Kernelsu
CVE-2023-5521
CRITICAL
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
Incorrect Authorization in GitHub repository tiann/kernelsu prior to v0.6.9.
AnalysisAI
Incorrect Authorization in GitHub repository tiann/kernelsu prior to v0.6.9. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
Technical ContextAI
This vulnerability is classified as Incorrect Authorization (CWE-863), which allows attackers to bypass authorization checks to access restricted resources. Incorrect Authorization in GitHub repository tiann/kernelsu prior to v0.6.9. Affected products include: Kernelsu.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Review and test authorization logic, implement consistent access control checks, use centralized authorization framework.
KernelSU is a Kernel-based root solution for Android devices. Rated medium severity (CVSS 6.7). Public exploit code avai
KernelSU is a Kernel based root solution for Android. Rated medium severity (CVSS 5.7), this vulnerability is low attack
Same weakness CWE-863 – Incorrect Authorization
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today