ASB-A-321326147
See a problem?- Import Source
- https://storage.googleapis.com/android-osv/ASB-A-321326147.json
- JSON Data
- https://api.osv.dev/v1/vulns/ASB-A-321326147
- Aliases
-
- A-321326147
- CVE-2024-31327
- Published
- 2024-06-01T00:00:00Z
- Modified
- 2024-08-07T19:29:25.830181Z
- Summary
- fmq_fuzzer: Unsigned-integer-overflow in android::MessageQueueBase<android::details::AidlMQDescriptorShim, int,
- Details
-
In multiple functions of MessageQueueBase.h, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
- References
Affected packages
Android / platform/system/libfmq
Package
Ecosystem specific
{
"vanir_signatures": [
{
"digest": {
"length": 67.0,
"function_hash": "152908095466554525151767292445838411466"
},
"id": "ASB-A-321326147-b6da29fd",
"source": "https://android.googlesource.com/platform/system/libfmq/+/db9028d6eead72c9cd45da48087ec6d5f1ac9c5a",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "include/fmq/MessageQueueBase.h",
"function": "availableToWriteBytes"
},
"signature_type": "Function"
},
{
"digest": {
"length": 132.0,
"function_hash": "42176836157770431253731899450536067667"
},
"id": "ASB-A-321326147-d833764a",
"source": "https://android.googlesource.com/platform/system/libfmq/+/db9028d6eead72c9cd45da48087ec6d5f1ac9c5a",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "include/fmq/MessageQueueBase.h",
"function": "availableToReadBytes"
},
"signature_type": "Function"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"223300289963335374737942252888573102210",
"18488681837412616122657724577069121117",
"117125899055428656738178779745640830831",
"124740727282001485722438669538694109634",
"26754661951786742350714602196532112434",
"309930484527067763940979091410551508531",
"12256677282735441436613688363205428834",
"296149326157022037812024307966699756893",
"186726450763857558586092957778372274909",
"109017410997082114250456964558342449531"
]
},
"id": "ASB-A-321326147-eecf1aa8",
"source": "https://android.googlesource.com/platform/system/libfmq/+/db9028d6eead72c9cd45da48087ec6d5f1ac9c5a",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "include/fmq/MessageQueueBase.h"
},
"signature_type": "Line"
}
],
"fixes": [
"https://android.googlesource.com/platform/system/libfmq/+/db9028d6eead72c9cd45da48087ec6d5f1ac9c5a"
],
"spl": "2024-06-01",
"severity": "High",
"types": [
"EoP"
]
}
Android / platform/system/libfmq
Package
Ecosystem specific
{
"vanir_signatures": [
{
"digest": {
"length": 67.0,
"function_hash": "152908095466554525151767292445838411466"
},
"id": "ASB-A-321326147-4c2650f1",
"source": "https://android.googlesource.com/platform/system/libfmq/+/af19e0ef034174afd794563552f91303fd9f1529",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "include/fmq/MessageQueueBase.h",
"function": "availableToWriteBytes"
},
"signature_type": "Function"
},
{
"digest": {
"length": 132.0,
"function_hash": "42176836157770431253731899450536067667"
},
"id": "ASB-A-321326147-c7b1ad30",
"source": "https://android.googlesource.com/platform/system/libfmq/+/af19e0ef034174afd794563552f91303fd9f1529",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "include/fmq/MessageQueueBase.h",
"function": "availableToReadBytes"
},
"signature_type": "Function"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"223300289963335374737942252888573102210",
"18488681837412616122657724577069121117",
"117125899055428656738178779745640830831",
"124740727282001485722438669538694109634",
"26754661951786742350714602196532112434",
"309930484527067763940979091410551508531",
"12256677282735441436613688363205428834",
"296149326157022037812024307966699756893",
"186726450763857558586092957778372274909",
"109017410997082114250456964558342449531"
]
},
"id": "ASB-A-321326147-eb5c74d7",
"source": "https://android.googlesource.com/platform/system/libfmq/+/af19e0ef034174afd794563552f91303fd9f1529",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "include/fmq/MessageQueueBase.h"
},
"signature_type": "Line"
}
],
"fixes": [
"https://android.googlesource.com/platform/system/libfmq/+/af19e0ef034174afd794563552f91303fd9f1529"
],
"spl": "2024-06-01",
"severity": "High",
"types": [
"EoP"
]
}
Android / platform/system/libfmq
Package
Ecosystem specific
{
"vanir_signatures": [
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"223300289963335374737942252888573102210",
"18488681837412616122657724577069121117",
"117125899055428656738178779745640830831",
"124740727282001485722438669538694109634",
"26754661951786742350714602196532112434",
"309930484527067763940979091410551508531",
"12256677282735441436613688363205428834",
"296149326157022037812024307966699756893",
"186726450763857558586092957778372274909",
"109017410997082114250456964558342449531"
]
},
"id": "ASB-A-321326147-71cda85e",
