ASB-A-342490466
See a problem?- Import Source
- https://storage.googleapis.com/android-osv/ASB-A-342490466.json
- JSON Data
- https://api.osv.dev/v1/vulns/ASB-A-342490466
- Aliases
-
- A-342490466
- CVE-2024-36972
- Published
- 2024-09-01T00:00:00Z
- Modified
- 2024-09-05T15:27:10.826666Z
- Summary
- Vulnerability: Local privilege escalation in LTS 6.6.28, COS 109 17800.218.20 (kernelCTF)
- Details
-
In multiple functions of af_unix.c, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
- References
-
- https://source.android.com/security/bulletin/2024-09-01
- https://android.googlesource.com/kernel/common/+/3169d3641a8f6e1c2c61c328d171665c5ec65780
- https://android.googlesource.com/kernel/common/+/5c86c33a36e96a7ef91645d41dd3bf2ece19a8ca
- https://android.googlesource.com/kernel/common/+/685a016cdeac2b7f1d968c6b56e698547976e10d
- https://android.googlesource.com/kernel/common/+/30d168eb06cd8bd51d5cbf9c374b8bc6b667d7f6
- https://android.googlesource.com/kernel/common/+/0e9ee9221f28d842f9d764cf4ce1e600a62470a7
- https://android.googlesource.com/kernel/common/+/de6fb073c606c19695893b874c005741fa4c0f06
Affected packages
Android / :linux_kernel:
Package
- Name
- :linux_kernel:
Ecosystem specific
{
"vanir_signatures": [
{
"digest": {
"length": 744.0,
"function_hash": "148701938685513132065393457904920098343"
},
"id": "ASB-A-342490466-10fbaa7d",
"source": "https://android.googlesource.com/kernel/common/+/0e9ee9221f28d842f9d764cf4ce1e600a62470a7",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "net/unix/af_unix.c",
"function": "manage_oob"
},
"signature_type": "Function"
},
{
"digest": {
"length": 666.0,
"function_hash": "161989691304211948289155966666614842311"
},
"id": "ASB-A-342490466-19abd8a9",
"source": "https://android.googlesource.com/kernel/common/+/30d168eb06cd8bd51d5cbf9c374b8bc6b667d7f6",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "net/unix/af_unix.c",
"function": "manage_oob"
},
"signature_type": "Function"
},
{
"digest": {
"length": 666.0,
"function_hash": "161989691304211948289155966666614842311"
},
"id": "ASB-A-342490466-1bf06a10",
"source": "https://android.googlesource.com/kernel/common/+/3169d3641a8f6e1c2c61c328d171665c5ec65780",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "net/unix/af_unix.c",
"function": "manage_oob"
},
"signature_type": "Function"
},
{
"digest": {
"length": 744.0,
"function_hash": "148701938685513132065393457904920098343"
},
"id": "ASB-A-342490466-1cd780a9",
"source": "https://android.googlesource.com/kernel/common/+/5c86c33a36e96a7ef91645d41dd3bf2ece19a8ca",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "net/unix/af_unix.c",
"function": "manage_oob"
},
"signature_type": "Function"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"12898838854434221361955670346883413761",
"281187255283261416937856725587190512647",
"237358337270355387388643455243139204321",
"167923650163664176006824923318156752123",
"247852294358432210813258254439124024580",
"179778604200500332107620422529019221081",
"66644715695927273793846970684666063534",
"294418092756032165720546228699187998862",
"212883820182780206171431942048283618298",
"269276023515162350051815727144609272241",
"225076982735021379131672500614146713985",
"334277325818211399534449792333300745147"
]
},
"id": "ASB-A-342490466-467eb092",
"source": "https://android.googlesource.com/kernel/common/+/5c86c33a36e96a7ef91645d41dd3bf2ece19a8ca",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "net/unix/af_unix.c"
},
"signature_type": "Line"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"12898838854434221361955670346883413761",
"281187255283261416937856725587190512647",
"237358337270355387388643455243139204321",
"167923650163664176006824923318156752123",
"247852294358432210813258254439124024580",
"179778604200500332107620422529019221081",
"66644715695927273793846970684666063534",
"294418092756032165720546228699187998862",
"212883820182780206171431942048283618298",
"269276023515162350051815727144609272241",
"225076982735021379131672500614146713985",
"334277325818211399534449792333300745147"
]
},
"id": "ASB-A-342490466-5438a90f",
"source": "https://android.googlesource.com/kernel/common/+/0e9ee9221f28d842f9d764cf4ce1e600a62470a7",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "net/unix/af_unix.c"
},
"signature_type": "Line"
},
{
"digest": {
"length": 3371.0,
"function_hash": "60097453978575106304938121352532036748"
},
"id": "ASB-A-342490466-5b4b8e90",
"source": "https://android.googlesource.com/kernel/common/+/5c86c33a36e96a7ef91645d41dd3bf2ece19a8ca",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "net/unix/af_unix.c",
"function": "unix_stream_read_generic"
},
"signature_type": "Function"
},
{
"digest": {
"length": 3371.0,
"function_hash": "60097453978575106304938121352532036748"
},
"id": "ASB-A-342490466-6ad310fc",
"source": "https://android.googlesource.com/kernel/common/+/0e9ee9221f28d842f9d764cf4ce1e600a62470a7",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "net/unix/af_unix.c",
"function": "unix_stream_read_generic"
},
"signature_type": "Function"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"179904369906772442813952687533508936760",
"112877094314623297297532108694988313493",
"272044055355748369951572805757421426940",
"250191847698780052467595274490109004534"
]
},
"id": "ASB-A-342490466-8bedfc7a",
"source": "https://android.googlesource.com/kernel/common/+/30d168eb06cd8bd51d5cbf9c374b8bc6b667d7f6",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "net/unix/af_unix.c"
},
"signature_type": "Line"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"179904369906772442813952687533508936760",
"112877094314623297297532108694988313493",
"272044055355748369951572805757421426940",
"250191847698780052467595274490109004534"
]
},
"id": "ASB-A-342490466-f71c4b22",
"source": "https://android.googlesource.com/kernel/common/+/3169d3641a8f6e1c2c61c328d171665c5ec65780",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "net/unix/af_unix.c"
},
"signature_type": "Line"
}
],
"fixes": [
"https://android.googlesource.com/kernel/common/+/3169d3641a8f6e1c2c61c328d171665c5ec65780",
"https://android.googlesource.com/kernel/common/+/5c86c33a36e96a7ef91645d41dd3bf2ece19a8ca",
"https://android.googlesource.com/kernel/common/+/685a016cdeac2b7f1d968c6b56e698547976e10d",
"https://android.googlesource.com/kernel/common/+/30d168eb06cd8bd51d5cbf9c374b8bc6b667d7f6",
"https://android.googlesource.com/kernel/common/+/0e9ee9221f28d842f9d764cf4ce1e600a62470a7",
"https://android.googlesource.com/kernel/common/+/de6fb073c606c19695893b874c005741fa4c0f06"
],
"spl": "2024-09-05",
"severity": "High",
"types": [
"EoP"
]
}