Use After Free Vulnerability in android_view_InputDevice_create Allows for Local Privilege Escalation

Use After Free Vulnerability in android_view_InputDevice_create Allows for Local Privilege Escalation

CVE-2023-40140 · HIGH Severity

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

In android_view_InputDevice_create of android_view_InputDevice.cpp, there is a possible way to execute arbitrary code due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Learn more about our Cis Benchmark Audit For Google Android.