ASB-A-336268889
See a problem?- Import Source
- https://storage.googleapis.com/android-osv-test/ASB-A-336268889.json
- JSON Data
- https://api.osv.dev/v1/vulns/ASB-A-336268889
- Aliases
-
- A-336268889
- CVE-2024-26923
- Published
- 2024-07-01T00:00:00Z
- Modified
- 2024-09-19T16:28:53.290582Z
- Summary
- Vulnerability: Local privilege escalation in LTS 6.6.27, COS 105 17412.294.62 (kernelCTF)
- Details
-
In multiple locations, there is a possible way to conduct local privilege escalation due to memory corruption. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
- References
-
- https://source.android.com/security/bulletin/2024-07-01
- https://android.googlesource.com/kernel/common/+/65e0a92c6d27d4cbaa0deef668df12b69853d65e
- https://android.googlesource.com/kernel/common/+/e8e652b8c81afc06e9bc801f6eb4896516be2d62
- https://android.googlesource.com/kernel/common/+/94c88f80ffddff00f0af448c02dfd8a3f3cdd692
- https://android.googlesource.com/kernel/common/+/d0c6724b0f6fa713e7fcfc0eb0173625519ba570
Affected packages
Android / :linux_kernel:
Package
- Name
- :linux_kernel:
Ecosystem specific
{
"vanir_signatures": [
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"247313632362000557681439634814653617003",
"225240012471257624316609982004119038788",
"237475675945084381784996008223390676253",
"45357760908702270405087243136282333814",
"198347599488074683909057318167912198406",
"107858477545749964358376846251504242693",
"244993795812341974696846497482787712037",
"115611268172369308342931816655427995262",
"304613538574637326588055915306575351528",
"130247343054700722034937596086818004261"
]
},
"id": "ASB-A-336268889-0031fd89",
"source": "https://android.googlesource.com/kernel/common/+/e8e652b8c81afc06e9bc801f6eb4896516be2d62",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "net/unix/garbage.c"
},
"signature_type": "Line"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"34018058557352857069115465244538835617",
"93092524946576678467574482608174623789",
"182720947208078448808761998742069553713",
"11893839854873724404257343183169156192",
"210046296855257334600204780754527157137",
"226999531584282127199320886354903031118",
"153678299290171553047485770835508022914",
"198747499397044935264277141990862254763",
"226788261394659924951446248473212267530",
"121452415886867087069991386460849450140",
"114232136431518175037929894507307719059",
"83609576668788266767426052679672000318",
"186334532301052958405349670638065625513",
"26449154175054099676370770786636328254",
"337982140429562716294476533940268661136"
]
},
"id": "ASB-A-336268889-0817147d",
"source": "https://android.googlesource.com/kernel/common/+/65e0a92c6d27d4cbaa0deef668df12b69853d65e",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "net/unix/scm.c"
},
"signature_type": "Line"
},
{
"digest": {
"length": 501.0,
"function_hash": "288946785512724367194197918812911769854"
},
"id": "ASB-A-336268889-08ee0bd5",
"source": "https://android.googlesource.com/kernel/common/+/94c88f80ffddff00f0af448c02dfd8a3f3cdd692",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "net/unix/scm.c",
"function": "unix_inflight"
},
"signature_type": "Function"
},
{
"digest": {
"length": 476.0,
"function_hash": "297215572218545126721033128042600089152"
},
"id": "ASB-A-336268889-0c264ea1",
"source": "https://android.googlesource.com/kernel/common/+/94c88f80ffddff00f0af448c02dfd8a3f3cdd692",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "net/unix/scm.c",
"function": "unix_notinflight"
},
"signature_type": "Function"
},
{
"digest": {
"length": 1284.0,
"function_hash": "79567259249594467579731561244746225636"
},
"id": "ASB-A-336268889-11ebd060",
"source": "https://android.googlesource.com/kernel/common/+/94c88f80ffddff00f0af448c02dfd8a3f3cdd692",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "net/unix/af_unix.c",
"function": "unix_create1"
},
"signature_type": "Function"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"229169899149629648020241000474569340399",
