ASB-A-432753641
See a problem?- Import Source
- https://storage.googleapis.com/android-osv/ASB-A-432753641.json
- JSON Data
- https://api.osv.dev/v1/vulns/ASB-A-432753641
- Aliases
-
- A-432753641
- CVE-2025-38236
- Published
- 2025-12-01T00:00:00Z
- Modified
- 2025-12-25T16:59:54.166440Z
- Summary
- [none]
- Details
-
In unixstreamrecvurg of afunix.c, there is a possible way to achieve code execution due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
- References
Affected packages
Android / :linux_kernel:
Package
- Name
- :linux_kernel:
Ecosystem specific
{
"types": [
"EoP"
],
"severity": "High",
"spl": "2025-12-05",
"fixes": [
"https://android.googlesource.com/kernel/common/+/a12237865b48a73183df252029ff5065d73d305e",
"https://android.googlesource.com/kernel/common/+/fad0a2c16062ac7c606b93166a7ce9d265bab976"
],
"vanir_signatures": [
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"183252015495784150815074425108747348646",
"236728392786984015217553286462212773033",
"254384752385631068815300715904164301250",
"11553748700143810502292442417527623876",
"321011682658881487664849514755219224884",
"295480873339494963930518411331494115004",
"225139531471823096184134662633073653583",
"288484838968544984887739437775807415209",
"228492040799423198324251515580849429063",
"41755156721136384482599075909833842327",
"73603010689634229389347733204668975462",
"290493494940134735643491267196507640898",
"216390754541469798883098752354660630225",
"72824928035174032854310807870359093985",
"219360950567803672166296949696650665395",
"329445656469819655501715074336629864351",
"172953970843298043501755264330416669825"
]
},
"target": {
"file": "net/unix/af_unix.c"
},
"deprecated": false,
"source": "https://android.googlesource.com/kernel/common/+/a12237865b48a73183df252029ff5065d73d305e",
"id": "ASB-A-432753641-0997eb90",
"signature_type": "Line",
"signature_version": "v1"
},
{
"digest": {
"function_hash": "97891357983722468090034070534007393679",
"length": 840.0
},
"target": {
"file": "net/unix/af_unix.c",
"function": "unix_stream_recv_urg"
},
"deprecated": false,
"source": "https://android.googlesource.com/kernel/common/+/fad0a2c16062ac7c606b93166a7ce9d265bab976",
"id": "ASB-A-432753641-7530af4d",
"signature_type": "Function",
"signature_version": "v1"
},
{
"digest": {
"function_hash": "97891357983722468090034070534007393679",
"length": 840.0
},
"target": {
"file": "net/unix/af_unix.c",
"function": "unix_stream_recv_urg"
},
"deprecated": false,
"source": "https://android.googlesource.com/kernel/common/+/a12237865b48a73183df252029ff5065d73d305e",
"id": "ASB-A-432753641-edfb2af5",
"signature_type": "Function",
"signature_version": "v1"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"183252015495784150815074425108747348646",
"236728392786984015217553286462212773033",
"254384752385631068815300715904164301250",
"11553748700143810502292442417527623876",
"321011682658881487664849514755219224884",
"295480873339494963930518411331494115004",
"225139531471823096184134662633073653583",
"288484838968544984887739437775807415209",
"228492040799423198324251515580849429063",
"41755156721136384482599075909833842327",
"73603010689634229389347733204668975462",
"290493494940134735643491267196507640898",
"216390754541469798883098752354660630225",
"72824928035174032854310807870359093985",
"219360950567803672166296949696650665395",
"329445656469819655501715074336629864351",
"172953970843298043501755264330416669825"
]
},
"target": {
"file": "net/unix/af_unix.c"
},
"deprecated": false,
"source": "https://android.googlesource.com/kernel/common/+/fad0a2c16062ac7c606b93166a7ce9d265bab976",
"id": "ASB-A-432753641-ef4fa016",
"signature_type": "Line",
"signature_version": "v1"
}
]
}