ASB-A-377672115
See a problem?- Import Source
- https://storage.googleapis.com/android-osv/ASB-A-377672115.json
- JSON Data
- https://api.osv.dev/v1/vulns/ASB-A-377672115
- Aliases
-
- A-377672115
- CVE-2025-0088
- Published
- 2025-02-01T00:00:00Z
- Modified
- 2026-04-21T15:25:42.831358Z
- Summary
- [none]
- Details
-
In multiple functions of mremap.c, there is a possible use-after-free scenario in physical memory due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
- References
Affected packages
Android / :linux_kernel:
Package
- Name
- :linux_kernel:
Ecosystem specific
{
"vanir_signatures": [
{
"digest": {
"length": 64.0,
"function_hash": "89005354327067945853519684375956017931"
},
"id": "ASB-A-377672115-029c703d",
"deprecated": true,
"signature_version": "v1",
"signature_type": "Function",
"source": "https://android.googlesource.com/kernel/common/+/f913f0123e6cff4dbc7c1e17d13b7a59a54475d2",
"target": {
"function": "trylock_vma_ref_count",
"file": "mm/mremap.c"
}
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"42797392494937158650355481991368978824",
"70578576587602961694043132551032985367",
"85871555903152038420517338934574066290",
"40300584947028607554305810739097275190",
"5426035947856368807581366380697496740",
"200506263781036578600989206180812294133",
"15988042282469977785253196155781412501",
"294170071576911363250042612665746903356",
"302022995094002775671732453889410562132",
"65785686690648809501617130737915359820",
"36324807517991436534608711174707398036",
"226640338742035864286972555826839567618",
"21069059154758008581973228760411561663",
"286318326631406340822087157363773349524",
"144699475404878957895704382154986588803",
"103283450558503344446433029724229318601",
"20219912921545860973126733485099336288",
"152344660179782338041864422653054914033",
"79927287083165520605533684903091717403",
"109340300148154360881385519137722313356",
"233104647185192125873695363470633481807",
"326876978524968313354133912895249077900",
"137557750825714246603947329889087201491",
"32233292796026853021320626533547726959",
"151222702089990596386662302705211747106",
"59301673601804744060000440212161599677",
"158003781017385672081172246064266535284",
"242258502374602303592760094049820635622",
"293222593432051175845947980341807992850",
"71122669304717087107267440898460425128",
"172520243452005976952658450047634595548",
"137586252339255593434059259461491086792",
"237248396711025993060957199662747119659",
"317771891073009677934926914300591273159",
"129480203548215297214611732029116557364",
"182936738225258363469159966706209988930",
"139535717722966595369526164561184409854",
"164210822877810058603443836170701940110",
"203085823583401697181528265146254406453",
"180067813262619704111519734352372418009",
"35528738709137646220385954203694285999",
"211376103467546214143520485085571929348",
"106682404611858104925717942904879551543",
"324131300247421353052654732280695566387",
"324862420182178577650750048117105568843",
"1228260130139878720329556233712426866",
"274284880338793595387743666369373837552",
"128738172722948940816731002079111712949",
"181781043165796458705912316752845643911",
"132611154650509369931928959445614052019",
"88161700639814895559913947043776269841",
"81625688981858205294951127328772885772",
"180067813262619704111519734352372418009",
"35528738709137646220385954203694285999",
"211376103467546214143520485085571929348",
"106682404611858104925717942904879551543"
]
},
"id": "ASB-A-377672115-0c85309b",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"source": "https://android.googlesource.com/kernel/common/+/bce004fba8be9e1bb575301f398b3ecc27ba42de",
"target": {
"file": "mm/mremap.c"
}
},
{
"digest": {
"length": 721.0,
"function_hash": "161154478247790485708517161515094541607"
},
"id": "ASB-A-377672115-2231cc1b",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"source": "https://android.googlesource.com/kernel/common/+/bce004fba8be9e1bb575301f398b3ecc27ba42de",
"target": {
"function": "move_normal_pud",
"file": "mm/mremap.c"
}
},
{
"digest": {
"length": 721.0,
"function_hash": "53041499849613438495804034995043984480"
},
"id": "ASB-A-377672115-2928c2c0",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"source": "https://android.googlesource.com/kernel/common/+/f913f0123e6cff4dbc7c1e17d13b7a59a54475d2",
"target": {
"function": "move_normal_pmd",
"file": "mm/mremap.c"
}
},
{
"digest": {
"length": 721.0,
"function_hash": "161154478247790485708517161515094541607"
},
"id": "ASB-A-377672115-2d2ed8c0",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"source": "https://android.googlesource.com/kernel/common/+/f913f0123e6cff4dbc7c1e17d13b7a59a54475d2",
"target": {
"function": "move_normal_pud",
"file": "mm/mremap.c"
}
},
{
"digest": {
"length": 141.0,
"function_hash": "242559038692532997653264190517254022438"
},
"id": "ASB-A-377672115-37b76e4d",
"deprecated": true,
"signature_version": "v1",
"signature_type": "Function",
"source": "https://android.googlesource.com/kernel/common/+/f913f0123e6cff4dbc7c1e17d13b7a59a54475d2",
"target": {
"function": "unlock_vma_ref_count",
"file": "mm/mremap.c"
}
},
{
"digest": {
"length": 113.0,
"function_hash": "319355426502537965485581710589111492149"
},
"id": "ASB-A-377672115-4c514394",
"deprecated": true,
"signature_version": "v1",
"signature_type": "Function",
