CVE-2023-46139

CVSS 3.1 Score 5.7 of 10 (medium)

Details

Published Oct 31, 2023
Updated: Nov 14, 2023
CWE ID 863

Summary

CVE-2023-46139 is a vulnerability in KernelSU, a Kernel based root solution for Android. The vulnerability exists in versions 0.6.1 and prior to 0.7.0, and it can be exploited if a device with KernelSU installed is infected with malware that has a specially constructed app signing block. This can allow the attacker to gain root privileges on the device. The issue arises from a flaw in the verification logic that results in the use of an incorrect signature during installation. The vulnerability has been fixed in version 0.7.0 of KernelSU.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-46139 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options