ASB-A-319081336
See a problem?- Import Source
- https://storage.googleapis.com/android-osv/ASB-A-319081336.json
- JSON Data
- https://api.osv.dev/v1/vulns/ASB-A-319081336
- Aliases
-
- A-319081336
- CVE-2024-34720
- Published
- 2024-07-01T00:00:00Z
- Modified
- 2025-07-04T14:49:55.829990Z
- Summary
- [none]
- Details
-
In comandroidinternalosZygoteCommandBuffernativeForkRepeatedly of comandroidinternalos_ZygoteCommandBuffer.cpp, there is a possible method to perform arbitrary code execution in any app zygote processes due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
- References
Affected packages
Android / platform/frameworks/base
Package
Ecosystem specific
{
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/2ffc7cb220e4220b7e108c4043a3f0f2a85b6508"
],
"severity": "High",
"types": [
"EoP"
],
"spl": "2024-07-01",
"vanir_signatures": [
{
"target": {
"file": "core/jni/com_android_internal_os_ZygoteCommandBuffer.cpp"
},
"id": "ASB-A-319081336-51d540c9",
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"317233240326962103783385498755210420644",
"296667423886080615774550624209922421692",
"129960923227401362471093630573144279385",
"304172353776351389658884063083076523496",
"131872770965685154304502767829282250150",
"13824084930839371983762313109050624911",
"102627928074578630481165444809187618685",
"212917782405818034291743181298644256896",
"181936017352609397951073957723477062822",
"143470586625561298798199161157744287304",
"240446822133205767205712066697184985115",
"191685735335389930931448864934875632507",
"142106533339130824250475574150115034815",
"179675932057390629507016689397984118831",
"121460145586448302935282469884880198161",
"118897914026303112685523695703207452453",
"236354956869195670265777518040714003523",
"141452989353769876823270364516024846615",
"164578169460615367963344045338738268586",
"156850524629508349936041049715448427553",
"106091340302204710101684553389160528276",
"307159503741182151027791641757576113768",
"258151654653339928105850517610937582973",
"227831871290937760222265868007589373043",
"319741763726740516498334478655628845592",
"192499861258759845775090291670176985420",
"104365902721422811994148020088195838191",
"303388611646501293828267766437485685261",
"142721887958619895696664436841583325699",
"216963113424742529903608073011951637841",
"108244429092477133895134348028163617127",
"143917490582115337617262660209212378884",
"191652902911526587007866034096317885480",
"238073377692551404598449002651844110628",
"17615070987619399705353470778677118342",
"24639758249775324052182122198604942384",
"149253339903057985782503761594761208209",
"69342173929232291754317661286234341701",
"22732299344906296769031950774336152138",
"109507797160542994670257505215963696714",
"33727660859786154492514829642146997502",
"144220918641353379439856716593288165611",
"130754457846632833318495729362940082166",
"311507550749207462709854891205278632068",
"338359760086957921898478425767185929628",
"308057727047611294486335222965692051701",
"174367054006951318622709003250225681688",
"80424798898436142819700872394467518595",
"14990719072357954161935746479306405644",
"88475019087682199446899708018521736332",
"12746713889735369502899478048515868176"
]
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/2ffc7cb220e4220b7e108c4043a3f0f2a85b6508",
"signature_type": "Line",
"signature_version": "v1"
},
{
"target": {
"file": "core/java/com/android/internal/os/ZygoteConnection.java"
},
"id": "ASB-A-319081336-81d19f33",
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"175925776855749280662474255163233462320",
"57653288809250709138837272661559963770",
"321282934198361304589970067257563743053"
]
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/2ffc7cb220e4220b7e108c4043a3f0f2a85b6508",
"signature_type": "Line",
"signature_version": "v1"
},
{
"target": {
"file": "core/jni/com_android_internal_os_ZygoteCommandBuffer.cpp",
"function": "com_android_internal_os_ZygoteCommandBuffer_nativeForkRepeatedly"
},
"id": "ASB-A-319081336-9f4e5272",
"deprecated": false,
"digest": {
"function_hash": "252853064456516822569561543412316875290",
"length": 3705.0
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/2ffc7cb220e4220b7e108c4043a3f0f2a85b6508",
