GoogleOSV:ASB-A-342490466Vulnerability: Local privilege escalation in LTS 6.6.28, COS 109 17800.218.20 (kernelCTF)
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
In multiple functions of af_unix.c, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
References
android.googlesource.com/kernel/common/+/0e9ee9221f28d842f9d764cf4ce1e600a62470a7
android.googlesource.com/kernel/common/+/30d168eb06cd8bd51d5cbf9c374b8bc6b667d7f6
android.googlesource.com/kernel/common/+/3169d3641a8f6e1c2c61c328d171665c5ec65780
android.googlesource.com/kernel/common/+/5c86c33a36e96a7ef91645d41dd3bf2ece19a8ca
android.googlesource.com/kernel/common/+/685a016cdeac2b7f1d968c6b56e698547976e10d
android.googlesource.com/kernel/common/+/de6fb073c606c19695893b874c005741fa4c0f06
source.android.com/security/bulletin/2024-09-01
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H