ASB-A-294609150
See a problem?- Import Source
- https://storage.googleapis.com/android-osv/ASB-A-294609150.json
- JSON Data
- https://api.osv.dev/v1/vulns/ASB-A-294609150
- Aliases
-
- A-294609150
- CVE-2024-0033
- Published
- 2024-02-01T00:00:00Z
- Modified
- 2026-04-17T15:55:28.020024Z
- Summary
- [none]
- Details
-
In multiple functions of ashmem-dev.cpp, there is a possible missing seal due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
- References
Affected packages
Android
platform/frameworks/native
Package
- Name
- platform/frameworks/native
Ecosystem specific
{
"severity": "High",
"fixes": [
"https://android.googlesource.com/platform/frameworks/native/+/3d9f1e3b0a135b784b9ffa0e65d6a699c7ed1f8e"
],
"spl": "2024-02-01",
"vanir_signatures": [
{
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/native/+/3d9f1e3b0a135b784b9ffa0e65d6a699c7ed1f8e",
"target": {
"file": "libs/binder/MemoryHeapBase.cpp"
},
"deprecated": false,
"digest": {
"line_hashes": [
"218321599948717590714487254783163945621",
"45588506461727005894535084985380218720",
"124855805480593868214252434885215660663",
"304130721794607915852323038872467968267",
"323667575840971434249975967998125264912"
],
"threshold": 0.9
},
"signature_type": "Line",
"id": "ASB-A-294609150-58741196"
},
{
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/native/+/3d9f1e3b0a135b784b9ffa0e65d6a699c7ed1f8e",
"target": {
"function": "MemoryHeapBase::MemoryHeapBase",
"file": "libs/binder/MemoryHeapBase.cpp"
},
"deprecated": false,
"digest": {
"function_hash": "187671776888294417156935036257939364166",
"length": 1361.0
},
"signature_type": "Function",
"id": "ASB-A-294609150-fb3091e1"
}
],
"types": [
"EoP"
]
}platform/system/core
Package
- Name
- platform/system/core
Ecosystem specific
{
"severity": "High",
"fixes": [
"https://android.googlesource.com/platform/system/core/+/f83c5c8fecf89d9315945368aa20350c2f235cc0"
],
"spl": "2024-02-01",
"vanir_signatures": [
{
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/system/core/+/f83c5c8fecf89d9315945368aa20350c2f235cc0",
"target": {
"file": "libcutils/ashmem-dev.cpp"
},
"deprecated": false,
"digest": {
"line_hashes": [
"261156310786695644581642584175879933835",
"180811507382681509562895906386789842283",
"207842613690740056545347470374413932687",
"191196209844926916100865936626187733986",
"235807140696617410489558382673550515034",
"162574758249669744246306361414159655520",
"101840385824538227903280020879843624924",
"117185873691115811326861917347887040936",
"324678747457288162797933506071644273953",
"299325987141489419938834652528185645879",
"309801869721460638901119034333604737846",
"73966523449701301462376068364524983548"
],
"threshold": 0.9
},
"signature_type": "Line",
"id": "ASB-A-294609150-6b722d23"
},
{
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/system/core/+/f83c5c8fecf89d9315945368aa20350c2f235cc0",
"target": {
"function": "memfd_set_prot_region",
"file": "libcutils/ashmem-dev.cpp"
},
"deprecated": false,
"digest": {
"function_hash": "113970752469977986086479737717709044364",
"length": 316.0
},
"signature_type": "Function",
"id": "ASB-A-294609150-72f80b7a"
},
{
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/system/core/+/f83c5c8fecf89d9315945368aa20350c2f235cc0",
"target": {
"function": "memfd_create_region",
"file": "libcutils/ashmem-dev.cpp"
},
"deprecated": false,
"digest": {
"function_hash": "291495214528864181825778639720026738285",
"length": 573.0
},
"signature_type": "Function",
"id": "ASB-A-294609150-a175e426"
}
],
"types": [
"EoP"
]
}platform/system/core
Package
- Name
- platform/system/core
Ecosystem specific
{
"severity": "High",
"fixes": [
"https://android.googlesource.com/platform/system/core/+/61a2897733e15a12b7aa2dfd99957e83cbe59351"
],
"spl": "2024-02-01",
"vanir_signatures": [
