ASB-A-299123598
See a problem?- Import Source
- https://storage.googleapis.com/android-osv/ASB-A-299123598.json
- JSON Data
- https://api.osv.dev/v1/vulns/ASB-A-299123598
- Aliases
-
- CVE-2023-4622
- Published
- 2024-05-01T00:00:00Z
- Modified
- 2024-07-26T15:05:34Z
- Summary
- Linux Kernel Race Condition leads to UAF in Unix Domain Socket and causes LPE in Android
- Details
-
In unixstreamsendpage of af_unix.c, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.
- References
-
- https://source.android.com/security/bulletin/2024-05-01
- https://android.googlesource.com/kernel/common/+/e6ed59127c865
- https://android.googlesource.com/kernel/common/+/790c2f9d15b59
- https://android.googlesource.com/kernel/common/+/84d3e59750bbd
- https://android.googlesource.com/kernel/common/+/d39fc9b94dc07
Affected packages
Android / :linux_kernel:
Package
- Name
- :linux_kernel:
Ecosystem specific
{
"fixes": [
"https://android.googlesource.com/kernel/common/+/e6ed59127c865",
"https://android.googlesource.com/kernel/common/+/790c2f9d15b59",
"https://android.googlesource.com/kernel/common/+/84d3e59750bbd",
"https://android.googlesource.com/kernel/common/+/d39fc9b94dc07"
],
"spl": "2024-05-05",
"types": [
"EoP"
],
"severity": "High"
}