"319846341391704970718610217329328597197",
"68751950099271897292539579106898430889",
"179014123323878324404531784793768956944"
]
},
"id": "ASB-A-336268889-13d83d4c",
"source": "https://android.googlesource.com/kernel/common/+/65e0a92c6d27d4cbaa0deef668df12b69853d65e",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "include/net/af_unix.h"
},
"signature_type": "Line"
},
{
"digest": {
"length": 1938.0,
"function_hash": "208102392801727682837033639742828568898"
},
"id": "ASB-A-336268889-14564207",
"source": "https://android.googlesource.com/kernel/common/+/d0c6724b0f6fa713e7fcfc0eb0173625519ba570",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "net/unix/garbage.c",
"function": "unix_gc"
},
"signature_type": "Function"
},
{
"digest": {
"length": 1300.0,
"function_hash": "256792140429998076950163048962864845452"
},
"id": "ASB-A-336268889-18fe6c86",
"source": "https://android.googlesource.com/kernel/common/+/65e0a92c6d27d4cbaa0deef668df12b69853d65e",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "net/unix/af_unix.c",
"function": "unix_create1"
},
"signature_type": "Function"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"34018058557352857069115465244538835617",
"93092524946576678467574482608174623789",
"182720947208078448808761998742069553713",
"11893839854873724404257343183169156192",
"210046296855257334600204780754527157137",
"226999531584282127199320886354903031118",
"153678299290171553047485770835508022914",
"198747499397044935264277141990862254763",
"226788261394659924951446248473212267530",
"121452415886867087069991386460849450140",
"114232136431518175037929894507307719059",
"83609576668788266767426052679672000318",
"186334532301052958405349670638065625513",
"26449154175054099676370770786636328254",
"337982140429562716294476533940268661136"
]
},
"id": "ASB-A-336268889-190fcc5e",
"source": "https://android.googlesource.com/kernel/common/+/94c88f80ffddff00f0af448c02dfd8a3f3cdd692",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "net/unix/scm.c"
},
"signature_type": "Line"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"229169899149629648020241000474569340399",
"319846341391704970718610217329328597197",
"68751950099271897292539579106898430889",
"179014123323878324404531784793768956944"
]
},
"id": "ASB-A-336268889-19e34081",
"source": "https://android.googlesource.com/kernel/common/+/94c88f80ffddff00f0af448c02dfd8a3f3cdd692",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "include/net/af_unix.h"
},
"signature_type": "Line"
},
{
"digest": {
"length": 501.0,
"function_hash": "288946785512724367194197918812911769854"
},
"id": "ASB-A-336268889-2237e4a9",
"source": "https://android.googlesource.com/kernel/common/+/65e0a92c6d27d4cbaa0deef668df12b69853d65e",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "net/unix/scm.c",
"function": "unix_inflight"
},
"signature_type": "Function"
},
{
"digest": {
"length": 189.0,
"function_hash": "240410430883624536718189457516174731504"
},
"id": "ASB-A-336268889-3f740493",
"source": "https://android.googlesource.com/kernel/common/+/94c88f80ffddff00f0af448c02dfd8a3f3cdd692",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "net/unix/garbage.c",
"function": "inc_inflight_move_tail"
},
"signature_type": "Function"
},
{
"digest": {
"length": 78.0,
"function_hash": "32771700499475293003389041003148751794"
},
"id": "ASB-A-336268889-46fed032",
"source": "https://android.googlesource.com/kernel/common/+/65e0a92c6d27d4cbaa0deef668df12b69853d65e",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "net/unix/garbage.c",
"function": "dec_inflight"
},
"signature_type": "Function"
},
{
"digest": {
"length": 1974.0,
"function_hash": "185388923631320866690418167810941867209"
},
"id": "ASB-A-336268889-47b97793",
"source": "https://android.googlesource.com/kernel/common/+/94c88f80ffddff00f0af448c02dfd8a3f3cdd692",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "net/unix/garbage.c",
