ASB-A-321341508

See a problem?
Import Source
https://storage.googleapis.com/android-osv/ASB-A-321341508.json
JSON Data
https://api.osv.dev/v1/vulns/ASB-A-321341508
Aliases
  • A-321341508
  • CVE-2024-31313
Published
2024-06-01T00:00:00Z
Modified
2024-08-07T19:29:23.525532Z
Summary
fmq_fuzzer: Unsigned-integer-overflow in android::MessageQueueBase<android::hardware::MQDescriptor, int,
Details

In availableToWriteBytes of MessageQueueBase.h, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

References

Affected packages

Android / platform/system/libfmq

Affected ranges

Type
ECOSYSTEM
Events
Introduced
14-next:0
Fixed
14-next:2024-06-01

Affected versions

Other

14-next

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 67.0,
                "function_hash": "152908095466554525151767292445838411466"
            },
            "id": "ASB-A-321341508-59aede58",
            "source": "https://android.googlesource.com/platform/system/libfmq/+/db9028d6eead72c9cd45da48087ec6d5f1ac9c5a",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "include/fmq/MessageQueueBase.h",
                "function": "availableToWriteBytes"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 132.0,
                "function_hash": "42176836157770431253731899450536067667"
            },
            "id": "ASB-A-321341508-9f1ea146",
            "source": "https://android.googlesource.com/platform/system/libfmq/+/db9028d6eead72c9cd45da48087ec6d5f1ac9c5a",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "include/fmq/MessageQueueBase.h",
                "function": "availableToReadBytes"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "223300289963335374737942252888573102210",
                    "18488681837412616122657724577069121117",
                    "117125899055428656738178779745640830831",
                    "124740727282001485722438669538694109634",
                    "26754661951786742350714602196532112434",
                    "309930484527067763940979091410551508531",
                    "12256677282735441436613688363205428834",
                    "296149326157022037812024307966699756893",
                    "186726450763857558586092957778372274909",
                    "109017410997082114250456964558342449531"
                ]
            },
            "id": "ASB-A-321341508-cb4a6425",
            "source": "https://android.googlesource.com/platform/system/libfmq/+/db9028d6eead72c9cd45da48087ec6d5f1ac9c5a",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "include/fmq/MessageQueueBase.h"
            },
            "signature_type": "Line"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/system/libfmq/+/db9028d6eead72c9cd45da48087ec6d5f1ac9c5a"
    ],
    "spl": "2024-06-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}

Android / platform/system/libfmq

Affected ranges

Type
ECOSYSTEM
Events
Introduced
12:0
Fixed
12:2024-06-01

Affected versions

Other

12

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "223300289963335374737942252888573102210",
                    "18488681837412616122657724577069121117",
                    "117125899055428656738178779745640830831",
                    "124740727282001485722438669538694109634",
                    "26754661951786742350714602196532112434",
                    "309930484527067763940979091410551508531",
                    "12256677282735441436613688363205428834",
                    "296149326157022037812024307966699756893",
                    "186726450763857558586092957778372274909",
                    "109017410997082114250456964558342449531"
                ]
            },
            "id": "ASB-A-321341508-245bc4dc",
            "source": "https://android.googlesource.com/platform/system/libfmq/+/af19e0ef034174afd794563552f91303fd9f1529",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "include/fmq/MessageQueueBase.h"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 67.0,
                "function_hash": "152908095466554525151767292445838411466"
            },
            "id": "ASB-A-321341508-8cb6c0b9",
            "source": "https://android.googlesource.com/platform/system/libfmq/+/af19e0ef034174afd794563552f91303fd9f1529",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "include/fmq/MessageQueueBase.h",
                "function": "availableToWriteBytes"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 132.0,
                "function_hash": "42176836157770431253731899450536067667"
            },
            "id": "ASB-A-321341508-c74be5f5",
            "source": "https://android.googlesource.com/platform/system/libfmq/+/af19e0ef034174afd794563552f91303fd9f1529",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "include/fmq/MessageQueueBase.h",
                "function": "availableToReadBytes"
            },
            "signature_type": "Function"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/system/libfmq/+/af19e0ef034174afd794563552f91303fd9f1529"
    ],
    "spl": "2024-06-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}