"signature_type": "Function",
"signature_version": "v1"
},
{
"target": {
"file": "core/java/com/android/internal/os/ZygoteConnection.java",
"function": "ZygoteConnection"
},
"id": "ASB-A-319081336-fee26a3a",
"deprecated": false,
"digest": {
"function_hash": "10780509860466616852010073818185046546",
"length": 371.0
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/2ffc7cb220e4220b7e108c4043a3f0f2a85b6508",
"signature_type": "Function",
"signature_version": "v1"
}
]
}
Android / platform/frameworks/base
Package
Ecosystem specific
{
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/e397fd3d20c3f409311e411387ec1524ccecf085"
],
"severity": "High",
"types": [
"EoP"
],
"spl": "2024-07-01",
"vanir_signatures": [
{
"target": {
"file": "core/java/com/android/internal/os/ZygoteConnection.java"
},
"id": "ASB-A-319081336-01e009d9",
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"175925776855749280662474255163233462320",
"57653288809250709138837272661559963770",
"321282934198361304589970067257563743053"
]
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/e397fd3d20c3f409311e411387ec1524ccecf085",
"signature_type": "Line",
"signature_version": "v1"
},
{
"target": {
"file": "core/java/com/android/internal/os/ZygoteConnection.java",
"function": "ZygoteConnection"
},
"id": "ASB-A-319081336-3c15d13f",
"deprecated": false,
"digest": {
"function_hash": "10780509860466616852010073818185046546",
"length": 371.0
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/e397fd3d20c3f409311e411387ec1524ccecf085",
"signature_type": "Function",
"signature_version": "v1"
},
{
"target": {
"file": "core/jni/com_android_internal_os_ZygoteCommandBuffer.cpp"
},
"id": "ASB-A-319081336-5207b073",
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"317233240326962103783385498755210420644",
"296667423886080615774550624209922421692",
"129960923227401362471093630573144279385",
"304172353776351389658884063083076523496",
"131872770965685154304502767829282250150",
"13824084930839371983762313109050624911",
"102627928074578630481165444809187618685",
"5659273744916597745673758373358935939",
"8454437843820904117148902795166399911",
"339256820438220454513388609208289533199",
"282885346148124905769032779509287811805",
"108562414649489750360654242104747262370",
"82457752288454104992941837079639389495",
"119217477883469227992815259889969073435",
"160299110023525824055677196912727947608",
"236354956869195670265777518040714003523",
"141452989353769876823270364516024846615",
"34297168247109333827089179858277712667",
"250601035972178309186197961840655205030",
"169251440979766861289147893384586547824",
"291691221036455712275335983231371916590",
"314738494480226914459393766577186595693",
"258151654653339928105850517610937582973",
"227831871290937760222265868007589373043",
"319741763726740516498334478655628845592",
"192499861258759845775090291670176985420",
"104365902721422811994148020088195838191",
"303388611646501293828267766437485685261",
"142721887958619895696664436841583325699",
"216963113424742529903608073011951637841",
"108244429092477133895134348028163617127",
"143917490582115337617262660209212378884",
"191652902911526587007866034096317885480",
"238073377692551404598449002651844110628",
"17615070987619399705353470778677118342",
"24639758249775324052182122198604942384",
"149253339903057985782503761594761208209",
"69342173929232291754317661286234341701",
"22732299344906296769031950774336152138",
"109507797160542994670257505215963696714",
"33727660859786154492514829642146997502",
"144220918641353379439856716593288165611",
"130754457846632833318495729362940082166",
"311507550749207462709854891205278632068",
"338359760086957921898478425767185929628",
"308057727047611294486335222965692051701",
"174367054006951318622709003250225681688",
"80424798898436142819700872394467518595",
"14990719072357954161935746479306405644",
"88475019087682199446899708018521736332",
"12746713889735369502899478048515868176"
]
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/e397fd3d20c3f409311e411387ec1524ccecf085",
"signature_type": "Line",
"signature_version": "v1"
},
{
"target": {
"file": "core/jni/com_android_internal_os_ZygoteCommandBuffer.cpp",
"function": "com_android_internal_os_ZygoteCommandBuffer_nativeForkRepeatedly"