{
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/system/core/+/61a2897733e15a12b7aa2dfd99957e83cbe59351",
"target": {
"function": "memfd_set_prot_region",
"file": "libcutils/ashmem-dev.cpp"
},
"deprecated": false,
"digest": {
"function_hash": "113970752469977986086479737717709044364",
"length": 316.0
},
"signature_type": "Function",
"id": "ASB-A-294609150-269ceb79"
},
{
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/system/core/+/61a2897733e15a12b7aa2dfd99957e83cbe59351",
"target": {
"file": "libcutils/ashmem-dev.cpp"
},
"deprecated": false,
"digest": {
"line_hashes": [
"261156310786695644581642584175879933835",
"180811507382681509562895906386789842283",
"207842613690740056545347470374413932687",
"191196209844926916100865936626187733986",
"235807140696617410489558382673550515034",
"162574758249669744246306361414159655520",
"101840385824538227903280020879843624924",
"117185873691115811326861917347887040936",
"324678747457288162797933506071644273953",
"299325987141489419938834652528185645879",
"309801869721460638901119034333604737846",
"73966523449701301462376068364524983548"
],
"threshold": 0.9
},
"signature_type": "Line",
"id": "ASB-A-294609150-a701bf38"
},
{
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/system/core/+/61a2897733e15a12b7aa2dfd99957e83cbe59351",
"target": {
"function": "memfd_create_region",
"file": "libcutils/ashmem-dev.cpp"
},
"deprecated": false,
"digest": {
"function_hash": "195215426006106713982080118962166354165",
"length": 559.0
},
"signature_type": "Function",
"id": "ASB-A-294609150-f00b7765"
}
],
"types": [
"EoP"
]
}platform/system/core
Package
- Name
- platform/system/core
Ecosystem specific
{
"severity": "High",
"fixes": [
"https://android.googlesource.com/platform/system/core/+/61a2897733e15a12b7aa2dfd99957e83cbe59351"
],
"spl": "2024-02-01",
"vanir_signatures": [
{
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/system/core/+/61a2897733e15a12b7aa2dfd99957e83cbe59351",
"target": {
"function": "memfd_create_region",
"file": "libcutils/ashmem-dev.cpp"
},
"deprecated": false,
"digest": {
"function_hash": "195215426006106713982080118962166354165",
"length": 559.0
},
"signature_type": "Function",
"id": "ASB-A-294609150-0bced3c9"
},
{
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/system/core/+/61a2897733e15a12b7aa2dfd99957e83cbe59351",
"target": {
"function": "memfd_set_prot_region",
"file": "libcutils/ashmem-dev.cpp"
},
"deprecated": false,
"digest": {
"function_hash": "113970752469977986086479737717709044364",
"length": 316.0
},
"signature_type": "Function",
"id": "ASB-A-294609150-368122f0"
},
{
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/system/core/+/61a2897733e15a12b7aa2dfd99957e83cbe59351",
"target": {
"file": "libcutils/ashmem-dev.cpp"
},
"deprecated": false,
"digest": {
"line_hashes": [
"261156310786695644581642584175879933835",
"180811507382681509562895906386789842283",
"207842613690740056545347470374413932687",
"191196209844926916100865936626187733986",
"235807140696617410489558382673550515034",
"162574758249669744246306361414159655520",
"101840385824538227903280020879843624924",
"117185873691115811326861917347887040936",
"324678747457288162797933506071644273953",
"299325987141489419938834652528185645879",
"309801869721460638901119034333604737846",
"73966523449701301462376068364524983548"
],
"threshold": 0.9
},
"signature_type": "Line",
"id": "ASB-A-294609150-8d7535b2"
}
],
"types": [
"EoP"
]
}platform/system/core
Package
- Name
- platform/system/core
Ecosystem specific
{
"severity": "High",
"fixes": [
"https://android.googlesource.com/platform/system/core/+/61a2897733e15a12b7aa2dfd99957e83cbe59351"
],
"spl": "2024-02-01",
"vanir_signatures": [
{
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/system/core/+/61a2897733e15a12b7aa2dfd99957e83cbe59351",
