{"id":"ASB-A-282919145","details":"In GpuService of GpuService.cpp, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-282919145","CVE-2023-40131"],"modified":"2026-04-22T14:59:17.843400Z","published":"2023-10-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2023-10-01"},{"type":"FIX","url":"https://android.googlesource.com/platform/frameworks/native/+/0cda11569dd256ff3220b4fe44f861f8081d7116"}],"affected":[{"package":{"name":"platform/frameworks/native","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"14-next:0"},{"fixed":"14-next:2023-10-01"}]}],"versions":["14-next"],"ecosystem_specific":{"spl":"2023-10-01","types":["EoP"],"fixes":["https://android.googlesource.com/platform/frameworks/native/+/3c00cbc0f119c3f59325aa6d5061529feb58462b"],"severity":"High"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-282919145.json"}},{"package":{"name":"platform/frameworks/native","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12:0"},{"fixed":"12:2023-10-01"}]}],"versions":["12"],"ecosystem_specific":{"spl":"2023-10-01","types":["EoP"],"fixes":["https://android.googlesource.com/platform/frameworks/native/+/24a7874bb4093a1a6721a2002569512c43af5bdc"],"severity":"High"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-282919145.json"}},{"package":{"name":"platform/frameworks/native","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12L:0"},{"fixed":"12L:2023-10-01"}]}],"versions":["12L"],"ecosystem_specific":{"spl":"2023-10-01","types":["EoP"],"fixes":["https://android.googlesource.com/platform/frameworks/native/+/24a7874bb4093a1a6721a2002569512c43af5bdc"],"severity":"High"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-282919145.json"}},{"package":{"name":"platform/frameworks/native","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"13:0"},{"fixed":"13:2023-10-01"}]}],"versions":["13"],"ecosystem_specific":{"spl":"2023-10-01","types":["EoP"],"fixes":["https://android.googlesource.com/platform/frameworks/native/+/7fb707802ee4c667d1ee6065ae2845d835b47aeb"],"severity":"High"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-282919145.json"}}],"schema_version":"1.7.5"}