ASB-A-432728472
See a problem?- Import Source
- https://storage.googleapis.com/android-osv/ASB-A-432728472.json
- JSON Data
- https://api.osv.dev/v1/vulns/ASB-A-432728472
- Aliases
-
- A-432728472
- A-446648770
- ASB-A-446648770
- CVE-2025-39946
- Published
- 2026-03-01T00:00:00Z
- Modified
- 2026-03-02T17:56:03.053706Z
- Summary
- [none]
- Details
-
In tlsrxmsgsize of tlssw.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
- References
-
- https://source.android.com/security/bulletin/2026-03-01
- https://android.googlesource.com/kernel/common/+/1257aa4519ee5d49e465b0dcc85cc7e4a24619d5
- https://android.googlesource.com/kernel/common/+/c4bcbf924ba0823fcdc960c02e0409dbcd345a5
- https://android.googlesource.com/kernel/common/+/8f4e429a1e36e588f434772dceca9068dc1208cc
Affected packages
Android / :linux_kernel:
Package
- Name
- :linux_kernel:
Ecosystem specific
{
"fixes": [
"https://android.googlesource.com/kernel/common/+/1257aa4519ee5d49e465b0dcc85cc7e4a24619d5",
"https://android.googlesource.com/kernel/common/+/c4bcbf924ba0823fcdc960c02e0409dbcd345a5",
"https://android.googlesource.com/kernel/common/+/8f4e429a1e36e588f434772dceca9068dc1208cc"
],
"severity": "High",
"spl": "2026-03-05",
"vanir_signatures": [
{
"id": "ASB-A-432728472-01516fff",
"digest": {
"length": 694.0,
"function_hash": "153434889485638265871577548869593617670"
},
"signature_type": "Function",
"target": {
"file": "net/tls/tls_strp.c",
"function": "tls_strp_read_sock"
},
"signature_version": "v1",
"source": "https://android.googlesource.com/kernel/common/+/8f4e429a1e36e588f434772dceca9068dc1208cc",
"deprecated": false
},
{
"id": "ASB-A-432728472-037acb08",
"digest": {
"length": 202.0,
"function_hash": "73899250446012620206950543049773955899"
},
"signature_type": "Function",
"target": {
"file": "net/tls/tls_strp.c",
"function": "tls_strp_abort_strp"
},
"signature_version": "v1",
"source": "https://android.googlesource.com/kernel/common/+/c4bcbf924ba0823fcdc960c02e0409dbcd345a5",
"deprecated": false
},
{
"id": "ASB-A-432728472-19b82f1e",
"digest": {
"length": 1305.0,
"function_hash": "14736950894827631867549102320191922726"
},
"signature_type": "Function",
"target": {
"file": "net/tls/tls_strp.c",
"function": "tls_strp_copyin_frag"
},
"signature_version": "v1",
"source": "https://android.googlesource.com/kernel/common/+/c4bcbf924ba0823fcdc960c02e0409dbcd345a5",
"deprecated": false
},
{
"id": "ASB-A-432728472-3d02bf22",
"digest": {
"length": 681.0,
"function_hash": "48348692865488476052042763323118805048"
},
"signature_type": "Function",
"target": {
"file": "net/tls/tls_strp.c",
"function": "tls_strp_read_sock"
},
"signature_version": "v1",
"source": "https://android.googlesource.com/kernel/common/+/1257aa4519ee5d49e465b0dcc85cc7e4a24619d5",
"deprecated": false
},
{
"id": "ASB-A-432728472-3f450019",
"digest": {
"length": 1209.0,
"function_hash": "80210314256187194721452425538351763738"
},
"signature_type": "Function",
"target": {
"file": "net/tls/tls_sw.c",
"function": "tls_rx_msg_size"
},
"signature_version": "v1",
"source": "https://android.googlesource.com/kernel/common/+/8f4e429a1e36e588f434772dceca9068dc1208cc",
"deprecated": false
},
{
"id": "ASB-A-432728472-548e5f56",
"digest": {
"length": 202.0,
"function_hash": "73899250446012620206950543049773955899"
},
"signature_type": "Function",
"target": {
"file": "net/tls/tls_strp.c",
"function": "tls_strp_abort_strp"
},
"signature_version": "v1",
"source": "https://android.googlesource.com/kernel/common/+/8f4e429a1e36e588f434772dceca9068dc1208cc",
"deprecated": false
},
{
"id": "ASB-A-432728472-6590ed20",
"digest": {
"threshold": 0.9,
"line_hashes": [
"167319612760302190586015343449827245489",
"114835205123262800226261142064048450240",
"27954908737744688539567304471312715351",
"164201152866963214840408218986501627918"
]
},
"signature_type": "Line",
"target": {
"file": "net/tls/tls.h"
},
"signature_version": "v1",
"source": "https://android.googlesource.com/kernel/common/+/c4bcbf924ba0823fcdc960c02e0409dbcd345a5",
"deprecated": false
},
{