"target": {
"file": "libcutils/ashmem-dev.cpp"
},
"deprecated": false,
"digest": {
"line_hashes": [
"261156310786695644581642584175879933835",
"180811507382681509562895906386789842283",
"207842613690740056545347470374413932687",
"191196209844926916100865936626187733986",
"235807140696617410489558382673550515034",
"162574758249669744246306361414159655520",
"101840385824538227903280020879843624924",
"117185873691115811326861917347887040936",
"324678747457288162797933506071644273953",
"299325987141489419938834652528185645879",
"309801869721460638901119034333604737846",
"73966523449701301462376068364524983548"
],
"threshold": 0.9
},
"signature_type": "Line",
"id": "ASB-A-294609150-571df3c0"
},
{
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/system/core/+/61a2897733e15a12b7aa2dfd99957e83cbe59351",
"target": {
"function": "memfd_create_region",
"file": "libcutils/ashmem-dev.cpp"
},
"deprecated": false,
"digest": {
"function_hash": "195215426006106713982080118962166354165",
"length": 559.0
},
"signature_type": "Function",
"id": "ASB-A-294609150-b412d294"
},
{
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/system/core/+/61a2897733e15a12b7aa2dfd99957e83cbe59351",
"target": {
"function": "memfd_set_prot_region",
"file": "libcutils/ashmem-dev.cpp"
},
"deprecated": false,
"digest": {
"function_hash": "113970752469977986086479737717709044364",
"length": 316.0
},
"signature_type": "Function",
"id": "ASB-A-294609150-ef4af1bd"
}
],
"types": [
"EoP"
]
}platform/frameworks/native
Package
- Name
- platform/frameworks/native
Ecosystem specific
{
"severity": "High",
"fixes": [
"https://android.googlesource.com/platform/frameworks/native/+/f2c1d9d28083fdcba53f346bba5289e72bc4be49"
],
"spl": "2024-02-01",
"vanir_signatures": [
{
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/native/+/f2c1d9d28083fdcba53f346bba5289e72bc4be49",
"target": {
"file": "libs/binder/MemoryHeapBase.cpp"
},
"deprecated": false,
"digest": {
"line_hashes": [
"218321599948717590714487254783163945621",
"34036627689076654165346954968650927935",
"177528396368070132329863857794330917805",
"135261448792827151031508216050454184951",
"321031115397245363340750465791525223961"
],
"threshold": 0.9
},
"signature_type": "Line",
"id": "ASB-A-294609150-94e818ec"
},
{
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/native/+/f2c1d9d28083fdcba53f346bba5289e72bc4be49",
"target": {
"function": "MemoryHeapBase::MemoryHeapBase",
"file": "libs/binder/MemoryHeapBase.cpp"
},
"deprecated": false,
"digest": {
"function_hash": "167039174744814058412077865357774448779",
"length": 1454.0
},
"signature_type": "Function",
"id": "ASB-A-294609150-ac2ad346"
}
],
"types": [
"EoP"
]
}platform/system/core
Package
- Name
- platform/system/core
Ecosystem specific
{
"severity": "High",
"fixes": [
"https://android.googlesource.com/platform/system/core/+/61a2897733e15a12b7aa2dfd99957e83cbe59351"
],
"spl": "2024-02-01",
"vanir_signatures": [
{
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/system/core/+/61a2897733e15a12b7aa2dfd99957e83cbe59351",
"target": {
"file": "libcutils/ashmem-dev.cpp"
},
"deprecated": false,
"digest": {
"line_hashes": [
"261156310786695644581642584175879933835",
"180811507382681509562895906386789842283",
"207842613690740056545347470374413932687",
"191196209844926916100865936626187733986",
"235807140696617410489558382673550515034",
"162574758249669744246306361414159655520",
"101840385824538227903280020879843624924",
"117185873691115811326861917347887040936",
"324678747457288162797933506071644273953",
"299325987141489419938834652528185645879",
"309801869721460638901119034333604737846",
"73966523449701301462376068364524983548"
],
"threshold": 0.9
},
"signature_type": "Line",
"id": "ASB-A-294609150-5be709b1"
},
{