Android / platform/system/libfmq

Affected ranges

Type
ECOSYSTEM
Events
Introduced
12L:0
Fixed
12L:2024-06-01

Affected versions

Other

12L

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "223300289963335374737942252888573102210",
                    "18488681837412616122657724577069121117",
                    "117125899055428656738178779745640830831",
                    "124740727282001485722438669538694109634",
                    "26754661951786742350714602196532112434",
                    "309930484527067763940979091410551508531",
                    "12256677282735441436613688363205428834",
                    "296149326157022037812024307966699756893",
                    "186726450763857558586092957778372274909",
                    "109017410997082114250456964558342449531"
                ]
            },
            "id": "ASB-A-321341508-59d7e90a",
            "source": "https://android.googlesource.com/platform/system/libfmq/+/b923a7c0d0d25de7b0c9ba7a7c2a3e917819d95a",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "include/fmq/MessageQueueBase.h"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 67.0,
                "function_hash": "152908095466554525151767292445838411466"
            },
            "id": "ASB-A-321341508-a741cfb2",
            "source": "https://android.googlesource.com/platform/system/libfmq/+/b923a7c0d0d25de7b0c9ba7a7c2a3e917819d95a",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "include/fmq/MessageQueueBase.h",
                "function": "availableToWriteBytes"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 132.0,
                "function_hash": "42176836157770431253731899450536067667"
            },
            "id": "ASB-A-321341508-b531eb9b",
            "source": "https://android.googlesource.com/platform/system/libfmq/+/b923a7c0d0d25de7b0c9ba7a7c2a3e917819d95a",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "include/fmq/MessageQueueBase.h",
                "function": "availableToReadBytes"
            },
            "signature_type": "Function"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/system/libfmq/+/b923a7c0d0d25de7b0c9ba7a7c2a3e917819d95a"
    ],
    "spl": "2024-06-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}

Android / platform/system/libfmq

Affected ranges

Type
ECOSYSTEM
Events
Introduced
13:0
Fixed
13:2024-06-01

Affected versions

Other

13

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "223300289963335374737942252888573102210",
                    "18488681837412616122657724577069121117",
                    "117125899055428656738178779745640830831",
                    "124740727282001485722438669538694109634",
                    "26754661951786742350714602196532112434",
                    "309930484527067763940979091410551508531",
                    "12256677282735441436613688363205428834",
                    "296149326157022037812024307966699756893",
                    "186726450763857558586092957778372274909",
                    "109017410997082114250456964558342449531"
                ]
            },
            "id": "ASB-A-321341508-21408965",
            "source": "https://android.googlesource.com/platform/system/libfmq/+/050952bf5f9bd035e469ce005300115d563e524a",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "include/fmq/MessageQueueBase.h"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 132.0,
                "function_hash": "42176836157770431253731899450536067667"
            },
            "id": "ASB-A-321341508-c50f6f75",
            "source": "https://android.googlesource.com/platform/system/libfmq/+/050952bf5f9bd035e469ce005300115d563e524a",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "include/fmq/MessageQueueBase.h",
                "function": "availableToReadBytes"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 67.0,
                "function_hash": "152908095466554525151767292445838411466"
            },
            "id": "ASB-A-321341508-e20b65cd",
            "source": "https://android.googlesource.com/platform/system/libfmq/+/050952bf5f9bd035e469ce005300115d563e524a",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "include/fmq/MessageQueueBase.h",
                "function": "availableToWriteBytes"
            },
            "signature_type": "Function"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/system/libfmq/+/050952bf5f9bd035e469ce005300115d563e524a"
    ],
    "spl": "2024-06-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}

Android / platform/system/libfmq

Affected ranges

Type
ECOSYSTEM
Events
Introduced
14:0
Fixed
14:2024-06-01

Affected versions

Other

14

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 132.0,
                "function_hash": "42176836157770431253731899450536067667"
            },
            "id": "ASB-A-321341508-3c26863c",
            "source": "https://android.googlesource.com/platform/system/libfmq/+/da080aa565f0cd1158bde3b8100dc73604959035",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "include/fmq/MessageQueueBase.h",
                "function": "availableToReadBytes"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "223300289963335374737942252888573102210",
                    "18488681837412616122657724577069121117",
                    "117125899055428656738178779745640830831",
                    "124740727282001485722438669538694109634",
                    "26754661951786742350714602196532112434",
                    "309930484527067763940979091410551508531",
                    "12256677282735441436613688363205428834",
                    "296149326157022037812024307966699756893",
                    "186726450763857558586092957778372274909",
                    "109017410997082114250456964558342449531"
                ]
            },
            "id": "ASB-A-321341508-67849aec",
            "source": "https://android.googlesource.com/platform/system/libfmq/+/da080aa565f0cd1158bde3b8100dc73604959035",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "include/fmq/MessageQueueBase.h"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 67.0,
                "function_hash": "152908095466554525151767292445838411466"
            },
            "id": "ASB-A-321341508-f746e4a1",
            "source": "https://android.googlesource.com/platform/system/libfmq/+/da080aa565f0cd1158bde3b8100dc73604959035",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "include/fmq/MessageQueueBase.h",
                "function": "availableToWriteBytes"
            },
            "signature_type": "Function"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/system/libfmq/+/da080aa565f0cd1158bde3b8100dc73604959035"
    ],
    "spl": "2024-06-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}