CVSS 3.1 Score 6.7 of 10 (medium)


Published Oct 11, 2023
Updated: Oct 14, 2023
CWE ID 125


CVE-2023-35654 is a cyber vulnerability that affects the product SjtmR4. It is categorized as CWE-125, which refers to an out-of-bounds read. The vulnerability exists in the ctrl_roi function of stmvl53l1_module.c and is caused by an incorrect bounds check. Exploitation of this vulnerability could result in local escalation of privilege, requiring system execution privileges and not needing any user interaction. The base severity for this vulnerability is rated as MEDIUM, with a base score of 6.7 according to NVD@NIST.GOV. The impact on integrity and confidentiality is rated as HIGH, while the exploitability score is 0.8. This vulnerability poses a potential danger to organizations as it could lead to unauthorized access and compromise sensitive data if left unremediated.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-35654 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options