Impact
The vulnerability in intfgraph.c’s IntfGraphCreate function allows an out‑of‑bounds write caused by an integer overflow. This flaw can be exploited to execute arbitrary code without requiring elevated privileges, and it does not need the user to interact with the device. The weakness is classified as integer overflow (CWE‑190) and a buffer overrun (CWE‑787).
Affected Systems
Android devices from Google are affected; the specific components are the kernel module performed by intfgraph.c. No version numbers are listed, so any device that still ships the unpatched code is vulnerable.
Risk and Exploitability
The CVSS score is 8.8, indicating a high severity. The EPSS score is less than 1 %, suggesting a low probability of exploitation in the field, and the vulnerability is not listed in the CISA KEV catalog. The likely attack vector is local or remote depending on whether an attacker can deliver crafted data to the IntfGraphCreate routine; user interaction is not required. Additional privileges are not needed to execute the payload once the overflow occurs.
OpenCVE Enrichment