},
"id": "ASB-A-319081336-98e24749",
"deprecated": false,
"digest": {
"function_hash": "242106198165723353330994485941128869127",
"length": 3515.0
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/e397fd3d20c3f409311e411387ec1524ccecf085",
"signature_type": "Function",
"signature_version": "v1"
}
]
}
Android / platform/frameworks/base
Package
Ecosystem specific
{
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/e397fd3d20c3f409311e411387ec1524ccecf085"
],
"severity": "High",
"types": [
"EoP"
],
"spl": "2024-07-01",
"vanir_signatures": [
{
"target": {
"file": "core/java/com/android/internal/os/ZygoteConnection.java"
},
"id": "ASB-A-319081336-2a2ca092",
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"175925776855749280662474255163233462320",
"57653288809250709138837272661559963770",
"321282934198361304589970067257563743053"
]
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/e397fd3d20c3f409311e411387ec1524ccecf085",
"signature_type": "Line",
"signature_version": "v1"
},
{
"target": {
"file": "core/java/com/android/internal/os/ZygoteConnection.java",
"function": "ZygoteConnection"
},
"id": "ASB-A-319081336-b11fd481",
"deprecated": false,
"digest": {
"function_hash": "10780509860466616852010073818185046546",
"length": 371.0
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/e397fd3d20c3f409311e411387ec1524ccecf085",
"signature_type": "Function",
"signature_version": "v1"
},
{
"target": {
"file": "core/jni/com_android_internal_os_ZygoteCommandBuffer.cpp",
"function": "com_android_internal_os_ZygoteCommandBuffer_nativeForkRepeatedly"
},
"id": "ASB-A-319081336-b4db0f9f",
"deprecated": false,
"digest": {
"function_hash": "242106198165723353330994485941128869127",
"length": 3515.0
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/e397fd3d20c3f409311e411387ec1524ccecf085",
"signature_type": "Function",
"signature_version": "v1"
},
{
"target": {
"file": "core/jni/com_android_internal_os_ZygoteCommandBuffer.cpp"
},
"id": "ASB-A-319081336-fef61f15",
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"317233240326962103783385498755210420644",
"296667423886080615774550624209922421692",
"129960923227401362471093630573144279385",
"304172353776351389658884063083076523496",
"131872770965685154304502767829282250150",
"13824084930839371983762313109050624911",
"102627928074578630481165444809187618685",
"5659273744916597745673758373358935939",
"8454437843820904117148902795166399911",
"339256820438220454513388609208289533199",
"282885346148124905769032779509287811805",
"108562414649489750360654242104747262370",
"82457752288454104992941837079639389495",
"119217477883469227992815259889969073435",
"160299110023525824055677196912727947608",
"236354956869195670265777518040714003523",
"141452989353769876823270364516024846615",
"34297168247109333827089179858277712667",
"250601035972178309186197961840655205030",
"169251440979766861289147893384586547824",
"291691221036455712275335983231371916590",
"314738494480226914459393766577186595693",
"258151654653339928105850517610937582973",
"227831871290937760222265868007589373043",
"319741763726740516498334478655628845592",
"192499861258759845775090291670176985420",
"104365902721422811994148020088195838191",
"303388611646501293828267766437485685261",
"142721887958619895696664436841583325699",
"216963113424742529903608073011951637841",
"108244429092477133895134348028163617127",
"143917490582115337617262660209212378884",
"191652902911526587007866034096317885480",
"238073377692551404598449002651844110628",
"17615070987619399705353470778677118342",
"24639758249775324052182122198604942384",
"149253339903057985782503761594761208209",
"69342173929232291754317661286234341701",
"22732299344906296769031950774336152138",
"109507797160542994670257505215963696714",
"33727660859786154492514829642146997502",
"144220918641353379439856716593288165611",
"130754457846632833318495729362940082166",
"311507550749207462709854891205278632068",
"338359760086957921898478425767185929628",
"308057727047611294486335222965692051701",
"174367054006951318622709003250225681688",
"80424798898436142819700872394467518595",
"14990719072357954161935746479306405644",
"88475019087682199446899708018521736332",