"source": "https://android.googlesource.com/kernel/common/+/f913f0123e6cff4dbc7c1e17d13b7a59a54475d2",
"target": {
"function": "trylock_vma_ref_count",
"file": "mm/mremap.c"
}
},
{
"digest": {
"length": 721.0,
"function_hash": "53041499849613438495804034995043984480"
},
"id": "ASB-A-377672115-5b791fd4",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"source": "https://android.googlesource.com/kernel/common/+/bce004fba8be9e1bb575301f398b3ecc27ba42de",
"target": {
"function": "move_normal_pmd",
"file": "mm/mremap.c"
}
},
{
"digest": {
"length": 50.0,
"function_hash": "250457195752860052248867923284680444418"
},
"id": "ASB-A-377672115-60ed7274",
"deprecated": true,
"signature_version": "v1",
"signature_type": "Function",
"source": "https://android.googlesource.com/kernel/common/+/f913f0123e6cff4dbc7c1e17d13b7a59a54475d2",
"target": {
"function": "unlock_vma_ref_count",
"file": "mm/mremap.c"
}
},
{
"digest": {
"length": 50.0,
"function_hash": "250457195752860052248867923284680444418"
},
"id": "ASB-A-377672115-66f8e651",
"deprecated": true,
"signature_version": "v1",
"signature_type": "Function",
"source": "https://android.googlesource.com/kernel/common/+/bce004fba8be9e1bb575301f398b3ecc27ba42de",
"target": {
"function": "unlock_vma_ref_count",
"file": "mm/mremap.c"
}
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"42797392494937158650355481991368978824",
"70578576587602961694043132551032985367",
"85871555903152038420517338934574066290",
"40300584947028607554305810739097275190",
"5426035947856368807581366380697496740",
"200506263781036578600989206180812294133",
"15988042282469977785253196155781412501",
"294170071576911363250042612665746903356",
"302022995094002775671732453889410562132",
"65785686690648809501617130737915359820",
"36324807517991436534608711174707398036",
"226640338742035864286972555826839567618",
"21069059154758008581973228760411561663",
"286318326631406340822087157363773349524",
"144699475404878957895704382154986588803",
"103283450558503344446433029724229318601",
"20219912921545860973126733485099336288",
"152344660179782338041864422653054914033",
"79927287083165520605533684903091717403",
"109340300148154360881385519137722313356",
"233104647185192125873695363470633481807",
"326876978524968313354133912895249077900",
"137557750825714246603947329889087201491",
"32233292796026853021320626533547726959",
"151222702089990596386662302705211747106",
"59301673601804744060000440212161599677",
"158003781017385672081172246064266535284",
"242258502374602303592760094049820635622",
"293222593432051175845947980341807992850",
"71122669304717087107267440898460425128",
"172520243452005976952658450047634595548",
"137586252339255593434059259461491086792",
"237248396711025993060957199662747119659",
"317771891073009677934926914300591273159",
"129480203548215297214611732029116557364",
"182936738225258363469159966706209988930",
"139535717722966595369526164561184409854",
"164210822877810058603443836170701940110",
"203085823583401697181528265146254406453",
"180067813262619704111519734352372418009",
"35528738709137646220385954203694285999",
"211376103467546214143520485085571929348",
"106682404611858104925717942904879551543",
"324131300247421353052654732280695566387",
"324862420182178577650750048117105568843",
"1228260130139878720329556233712426866",
"274284880338793595387743666369373837552",
"128738172722948940816731002079111712949",
"181781043165796458705912316752845643911",
"132611154650509369931928959445614052019",
"88161700639814895559913947043776269841",
"81625688981858205294951127328772885772",
"180067813262619704111519734352372418009",
"35528738709137646220385954203694285999",
"211376103467546214143520485085571929348",
"106682404611858104925717942904879551543"
]
},
"id": "ASB-A-377672115-787c93b3",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"source": "https://android.googlesource.com/kernel/common/+/f913f0123e6cff4dbc7c1e17d13b7a59a54475d2",
"target": {
"file": "mm/mremap.c"
}
},
{
"digest": {
"length": 113.0,
"function_hash": "319355426502537965485581710589111492149"
},
"id": "ASB-A-377672115-9f44a9f9",
"deprecated": true,
"signature_version": "v1",
"signature_type": "Function",
"source": "https://android.googlesource.com/kernel/common/+/bce004fba8be9e1bb575301f398b3ecc27ba42de",
"target": {
"function": "trylock_vma_ref_count",
"file": "mm/mremap.c"
}
},
{
"digest": {
"length": 141.0,
"function_hash": "242559038692532997653264190517254022438"
},
"id": "ASB-A-377672115-c450a2b2",
"deprecated": true,
"signature_version": "v1",
"signature_type": "Function",
"source": "https://android.googlesource.com/kernel/common/+/bce004fba8be9e1bb575301f398b3ecc27ba42de",
"target": {
"function": "unlock_vma_ref_count",
"file": "mm/mremap.c"
}
},
{
"digest": {
"length": 64.0,
"function_hash": "89005354327067945853519684375956017931"
},
"id": "ASB-A-377672115-fd7d0dc1",
"deprecated": true,
"signature_version": "v1",
"signature_type": "Function",
"source": "https://android.googlesource.com/kernel/common/+/bce004fba8be9e1bb575301f398b3ecc27ba42de",
"target": {
"function": "trylock_vma_ref_count",
"file": "mm/mremap.c"
}
}
],
"fixes": [
"https://android.googlesource.com/kernel/common/+/f913f0123e6cff4dbc7c1e17d13b7a59a54475d2",
"https://android.googlesource.com/kernel/common/+/bce004fba8be9e1bb575301f398b3ecc27ba42de"
],
"types": [
"EoP"
],
"spl": "2025-02-05",
"severity": "High"
}