fmq_fuzzer: Unsigned-integer-overflow in android::MessageQueueBase<android::details::AidlMQDescriptorShim, int,

2024-06-0100:00:00

Google

osv.dev

android

messagequeuebase

unsigned-integer-overflow

race condition

local escalation

privilege

user interaction

software

7 High

AI Score

Confidence

High

0 Low

EPSS

Percentile

0.0%

JSON

In multiple functions of MessageQueueBase.h, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CPENameOperatorVersion
platform/system/libfmqeq13
platform/system/libfmqeq14
platform/system/libfmqeq12L
platform/system/libfmqeq12

Name	Operator	Version
platform/system/libfmq	eq	13
platform/system/libfmq	eq	14
platform/system/libfmq	eq	12L
platform/system/libfmq	eq	12

References

android.googlesource.com/platform/system/libfmq/+/79bbf4aeef4b254c52da670a972e22956c8c659d

source.android.com/security/bulletin/2024-06-01