"12746713889735369502899478048515868176"
]
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/e397fd3d20c3f409311e411387ec1524ccecf085",
"signature_type": "Line",
"signature_version": "v1"
}
]
}
Android / platform/frameworks/base
Package
Ecosystem specific
{
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/f1d4b34ad51b6ccb84ab042486923da8b2451e0f"
],
"severity": "High",
"types": [
"EoP"
],
"spl": "2024-07-01",
"vanir_signatures": [
{
"target": {
"file": "core/jni/com_android_internal_os_ZygoteCommandBuffer.cpp"
},
"id": "ASB-A-319081336-6dd2ed64",
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"317233240326962103783385498755210420644",
"296667423886080615774550624209922421692",
"129960923227401362471093630573144279385",
"304172353776351389658884063083076523496",
"131872770965685154304502767829282250150",
"13824084930839371983762313109050624911",
"102627928074578630481165444809187618685",
"212917782405818034291743181298644256896",
"181936017352609397951073957723477062822",
"143470586625561298798199161157744287304",
"240446822133205767205712066697184985115",
"191685735335389930931448864934875632507",
"108562414649489750360654242104747262370",
"82457752288454104992941837079639389495",
"119217477883469227992815259889969073435",
"160299110023525824055677196912727947608",
"236354956869195670265777518040714003523",
"141452989353769876823270364516024846615",
"34297168247109333827089179858277712667",
"250601035972178309186197961840655205030",
"169251440979766861289147893384586547824",
"291691221036455712275335983231371916590",
"314738494480226914459393766577186595693",
"258151654653339928105850517610937582973",
"227831871290937760222265868007589373043",
"319741763726740516498334478655628845592",
"192499861258759845775090291670176985420",
"104365902721422811994148020088195838191",
"303388611646501293828267766437485685261",
"142721887958619895696664436841583325699",
"216963113424742529903608073011951637841",
"108244429092477133895134348028163617127",
"143917490582115337617262660209212378884",
"191652902911526587007866034096317885480",
"238073377692551404598449002651844110628",
"17615070987619399705353470778677118342",
"24639758249775324052182122198604942384",
"149253339903057985782503761594761208209",
"69342173929232291754317661286234341701",
"22732299344906296769031950774336152138",
"109507797160542994670257505215963696714",
"33727660859786154492514829642146997502",
"144220918641353379439856716593288165611",
"130754457846632833318495729362940082166",
"311507550749207462709854891205278632068",
"338359760086957921898478425767185929628",
"308057727047611294486335222965692051701",
"174367054006951318622709003250225681688",
"80424798898436142819700872394467518595",
"14990719072357954161935746479306405644",
"88475019087682199446899708018521736332",
"12746713889735369502899478048515868176"
]
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/f1d4b34ad51b6ccb84ab042486923da8b2451e0f",
"signature_type": "Line",
"signature_version": "v1"
},
{
"target": {
"file": "core/jni/com_android_internal_os_ZygoteCommandBuffer.cpp",
"function": "com_android_internal_os_ZygoteCommandBuffer_nativeForkRepeatedly"
},
"id": "ASB-A-319081336-7a889e6b",
"deprecated": false,
"digest": {
"function_hash": "119699853986043324337276296617717304736",
"length": 3581.0
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/f1d4b34ad51b6ccb84ab042486923da8b2451e0f",
"signature_type": "Function",
"signature_version": "v1"
},
{
"target": {
"file": "core/java/com/android/internal/os/ZygoteConnection.java",
"function": "ZygoteConnection"
},
"id": "ASB-A-319081336-bc44d958",
"deprecated": false,
"digest": {
"function_hash": "10780509860466616852010073818185046546",
"length": 371.0
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/f1d4b34ad51b6ccb84ab042486923da8b2451e0f",
"signature_type": "Function",
"signature_version": "v1"
},
{
"target": {
"file": "core/java/com/android/internal/os/ZygoteConnection.java"
},
"id": "ASB-A-319081336-d834c6bb",
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"175925776855749280662474255163233462320",
"57653288809250709138837272661559963770",
"321282934198361304589970067257563743053"
]
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/f1d4b34ad51b6ccb84ab042486923da8b2451e0f",