"source": "https://android.googlesource.com/platform/system/libfmq/+/b923a7c0d0d25de7b0c9ba7a7c2a3e917819d95a",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "include/fmq/MessageQueueBase.h"
},
"signature_type": "Line"
},
{
"digest": {
"length": 67.0,
"function_hash": "152908095466554525151767292445838411466"
},
"id": "ASB-A-321326147-99698b61",
"source": "https://android.googlesource.com/platform/system/libfmq/+/b923a7c0d0d25de7b0c9ba7a7c2a3e917819d95a",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "include/fmq/MessageQueueBase.h",
"function": "availableToWriteBytes"
},
"signature_type": "Function"
},
{
"digest": {
"length": 132.0,
"function_hash": "42176836157770431253731899450536067667"
},
"id": "ASB-A-321326147-f0af7d31",
"source": "https://android.googlesource.com/platform/system/libfmq/+/b923a7c0d0d25de7b0c9ba7a7c2a3e917819d95a",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "include/fmq/MessageQueueBase.h",
"function": "availableToReadBytes"
},
"signature_type": "Function"
}
],
"fixes": [
"https://android.googlesource.com/platform/system/libfmq/+/b923a7c0d0d25de7b0c9ba7a7c2a3e917819d95a"
],
"spl": "2024-06-01",
"severity": "High",
"types": [
"EoP"
]
}
Android / platform/system/libfmq
Package
Ecosystem specific
{
"vanir_signatures": [
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"223300289963335374737942252888573102210",
"18488681837412616122657724577069121117",
"117125899055428656738178779745640830831",
"124740727282001485722438669538694109634",
"26754661951786742350714602196532112434",
"309930484527067763940979091410551508531",
"12256677282735441436613688363205428834",
"296149326157022037812024307966699756893",
"186726450763857558586092957778372274909",
"109017410997082114250456964558342449531"
]
},
"id": "ASB-A-321326147-54886f13",
"source": "https://android.googlesource.com/platform/system/libfmq/+/050952bf5f9bd035e469ce005300115d563e524a",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "include/fmq/MessageQueueBase.h"
},
"signature_type": "Line"
},
{
"digest": {
"length": 67.0,
"function_hash": "152908095466554525151767292445838411466"
},
"id": "ASB-A-321326147-588489ff",
"source": "https://android.googlesource.com/platform/system/libfmq/+/050952bf5f9bd035e469ce005300115d563e524a",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "include/fmq/MessageQueueBase.h",
"function": "availableToWriteBytes"
},
"signature_type": "Function"
},
{
"digest": {
"length": 132.0,
"function_hash": "42176836157770431253731899450536067667"
},
"id": "ASB-A-321326147-c0375658",
"source": "https://android.googlesource.com/platform/system/libfmq/+/050952bf5f9bd035e469ce005300115d563e524a",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "include/fmq/MessageQueueBase.h",
"function": "availableToReadBytes"
},
"signature_type": "Function"
}
],
"fixes": [
"https://android.googlesource.com/platform/system/libfmq/+/050952bf5f9bd035e469ce005300115d563e524a"
],
"spl": "2024-06-01",
"severity": "High",
"types": [
"EoP"
]
}
Android / platform/system/libfmq
Package
Ecosystem specific
{
"vanir_signatures": [
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"223300289963335374737942252888573102210",
"18488681837412616122657724577069121117",
"117125899055428656738178779745640830831",
"124740727282001485722438669538694109634",
"26754661951786742350714602196532112434",
"309930484527067763940979091410551508531",
"12256677282735441436613688363205428834",
"296149326157022037812024307966699756893",
"186726450763857558586092957778372274909",
"109017410997082114250456964558342449531"
]
},
"id": "ASB-A-321326147-11822135",
"source": "https://android.googlesource.com/platform/system/libfmq/+/da080aa565f0cd1158bde3b8100dc73604959035",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "include/fmq/MessageQueueBase.h"
},
"signature_type": "Line"
},
{
"digest": {
"length": 132.0,
"function_hash": "42176836157770431253731899450536067667"
},
"id": "ASB-A-321326147-6cb18cc9",
"source": "https://android.googlesource.com/platform/system/libfmq/+/da080aa565f0cd1158bde3b8100dc73604959035",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "include/fmq/MessageQueueBase.h",
"function": "availableToReadBytes"
},
"signature_type": "Function"
},
{
"digest": {
"length": 67.0,
"function_hash": "152908095466554525151767292445838411466"
},
"id": "ASB-A-321326147-a76eed42",
"source": "https://android.googlesource.com/platform/system/libfmq/+/da080aa565f0cd1158bde3b8100dc73604959035",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "include/fmq/MessageQueueBase.h",
"function": "availableToWriteBytes"
},
"signature_type": "Function"
}
],
"fixes": [
"https://android.googlesource.com/platform/system/libfmq/+/da080aa565f0cd1158bde3b8100dc73604959035"
],
"spl": "2024-06-01",
"severity": "High",
"types": [
"EoP"
]
}