries related to Dns64Configuration)

Network Indicators:

  • Abnormal DNS query patterns, though exploitation is local

SIEM Query:

Search for log events containing 'Dns64Configuration' or 'discovery_thread' errors on Android devices.

📊 Metadata

CVE ID: CVE-2023-40100
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-416
Published: February 15, 2024
Last Updated: December 16, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-40100, you might also want to check these:

CVE-2025-24085 10.0

This CVE describes a use-after-free vulnerability (CWE-416) in Apple operating systems that allows m...

Same vulnerability type (CWE-416)
CVE-2024-43102 10.0

This CVE describes a use-after-free vulnerability in FreeBSD's umtx (user mutex) subsystem where con...

Same vulnerability type (CWE-416)
CVE-2021-33796 10.0

CVE-2021-33796 is a use-after-free vulnerability in MuJS's regexp source property access that can le...

Same vulnerability type (CWE-416)