"id": "ASB-A-432728472-6e7ee497",
"digest": {
"threshold": 0.9,
"line_hashes": [
"167319612760302190586015343449827245489",
"249219786354491397621364679998475272102",
"150993359548527104535124589494448364847",
"134789658902575227106705782654316408187"
]
},
"signature_type": "Line",
"target": {
"file": "net/tls/tls.h"
},
"signature_version": "v1",
"source": "https://android.googlesource.com/kernel/common/+/8f4e429a1e36e588f434772dceca9068dc1208cc",
"deprecated": false
},
{
"id": "ASB-A-432728472-76722a05",
"digest": {
"length": 1305.0,
"function_hash": "14736950894827631867549102320191922726"
},
"signature_type": "Function",
"target": {
"file": "net/tls/tls_strp.c",
"function": "tls_strp_copyin_frag"
},
"signature_version": "v1",
"source": "https://android.googlesource.com/kernel/common/+/8f4e429a1e36e588f434772dceca9068dc1208cc",
"deprecated": false
},
{
"id": "ASB-A-432728472-7f6345ac",
"digest": {
"threshold": 0.9,
"line_hashes": [
"259352220024315208510789459129187146363",
"70821024282919158246521290310114840820",
"257139970137432328844216514013311298012",
"273441906032623416244819020749562126365"
]
},
"signature_type": "Line",
"target": {
"file": "net/tls/tls_sw.c"
},
"signature_version": "v1",
"source": "https://android.googlesource.com/kernel/common/+/1257aa4519ee5d49e465b0dcc85cc7e4a24619d5",
"deprecated": false
},
{
"id": "ASB-A-432728472-81d4f64a",
"digest": {
"threshold": 0.9,
"line_hashes": [
"259352220024315208510789459129187146363",
"70821024282919158246521290310114840820",
"257139970137432328844216514013311298012",
"273441906032623416244819020749562126365"
]
},
"signature_type": "Line",
"target": {
"file": "net/tls/tls_sw.c"
},
"signature_version": "v1",
"source": "https://android.googlesource.com/kernel/common/+/c4bcbf924ba0823fcdc960c02e0409dbcd345a5",
"deprecated": false
},
{
"id": "ASB-A-432728472-85bf8601",
"digest": {
"length": 1205.0,
"function_hash": "119521667270854040441809762487232819214"
},
"signature_type": "Function",
"target": {
"file": "net/tls/tls_sw.c",
"function": "tls_rx_msg_size"
},
"signature_version": "v1",
"source": "https://android.googlesource.com/kernel/common/+/1257aa4519ee5d49e465b0dcc85cc7e4a24619d5",
"deprecated": false
},
{
"id": "ASB-A-432728472-9b749b32",
"digest": {
"length": 1205.0,
"function_hash": "119521667270854040441809762487232819214"
},
"signature_type": "Function",
"target": {
"file": "net/tls/tls_sw.c",
"function": "tls_rx_msg_size"
},
"signature_version": "v1",
"source": "https://android.googlesource.com/kernel/common/+/c4bcbf924ba0823fcdc960c02e0409dbcd345a5",
"deprecated": false
},
{
"id": "ASB-A-432728472-9d90cc5d",
"digest": {
"length": 694.0,
"function_hash": "153434889485638265871577548869593617670"
},
"signature_type": "Function",
"target": {
"file": "net/tls/tls_strp.c",
"function": "tls_strp_read_sock"
},
"signature_version": "v1",
"source": "https://android.googlesource.com/kernel/common/+/c4bcbf924ba0823fcdc960c02e0409dbcd345a5",
"deprecated": false
},
{
"id": "ASB-A-432728472-a095dc4a",
"digest": {
"threshold": 0.9,
"line_hashes": [
"24740857850889261376534379889810764363",
"85998308388649098283392370513661937551",
"147429037395883480638966273712117273899",
"164201152866963214840408218986501627918"
]
},
"signature_type": "Line",
"target": {
"file": "net/tls/tls.h"
},
"signature_version": "v1",
"source": "https://android.googlesource.com/kernel/common/+/1257aa4519ee5d49e465b0dcc85cc7e4a24619d5",
"deprecated": false
},
{
"id": "ASB-A-432728472-aa5115ca",
"digest": {
"threshold": 0.9,
"line_hashes": [
"283473912220730539996808505321285588488",
"282379519402453234653640911446496461682",
"180019526495118017326739593146279295034",
"127703605037329090890997472871119392881",
"257757383132649446419959855998803868183",
"207123435426603509375397963049063922643",
"321988435554987910950377870876338988276",
"213917199970682281630473111601042701007",
"320480072546889979068846311463305586477",
"282837849059342887715680713098453968916",
"102636347842246774708837963250878814246",
"330445333256328674200284537248793228348",