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/system/core/+/61a2897733e15a12b7aa2dfd99957e83cbe59351",
"target": {
"function": "memfd_create_region",
"file": "libcutils/ashmem-dev.cpp"
},
"deprecated": false,
"digest": {
"function_hash": "195215426006106713982080118962166354165",
"length": 559.0
},
"signature_type": "Function",
"id": "ASB-A-294609150-61680bca"
},
{
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/system/core/+/61a2897733e15a12b7aa2dfd99957e83cbe59351",
"target": {
"function": "memfd_set_prot_region",
"file": "libcutils/ashmem-dev.cpp"
},
"deprecated": false,
"digest": {
"function_hash": "113970752469977986086479737717709044364",
"length": 316.0
},
"signature_type": "Function",
"id": "ASB-A-294609150-6e720e7d"
}
],
"types": [
"EoP"
]
}platform/frameworks/native
Package
- Name
- platform/frameworks/native
Ecosystem specific
{
"severity": "High",
"fixes": [
"https://android.googlesource.com/platform/frameworks/native/+/77b758c59f58a05d1c0d45350796951bc778745f"
],
"spl": "2024-02-01",
"vanir_signatures": [
{
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/native/+/77b758c59f58a05d1c0d45350796951bc778745f",
"target": {
"file": "libs/binder/MemoryHeapBase.cpp"
},
"deprecated": false,
"digest": {
"line_hashes": [
"218321599948717590714487254783163945621",
"45588506461727005894535084985380218720",
"124855805480593868214252434885215660663",
"304130721794607915852323038872467968267",
"323667575840971434249975967998125264912"
],
"threshold": 0.9
},
"signature_type": "Line",
"id": "ASB-A-294609150-3e4f4ab8"
},
{
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/native/+/77b758c59f58a05d1c0d45350796951bc778745f",
"target": {
"function": "MemoryHeapBase::MemoryHeapBase",
"file": "libs/binder/MemoryHeapBase.cpp"
},
"deprecated": false,
"digest": {
"function_hash": "41683057875052563667609673171350457900",
"length": 1343.0
},
"signature_type": "Function",
"id": "ASB-A-294609150-f61a0fb0"
}
],
"types": [
"EoP"
]
}platform/system/core
Package
- Name
- platform/system/core
Ecosystem specific
{
"severity": "High",
"fixes": [
"https://android.googlesource.com/platform/system/core/+/61a2897733e15a12b7aa2dfd99957e83cbe59351"
],
"spl": "2024-02-01",
"vanir_signatures": [
{
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/system/core/+/61a2897733e15a12b7aa2dfd99957e83cbe59351",
"target": {
"file": "libcutils/ashmem-dev.cpp"
},
"deprecated": false,
"digest": {
"line_hashes": [
"261156310786695644581642584175879933835",
"180811507382681509562895906386789842283",
"207842613690740056545347470374413932687",
"191196209844926916100865936626187733986",
"235807140696617410489558382673550515034",
"162574758249669744246306361414159655520",
"101840385824538227903280020879843624924",
"117185873691115811326861917347887040936",
"324678747457288162797933506071644273953",
"299325987141489419938834652528185645879",
"309801869721460638901119034333604737846",
"73966523449701301462376068364524983548"
],
"threshold": 0.9
},
"signature_type": "Line",
"id": "ASB-A-294609150-533436e9"
},
{
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/system/core/+/61a2897733e15a12b7aa2dfd99957e83cbe59351",
"target": {
"function": "memfd_create_region",
"file": "libcutils/ashmem-dev.cpp"
},
"deprecated": false,
"digest": {
"function_hash": "195215426006106713982080118962166354165",
"length": 559.0
},
"signature_type": "Function",
"id": "ASB-A-294609150-803ad71a"
},
{
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/system/core/+/61a2897733e15a12b7aa2dfd99957e83cbe59351",
"target": {
"function": "memfd_set_prot_region",
"file": "libcutils/ashmem-dev.cpp"
},
"deprecated": false,
"digest": {
"function_hash": "113970752469977986086479737717709044364",
"length": 316.0
},
"signature_type": "Function",
"id": "ASB-A-294609150-b5b7a8c1"
}
],
"types": [
"EoP"
]
}