ASB-A-275041864
See a problem?- Import Source
- https://storage.googleapis.com/android-osv/ASB-A-275041864.json
- JSON Data
- https://api.osv.dev/v1/vulns/ASB-A-275041864
- Aliases
-
- A-275041864
- CVE-2023-21255
- Published
- 2023-07-01T00:00:00Z
- Modified
- 2025-07-03T14:49:35.807577Z
- Summary
- [none]
- Details
-
In multiple functions of binder.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
- References
Affected packages
Android / :linux_kernel:
Package
- Name
- :linux_kernel:
Ecosystem specific
{
"spl": "2023-07-05",
"fixes": [
"https://android.googlesource.com/kernel/common/+/1ca1130ec62d"
],
"vanir_signatures": [
{
"signature_version": "v1",
"source": "https://android.googlesource.com/kernel/common/+/1ca1130ec62d",
"signature_type": "Line",
"deprecated": false,
"id": "ASB-A-275041864-1d6cd19e",
"target": {
"file": "drivers/android/binder.c"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"252530102621673318231637335926479342647",
"87192875603400529883008250378785255420",
"159843565326172231007309767080003006051",
"51136168544716794884672869366215500033",
"179673804923126895675067540334846865055",
"150506422259491266854052407338595924401",
"279376322504948356637762812615004606622",
"228186972999333401279920280121456493948",
"305887402727079857180736650126702107646",
"40923539709221891107552011779640203180",
"81192290756696598409291837260332988504",
"262055034741351384338032470421329258447",
"92081050878445695771733973482925951660",
"310829386508172285962237967407939503545",
"64115575920453203466363693101421696325",
"333292109230336727486686548552708909414",
"192560114736391899275650914181802579792",
"98532720046620784477790178791352067211",
"37910882427524754886280449559625828551",
"263519947819166742077849170822022642265",
"299748562350714225964294965988860959464",
"17475403224302800134938502453952523914",
"152169479100245268169514822601509725096",
"190681293642304026710783929617918540100",
"109755974159534571600599633204475863410",
"12729838988437282039661691163486572406",
"70011498989022892104521938610654535583",
"235463455810039749781411056914898646558",
"91033220132228591031135005506605760636"
]
}
},
{
"signature_version": "v1",
"source": "https://android.googlesource.com/kernel/common/+/1ca1130ec62d",
"signature_type": "Function",
"deprecated": false,
"id": "ASB-A-275041864-42b77ec3",
"target": {
"function": "binder_free_buf",
"file": "drivers/android/binder.c"
},
"digest": {
"function_hash": "19363558258063083983609037154046116417",
"length": 746.0
}
},
{
"signature_version": "v1",
"source": "https://android.googlesource.com/kernel/common/+/1ca1130ec62d",
"signature_type": "Function",
"deprecated": false,
"id": "ASB-A-275041864-9b39f865",
"target": {
"function": "binder_proc_transaction",
"file": "drivers/android/binder.c"
},
"digest": {
"function_hash": "202011936234455134374258078814169708467",
"length": 1829.0
}
},
{
"signature_version": "v1",
"source": "https://android.googlesource.com/kernel/common/+/1ca1130ec62d",
"signature_type": "Function",
"deprecated": false,
"id": "ASB-A-275041864-fc175b07",
"target": {
"function": "binder_transaction_buffer_release",
"file": "drivers/android/binder.c"
},
"digest": {
"function_hash": "99493580659905654752352877261084134034",
"length": 3241.0
}
}
],
"severity": "High",
"types": [
"EoP"
]
}