"257164867764520225110026204737396977674",
"30433805054825544707946463506709329172",
"124645913546482956324079446531650032764",
"190398880868658174037474825069554292580",
"64671137334939586658247282280300550306",
"311922899447412556101406509780565561577",
"255993891640699880661468095459341916628"
]
},
"signature_type": "Line",
"target": {
"file": "net/tls/tls_strp.c"
},
"signature_version": "v1",
"source": "https://android.googlesource.com/kernel/common/+/8f4e429a1e36e588f434772dceca9068dc1208cc",
"deprecated": false
},
{
"id": "ASB-A-432728472-b0fd8bf1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"259352220024315208510789459129187146363",
"70821024282919158246521290310114840820",
"257139970137432328844216514013311298012",
"273441906032623416244819020749562126365"
]
},
"signature_type": "Line",
"target": {
"file": "net/tls/tls_sw.c"
},
"signature_version": "v1",
"source": "https://android.googlesource.com/kernel/common/+/8f4e429a1e36e588f434772dceca9068dc1208cc",
"deprecated": false
},
{
"id": "ASB-A-432728472-b79f5c12",
"digest": {
"length": 202.0,
"function_hash": "73899250446012620206950543049773955899"
},
"signature_type": "Function",
"target": {
"file": "net/tls/tls_strp.c",
"function": "tls_strp_abort_strp"
},
"signature_version": "v1",
"source": "https://android.googlesource.com/kernel/common/+/1257aa4519ee5d49e465b0dcc85cc7e4a24619d5",
"deprecated": false
},
{
"id": "ASB-A-432728472-c6beb2e7",
"digest": {
"threshold": 0.9,
"line_hashes": [
"283473912220730539996808505321285588488",
"282379519402453234653640911446496461682",
"180019526495118017326739593146279295034",
"127703605037329090890997472871119392881",
"257757383132649446419959855998803868183",
"207123435426603509375397963049063922643",
"321988435554987910950377870876338988276",
"213917199970682281630473111601042701007",
"320480072546889979068846311463305586477",
"282837849059342887715680713098453968916",
"102636347842246774708837963250878814246",
"330445333256328674200284537248793228348",
"257164867764520225110026204737396977674",
"30433805054825544707946463506709329172",
"124645913546482956324079446531650032764",
"190398880868658174037474825069554292580",
"64671137334939586658247282280300550306",
"311922899447412556101406509780565561577",
"255993891640699880661468095459341916628"
]
},
"signature_type": "Line",
"target": {
"file": "net/tls/tls_strp.c"
},
"signature_version": "v1",
"source": "https://android.googlesource.com/kernel/common/+/c4bcbf924ba0823fcdc960c02e0409dbcd345a5",
"deprecated": false
},
{
"id": "ASB-A-432728472-eb7d8bd9",
"digest": {
"length": 1305.0,
"function_hash": "14736950894827631867549102320191922726"
},
"signature_type": "Function",
"target": {
"file": "net/tls/tls_strp.c",
"function": "tls_strp_copyin_frag"
},
"signature_version": "v1",
"source": "https://android.googlesource.com/kernel/common/+/1257aa4519ee5d49e465b0dcc85cc7e4a24619d5",
"deprecated": false
},
{
"id": "ASB-A-432728472-f3d2de02",
"digest": {
"threshold": 0.9,
"line_hashes": [
"283473912220730539996808505321285588488",
"282379519402453234653640911446496461682",
"180019526495118017326739593146279295034",
"127703605037329090890997472871119392881",
"257757383132649446419959855998803868183",
"207123435426603509375397963049063922643",
"321988435554987910950377870876338988276",
"213917199970682281630473111601042701007",
"320480072546889979068846311463305586477",
"282837849059342887715680713098453968916",
"102636347842246774708837963250878814246",
"330445333256328674200284537248793228348",
"257164867764520225110026204737396977674",
"30433805054825544707946463506709329172",
"124645913546482956324079446531650032764",
"190398880868658174037474825069554292580",
"64671137334939586658247282280300550306",
"311922899447412556101406509780565561577",
"255993891640699880661468095459341916628"
]
},
"signature_type": "Line",
"target": {
"file": "net/tls/tls_strp.c"
},
"signature_version": "v1",
"source": "https://android.googlesource.com/kernel/common/+/1257aa4519ee5d49e465b0dcc85cc7e4a24619d5",
"deprecated": false
}
],
"types": [
"EoP"
]
}