"function": "unix_gc"
},
"signature_type": "Function"
},
{
"digest": {
"length": 1938.0,
"function_hash": "208102392801727682837033639742828568898"
},
"id": "ASB-A-336268889-53d788c6",
"source": "https://android.googlesource.com/kernel/common/+/e8e652b8c81afc06e9bc801f6eb4896516be2d62",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "net/unix/garbage.c",
"function": "unix_gc"
},
"signature_type": "Function"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"142717427371530171426051707585668806085",
"306003356727347426775091280203126502352",
"216773730988356130178809894576149788225",
"166122320241932598815839121632730397726",
"314401004615731610421490129915112171679",
"223504890845623598296340335435465402668",
"113653519622898125871539121063995234117",
"307823560520438780271746831933913197506",
"299222778906134050109542358306789760467",
"206409915645885549570411791291625234766",
"13493564691363127574599236000480725839",
"60475990466972244711347733060839656732",
"67204444720503199567475211557237516078",
"283413167491286194010535697131531645955",
"213674275052890042080761422788032722911",
"293279286727186019093444614577600634708",
"315372028039212450912987835742445305509",
"131313792618370895629642752949508403549",
"231119894927051454381899586168332072267",
"138611588752502403540609713593739967599",
"325202062772063921439758745411555542965",
"5349357727180890598626797012029578504",
"336553368907515952872178503445672989775",
"287678379809752400556178767611129396171",
"59877822475616694414037712842543401028"
]
},
"id": "ASB-A-336268889-5b2ab5a1",
"source": "https://android.googlesource.com/kernel/common/+/94c88f80ffddff00f0af448c02dfd8a3f3cdd692",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "net/unix/garbage.c"
},
"signature_type": "Line"
},
{
"digest": {
"length": 78.0,
"function_hash": "32771700499475293003389041003148751794"
},
"id": "ASB-A-336268889-68263681",
"source": "https://android.googlesource.com/kernel/common/+/94c88f80ffddff00f0af448c02dfd8a3f3cdd692",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "net/unix/garbage.c",
"function": "inc_inflight"
},
"signature_type": "Function"
},
{
"digest": {
"length": 78.0,
"function_hash": "32771700499475293003389041003148751794"
},
"id": "ASB-A-336268889-8c41918d",
"source": "https://android.googlesource.com/kernel/common/+/94c88f80ffddff00f0af448c02dfd8a3f3cdd692",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "net/unix/garbage.c",
"function": "dec_inflight"
},
"signature_type": "Function"
},
{
"digest": {
"length": 78.0,
"function_hash": "32771700499475293003389041003148751794"
},
"id": "ASB-A-336268889-9919f32f",
"source": "https://android.googlesource.com/kernel/common/+/65e0a92c6d27d4cbaa0deef668df12b69853d65e",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "net/unix/garbage.c",
"function": "inc_inflight"
},
"signature_type": "Function"
},
{
"digest": {
"length": 1974.0,
"function_hash": "185388923631320866690418167810941867209"
},
"id": "ASB-A-336268889-9ce7502b",
"source": "https://android.googlesource.com/kernel/common/+/65e0a92c6d27d4cbaa0deef668df12b69853d65e",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "net/unix/garbage.c",
"function": "unix_gc"
},
"signature_type": "Function"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"26504319915764767391054731013561806767",
"305262435296349633954790026331758338774",
"3588348406374060036572524386407772358",
"39534486522883387327049941507664853093",
"275836610975792030574157396950060080760",
"138785530240296810437955167150808320950",
"247625825317893331830582932585766658430",
"18835550702832627566200153841262655296"
]
},
"id": "ASB-A-336268889-a866bef2",
"source": "https://android.googlesource.com/kernel/common/+/65e0a92c6d27d4cbaa0deef668df12b69853d65e",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "net/unix/af_unix.c"
},
"signature_type": "Line"
