ASB-A-299123598

Import Source
https://storage.googleapis.com/android-osv/ASB-A-299123598.json
Aliases
  • CVE-2023-4622
Published
2024-05-01T00:00:00Z
Modified
2024-05-20T14:48:26Z
Summary
Linux Kernel Race Condition leads to UAF in Unix Domain Socket and causes LPE in Android
Details

In unixstreamsendpage of af_unix.c, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.

References

Affected packages

Android / :linux_kernel:

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
:0
Fixed
:2024-05-05

Affected versions

Other

Kernel

Ecosystem specific

{
    "fixes": [
        "https://android.googlesource.com/kernel/common/+/e6ed59127c865",
        "https://android.googlesource.com/kernel/common/+/790c2f9d15b59",
        "https://android.googlesource.com/kernel/common/+/84d3e59750bbd",
        "https://android.googlesource.com/kernel/common/+/d39fc9b94dc07"
    ],
    "spl": "2024-05-05",
    "types": [
        "EoP"
    ],
    "severity": "High"
}