ASB-A-319081336

See a problem?

Import Source

https://storage.googleapis.com/android-osv/ASB-A-319081336.json

JSON Data

https://api.osv.dev/v1/vulns/ASB-A-319081336

Aliases

A-319081336
CVE-2024-34720

Published

2024-07-01T00:00:00Z

Modified

2024-08-07T19:30:05.912577Z

Summary

Code execution in Chrome isolated service processes

Details

In comandroidinternalosZygoteCommandBuffernativeForkRepeatedly of comandroidinternalos_ZygoteCommandBuffer.cpp, there is a possible method to perform arbitrary code execution in any app zygote processes due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

References

Affected packages

Android / platform/frameworks/base

Package

Name: platform/frameworks/base

Affected ranges

Type: ECOSYSTEM
Events: Introduced

14-next:0

Fixed

14-next:2024-07-01

Affected versions

Other

14-next

Ecosystem specific

{
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/2ffc7cb220e4220b7e108c4043a3f0f2a85b6508"
    ],
    "spl": "2024-07-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}

Android / platform/frameworks/base

Package

Name: platform/frameworks/base

Affected ranges

Type: ECOSYSTEM
Events: Introduced

12:0

Fixed

12:2024-07-01

Affected versions

Other

Ecosystem specific

{
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/e397fd3d20c3f409311e411387ec1524ccecf085"
    ],
    "spl": "2024-07-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}

Android / platform/frameworks/base

Package

Name: platform/frameworks/base

Affected ranges

Type: ECOSYSTEM
Events: Introduced

12L:0

Fixed

12L:2024-07-01

Affected versions

Other

12L

Ecosystem specific

{
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/e397fd3d20c3f409311e411387ec1524ccecf085"
    ],
    "spl": "2024-07-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}

Android / platform/frameworks/base

Package

Name: platform/frameworks/base

Affected ranges

Type: ECOSYSTEM
Events: Introduced

13:0

Fixed

13:2024-07-01

Affected versions

Other

Ecosystem specific

{
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/f1d4b34ad51b6ccb84ab042486923da8b2451e0f"
    ],
    "spl": "2024-07-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}

Android / platform/frameworks/base

Package

Name: platform/frameworks/base

Affected ranges

Type: ECOSYSTEM
Events: Introduced

14:0

Fixed

14:2024-07-01

Affected versions

Other

Ecosystem specific

{
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/e4b3ba817073b66ee37da8f1aba93b345309b435"
    ],
    "spl": "2024-07-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}