In multiple functions of af_unix.c, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
{ "vanir_signatures": [ { "digest": { "length": 744.0, "function_hash": "148701938685513132065393457904920098343" }, "id": "ASB-A-342490466-10fbaa7d", "source": "https://android.googlesource.com/kernel/common/+/0e9ee9221f28d842f9d764cf4ce1e600a62470a7", "deprecated": false, "signature_version": "v1", "target": { "file": "net/unix/af_unix.c", "function": "manage_oob" }, "signature_type": "Function" }, { "digest": { "length": 666.0, "function_hash": "161989691304211948289155966666614842311" }, "id": "ASB-A-342490466-19abd8a9", "source": "https://android.googlesource.com/kernel/common/+/30d168eb06cd8bd51d5cbf9c374b8bc6b667d7f6", "deprecated": false, "signature_version": "v1", "target": { "file": "net/unix/af_unix.c", "function": "manage_oob" }, "signature_type": "Function" }, { "digest": { "length": 666.0, "function_hash": "161989691304211948289155966666614842311" }, "id": "ASB-A-342490466-1bf06a10", "source": "https://android.googlesource.com/kernel/common/+/3169d3641a8f6e1c2c61c328d171665c5ec65780", "deprecated": false, "signature_version": "v1", "target": { "file": "net/unix/af_unix.c", "function": "manage_oob" }, "signature_type": "Function" }, { "digest": { "length": 744.0, "function_hash": "148701938685513132065393457904920098343" }, "id": "ASB-A-342490466-1cd780a9", "source": "https://android.googlesource.com/kernel/common/+/5c86c33a36e96a7ef91645d41dd3bf2ece19a8ca", "deprecated": false, "signature_version": "v1", "target": { "file": "net/unix/af_unix.c", "function": "manage_oob" }, "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "12898838854434221361955670346883413761", "281187255283261416937856725587190512647", "237358337270355387388643455243139204321", "167923650163664176006824923318156752123", "247852294358432210813258254439124024580", "179778604200500332107620422529019221081", "66644715695927273793846970684666063534", "294418092756032165720546228699187998862", "212883820182780206171431942048283618298", "269276023515162350051815727144609272241", "225076982735021379131672500614146713985", "334277325818211399534449792333300745147" ] }, "id": "ASB-A-342490466-467eb092", "source": "https://android.googlesource.com/kernel/common/+/5c86c33a36e96a7ef91645d41dd3bf2ece19a8ca", "deprecated": false, "signature_version": "v1", "target": { "file": "net/unix/af_unix.c" }, "signature_type": "Line" }, { "digest": { "threshold": 0.9, "line_hashes": [ "12898838854434221361955670346883413761", "281187255283261416937856725587190512647", "237358337270355387388643455243139204321", "167923650163664176006824923318156752123", "247852294358432210813258254439124024580", "179778604200500332107620422529019221081", "66644715695927273793846970684666063534", "294418092756032165720546228699187998862", "212883820182780206171431942048283618298", "269276023515162350051815727144609272241", "225076982735021379131672500614146713985", "334277325818211399534449792333300745147" ] }, "id": "ASB-A-342490466-5438a90f", "source": "https://android.googlesource.com/kernel/common/+/0e9ee9221f28d842f9d764cf4ce1e600a62470a7", "deprecated": false, "signature_version": "v1", "target": { "file": "net/unix/af_unix.c" }, "signature_type": "Line" }, { "digest": { "length": 3371.0, "function_hash": "60097453978575106304938121352532036748" }, "id": "ASB-A-342490466-5b4b8e90", "source": "https://android.googlesource.com/kernel/common/+/5c86c33a36e96a7ef91645d41dd3bf2ece19a8ca", "deprecated": false, "signature_version": "v1", "target": { "file": "net/unix/af_unix.c", "function": "unix_stream_read_generic" }, "signature_type": "Function" }, { "digest": { "length": 3371.0, "function_hash": "60097453978575106304938121352532036748" }, "id": "ASB-A-342490466-6ad310fc", "source": "https://android.googlesource.com/kernel/common/+/0e9ee9221f28d842f9d764cf4ce1e600a62470a7", "deprecated": false, "signature_version": "v1", "target": { "file": "net/unix/af_unix.c", "function": "unix_stream_read_generic" }, "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "179904369906772442813952687533508936760", "112877094314623297297532108694988313493", "272044055355748369951572805757421426940", "250191847698780052467595274490109004534" ] }, "id": "ASB-A-342490466-8bedfc7a", "source": "https://android.googlesource.com/kernel/common/+/30d168eb06cd8bd51d5cbf9c374b8bc6b667d7f6", "deprecated": false, "signature_version": "v1", "target": { "file": "net/unix/af_unix.c" }, "signature_type": "Line" }, { "digest": { "threshold": 0.9, "line_hashes": [ "179904369906772442813952687533508936760", "112877094314623297297532108694988313493", "272044055355748369951572805757421426940", "250191847698780052467595274490109004534" ] }, "id": "ASB-A-342490466-f71c4b22", "source": "https://android.googlesource.com/kernel/common/+/3169d3641a8f6e1c2c61c328d171665c5ec65780", "deprecated": false, "signature_version": "v1", "target": { "file": "net/unix/af_unix.c" }, "signature_type": "Line" } ], "fixes": [ "https://android.googlesource.com/kernel/common/+/3169d3641a8f6e1c2c61c328d171665c5ec65780", "https://android.googlesource.com/kernel/common/+/5c86c33a36e96a7ef91645d41dd3bf2ece19a8ca", "https://android.googlesource.com/kernel/common/+/685a016cdeac2b7f1d968c6b56e698547976e10d", "https://android.googlesource.com/kernel/common/+/30d168eb06cd8bd51d5cbf9c374b8bc6b667d7f6", "https://android.googlesource.com/kernel/common/+/0e9ee9221f28d842f9d764cf4ce1e600a62470a7", "https://android.googlesource.com/kernel/common/+/de6fb073c606c19695893b874c005741fa4c0f06" ], "spl": "2024-09-05", "severity": "High", "types": [ "EoP" ] }