"signature_type": "Line",
"signature_version": "v1"
}
]
}
Android / platform/frameworks/base
Package
Ecosystem specific
{
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/e4b3ba817073b66ee37da8f1aba93b345309b435"
],
"severity": "High",
"types": [
"EoP"
],
"spl": "2024-07-01",
"vanir_signatures": [
{
"target": {
"file": "core/jni/com_android_internal_os_ZygoteCommandBuffer.cpp"
},
"id": "ASB-A-319081336-4937e03d",
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"317233240326962103783385498755210420644",
"296667423886080615774550624209922421692",
"129960923227401362471093630573144279385",
"304172353776351389658884063083076523496",
"131872770965685154304502767829282250150",
"13824084930839371983762313109050624911",
"102627928074578630481165444809187618685",
"212917782405818034291743181298644256896",
"181936017352609397951073957723477062822",
"143470586625561298798199161157744287304",
"240446822133205767205712066697184985115",
"191685735335389930931448864934875632507",
"108562414649489750360654242104747262370",
"82457752288454104992941837079639389495",
"119217477883469227992815259889969073435",
"160299110023525824055677196912727947608",
"236354956869195670265777518040714003523",
"141452989353769876823270364516024846615",
"34297168247109333827089179858277712667",
"250601035972178309186197961840655205030",
"169251440979766861289147893384586547824",
"291691221036455712275335983231371916590",
"314738494480226914459393766577186595693",
"258151654653339928105850517610937582973",
"227831871290937760222265868007589373043",
"319741763726740516498334478655628845592",
"192499861258759845775090291670176985420",
"104365902721422811994148020088195838191",
"303388611646501293828267766437485685261",
"142721887958619895696664436841583325699",
"216963113424742529903608073011951637841",
"108244429092477133895134348028163617127",
"143917490582115337617262660209212378884",
"191652902911526587007866034096317885480",
"238073377692551404598449002651844110628",
"17615070987619399705353470778677118342",
"24639758249775324052182122198604942384",
"149253339903057985782503761594761208209",
"69342173929232291754317661286234341701",
"22732299344906296769031950774336152138",
"109507797160542994670257505215963696714",
"33727660859786154492514829642146997502",
"144220918641353379439856716593288165611",
"130754457846632833318495729362940082166",
"311507550749207462709854891205278632068",
"338359760086957921898478425767185929628",
"308057727047611294486335222965692051701",
"174367054006951318622709003250225681688",
"80424798898436142819700872394467518595",
"14990719072357954161935746479306405644",
"88475019087682199446899708018521736332",
"12746713889735369502899478048515868176"
]
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/e4b3ba817073b66ee37da8f1aba93b345309b435",
"signature_type": "Line",
"signature_version": "v1"
},
{
"target": {
"file": "core/java/com/android/internal/os/ZygoteConnection.java"
},
"id": "ASB-A-319081336-543254a6",
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"175925776855749280662474255163233462320",
"57653288809250709138837272661559963770",
"321282934198361304589970067257563743053"
]
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/e4b3ba817073b66ee37da8f1aba93b345309b435",
"signature_type": "Line",
"signature_version": "v1"
},
{
"target": {
"file": "core/java/com/android/internal/os/ZygoteConnection.java",
"function": "ZygoteConnection"
},
"id": "ASB-A-319081336-614ec153",
"deprecated": false,
"digest": {
"function_hash": "10780509860466616852010073818185046546",
"length": 371.0
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/e4b3ba817073b66ee37da8f1aba93b345309b435",
"signature_type": "Function",
"signature_version": "v1"
},
{
"target": {
"file": "core/jni/com_android_internal_os_ZygoteCommandBuffer.cpp",
"function": "com_android_internal_os_ZygoteCommandBuffer_nativeForkRepeatedly"
},
"id": "ASB-A-319081336-a4648716",
"deprecated": false,
"digest": {
"function_hash": "119699853986043324337276296617717304736",
"length": 3581.0
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/e4b3ba817073b66ee37da8f1aba93b345309b435",
"signature_type": "Function",
"signature_version": "v1"
}
]
}