},
{
"digest": {
"length": 189.0,
"function_hash": "240410430883624536718189457516174731504"
},
"id": "ASB-A-336268889-cbd39c69",
"source": "https://android.googlesource.com/kernel/common/+/65e0a92c6d27d4cbaa0deef668df12b69853d65e",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "net/unix/garbage.c",
"function": "inc_inflight_move_tail"
},
"signature_type": "Function"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"247313632362000557681439634814653617003",
"225240012471257624316609982004119038788",
"237475675945084381784996008223390676253",
"45357760908702270405087243136282333814",
"198347599488074683909057318167912198406",
"107858477545749964358376846251504242693",
"244993795812341974696846497482787712037",
"115611268172369308342931816655427995262",
"304613538574637326588055915306575351528",
"130247343054700722034937596086818004261"
]
},
"id": "ASB-A-336268889-d5f70255",
"source": "https://android.googlesource.com/kernel/common/+/d0c6724b0f6fa713e7fcfc0eb0173625519ba570",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "net/unix/garbage.c"
},
"signature_type": "Line"
},
{
"digest": {
"length": 476.0,
"function_hash": "297215572218545126721033128042600089152"
},
"id": "ASB-A-336268889-de0e018e",
"source": "https://android.googlesource.com/kernel/common/+/65e0a92c6d27d4cbaa0deef668df12b69853d65e",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "net/unix/scm.c",
"function": "unix_notinflight"
},
"signature_type": "Function"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"26504319915764767391054731013561806767",
"305262435296349633954790026331758338774",
"3588348406374060036572524386407772358",
"39534486522883387327049941507664853093",
"275836610975792030574157396950060080760",
"138785530240296810437955167150808320950",
"247625825317893331830582932585766658430",
"18835550702832627566200153841262655296"
]
},
"id": "ASB-A-336268889-e3eecd7f",
"source": "https://android.googlesource.com/kernel/common/+/94c88f80ffddff00f0af448c02dfd8a3f3cdd692",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "net/unix/af_unix.c"
},
"signature_type": "Line"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"142717427371530171426051707585668806085",
"306003356727347426775091280203126502352",
"216773730988356130178809894576149788225",
"166122320241932598815839121632730397726",
"314401004615731610421490129915112171679",
"223504890845623598296340335435465402668",
"113653519622898125871539121063995234117",
"307823560520438780271746831933913197506",
"299222778906134050109542358306789760467",
"206409915645885549570411791291625234766",
"13493564691363127574599236000480725839",
"60475990466972244711347733060839656732",
"67204444720503199567475211557237516078",
"283413167491286194010535697131531645955",
"213674275052890042080761422788032722911",
"293279286727186019093444614577600634708",
"315372028039212450912987835742445305509",
"131313792618370895629642752949508403549",
"231119894927051454381899586168332072267",
"138611588752502403540609713593739967599",
"325202062772063921439758745411555542965",
"5349357727180890598626797012029578504",
"336553368907515952872178503445672989775",
"287678379809752400556178767611129396171",
"59877822475616694414037712842543401028"
]
},
"id": "ASB-A-336268889-fe1f5852",
"source": "https://android.googlesource.com/kernel/common/+/65e0a92c6d27d4cbaa0deef668df12b69853d65e",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "net/unix/garbage.c"
},
"signature_type": "Line"
}
],
"fixes": [
"https://android.googlesource.com/kernel/common/+/65e0a92c6d27d4cbaa0deef668df12b69853d65e",
"https://android.googlesource.com/kernel/common/+/e8e652b8c81afc06e9bc801f6eb4896516be2d62",
"https://android.googlesource.com/kernel/common/+/94c88f80ffddff00f0af448c02dfd8a3f3cdd692",
"https://android.googlesource.com/kernel/common/+/d0c6724b0f6fa713e7fcfc0eb0173625519ba570"
],
"spl": "2024-07-05",
"severity": "High",
"types": [
"EoP"
]
}