CVE-2024-23697 – This CVE describes a use-after-free vulnerabili... (How to Fix)

Q: What is the severity of CVE-2024-23697?

CVE-2024-23697 has a CVSS score of 7.8 (HIGH). This CVE describes a use-after-free vulnerability in the RGXCreateHWRTData_aux function of rgxta3d.c that allows arbitrary code execution. It enables local privilege escalation to kernel level without requiring additional execution privileges or user interaction. This affects Android devices with vulnerable GPU drivers.

📋 TL;DR

This CVE describes a use-after-free vulnerability in the RGXCreateHWRTData_aux function of rgxta3d.c that allows arbitrary code execution. It enables local privilege escalation to kernel level without requiring additional execution privileges or user interaction. This affects Android devices with vulnerable GPU drivers.

💻 Affected Systems

Products:

Android devices with PowerVR GPU drivers

Versions: Android versions prior to June 2024 security patch

Operating Systems: Android

Default Config Vulnerable: ⚠️ Yes

Notes: Specifically affects devices using PowerVR Rogue GPU architecture. Requires vulnerable GPU driver version.

📦 What is this software?

Android by Google

View all CVEs affecting Android →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with kernel-level code execution, allowing attackers to bypass all security controls, install persistent malware, and access all user data.

🟠

Likely Case

Local privilege escalation from a compromised app to kernel privileges, enabling data theft, surveillance, and further system exploitation.

🟢

If Mitigated

Limited impact if devices are fully patched, have SELinux/AppArmor enforcing strict policies, and run with minimal privileges.

🌐 Internet-Facing: LOW (Requires local access to device, not directly exploitable over network)

🏢 Internal Only: HIGH (Malicious apps or compromised user sessions can exploit this without user interaction)

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires local access but no user interaction. Use-after-free vulnerabilities typically require precise timing and memory manipulation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: June 2024 Android Security Patch or later

Vendor Advisory: https://source.android.com/security/bulletin/2024-06-01

Restart Required: Yes

Instructions:

1. Check for Android system updates in Settings > System > System update. 2. Install June 2024 security patch or later. 3. Reboot device after installation. 4. Verify patch level in Settings > About phone > Android version.

🔧 Temporary Workarounds

Restrict app installations

android

Only install apps from trusted sources like Google Play Store with Play Protect enabled

Enable Google Play Protect

android

Ensure Google Play Protect is active to detect and block malicious apps

🧯 If You Can't Patch

Isolate affected devices from sensitive networks and data
Implement application allowlisting to prevent untrusted app execution

🔍 How to Verify

Check if Vulnerable:

Check Android security patch level in Settings > About phone > Android version. If patch level is before June 2024, device is vulnerable.

Check Version:

adb shell getprop ro.build.version.security_patch

Verify Fix Applied:

Verify Android security patch level shows June 2024 or later in Settings > About phone > Android version.

📡 Detection & Monitoring

Log Indicators:

Kernel panic logs
SELinux/AVC denials related to GPU drivers
Unexpected process privilege escalation

Network Indicators:

Unusual outbound connections from system processes

SIEM Query:

Process: (parent_name: "system_server" OR parent_name: "zygote") AND (current_privileges: "root" OR current_privileges: "kernel")

📊 Metadata

CVE ID: CVE-2024-23697

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-416

Published: July 9, 2024

Last Updated: December 17, 2024

🔗 References

https://source.android.com/security/bulletin/2024-06-01 Vendor Advisory
https://source.android.com/security/bulletin/2024-06-01 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-23697, you might also want to check these: