{"id":"ASB-A-342490466","details":"In multiple functions of af_unix.c, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-342490466","CVE-2024-36972"],"modified":"2026-03-11T06:30:16.197511Z","published":"2024-09-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2024-09-01"},{"type":"FIX","url":"https://android.googlesource.com/kernel/common/+/3169d3641a8f6e1c2c61c328d171665c5ec65780"},{"type":"FIX","url":"https://android.googlesource.com/kernel/common/+/5c86c33a36e96a7ef91645d41dd3bf2ece19a8ca"},{"type":"FIX","url":"https://android.googlesource.com/kernel/common/+/685a016cdeac2b7f1d968c6b56e698547976e10d"},{"type":"FIX","url":"https://android.googlesource.com/kernel/common/+/30d168eb06cd8bd51d5cbf9c374b8bc6b667d7f6"},{"type":"FIX","url":"https://android.googlesource.com/kernel/common/+/0e9ee9221f28d842f9d764cf4ce1e600a62470a7"},{"type":"FIX","url":"https://android.googlesource.com/kernel/common/+/de6fb073c606c19695893b874c005741fa4c0f06"}],"affected":[{"package":{"name":":linux_kernel:","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":":0"},{"fixed":":2024-09-05"}]}],"versions":["Kernel"],"ecosystem_specific":{"vanir_signatures":[{"signature_type":"Function","digest":{"function_hash":"148701938685513132065393457904920098343","length":744},"signature_version":"v1","target":{"file":"net/unix/af_unix.c","function":"manage_oob"},"source":"https://android.googlesource.com/kernel/common/+/0e9ee9221f28d842f9d764cf4ce1e600a62470a7","id":"ASB-A-342490466-10fbaa7d","deprecated":false},{"signature_type":"Function","digest":{"function_hash":"273387260747125013363523233215867240594","length":739},"signature_version":"v1","target":{"file":"net/unix/af_unix.c","function":"unix_stream_recv_urg"},"source":"https://android.googlesource.com/kernel/common/+/685a016cdeac2b7f1d968c6b56e698547976e10d","id":"ASB-A-342490466-16274f92","deprecated":false},{"signature_type":"Function","digest":{"function_hash":"161989691304211948289155966666614842311","length":666},"signature_version":"v1","target":{"file":"net/unix/af_unix.c","function":"manage_oob"},"source":"https://android.googlesource.com/kernel/common/+/30d168eb06cd8bd51d5cbf9c374b8bc6b667d7f6","id":"ASB-A-342490466-19abd8a9","deprecated":false},{"signature_type":"Function","digest":{"function_hash":"161989691304211948289155966666614842311","length":666},"signature_version":"v1","target":{"file":"net/unix/af_unix.c","function":"manage_oob"},"source":"https://android.googlesource.com/kernel/common/+/3169d3641a8f6e1c2c61c328d171665c5ec65780","id":"ASB-A-342490466-1bf06a10","deprecated":false},{"signature_type":"Function","digest":{"function_hash":"148701938685513132065393457904920098343","length":744},"signature_version":"v1","target":{"file":"net/unix/af_unix.c","function":"manage_oob"},"source":"https://android.googlesource.com/kernel/common/+/5c86c33a36e96a7ef91645d41dd3bf2ece19a8ca","id":"ASB-A-342490466-1cd780a9","deprecated":false},{"signature_type":"Function","digest":{"function_hash":"273387260747125013363523233215867240594","length":739},"signature_version":"v1","target":{"file":"net/unix/af_unix.c","function":"unix_stream_recv_urg"},"source":"https://android.googlesource.com/kernel/common/+/de6fb073c606c19695893b874c005741fa4c0f06","id":"ASB-A-342490466-3f1aac73","deprecated":false},{"signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["12898838854434221361955670346883413761","281187255283261416937856725587190512647","237358337270355387388643455243139204321","167923650163664176006824923318156752123","247852294358432210813258254439124024580","179778604200500332107620422529019221081","66644715695927273793846970684666063534","294418092756032165720546228699187998862","212883820182780206171431942048283618298","269276023515162350051815727144609272241","225076982735021379131672500614146713985","334277325818211399534449792333300745147"]},"signature_version":"v1","target":{"file":"net/unix/af_unix.c"},"source":"https://android.googlesource.com/kernel/common/+/5c86c33a36e96a7ef91645d41dd3bf2ece19a8ca","id":"ASB-A-342490466-467eb092","deprecated":false},{"signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["12898838854434221361955670346883413761","281187255283261416937856725587190512647","237358337270355387388643455243139204321","167923650163664176006824923318156752123","247852294358432210813258254439124024580","179778604200500332107620422529019221081","66644715695927273793846970684666063534","294418092756032165720546228699187998862","212883820182780206171431942048283618298","269276023515162350051815727144609272241","225076982735021379131672500614146713985","334277325818211399534449792333300745147"]},"signature_version":"v1","target":{"file":"net/unix/af_unix.c"},"source":"https://android.googlesource.com/kernel/common/+/0e9ee9221f28d842f9d764cf4ce1e600a62470a7","id":"ASB-A-342490466-5438a90f","deprecated":false},{"signature_type":"Function","digest":{"function_hash":"60097453978575106304938121352532036748","length":3371},"signature_version":"v1","target":{"file":"net/unix/af_unix.c","function":"unix_stream_read_generic"},"source":"https://android.googlesource.com/kernel/common/+/5c86c33a36e96a7ef91645d41dd3bf2ece19a8ca","id":"ASB-A-342490466-5b4b8e90","deprecated":false},{"signature_type":"Function","digest":{"function_hash":"60097453978575106304938121352532036748","length":3371},"signature_version":"v1","target":{"file":"net/unix/af_unix.c","function":"unix_stream_read_generic"},"source":"https://android.googlesource.com/kernel/common/+/0e9ee9221f28d842f9d764cf4ce1e600a62470a7","id":"ASB-A-342490466-6ad310fc","deprecated":false},{"signature_type":"Function","digest":{"function_hash":"204840386611737069431911908430986124914","length":762},"signature_version":"v1","target":{"file":"net/unix/af_unix.c","function":"manage_oob"},"source":"https://android.googlesource.com/kernel/common/+/de6fb073c606c19695893b874c005741fa4c0f06","id":"ASB-A-342490466-842a9819","deprecated":false},{"signature_type":"Function","digest":{"function_hash":"204840386611737069431911908430986124914","length":762},"signature_version":"v1","target":{"file":"net/unix/af_unix.c","function":"manage_oob"},"source":"https://android.googlesource.com/kernel/common/+/685a016cdeac2b7f1d968c6b56e698547976e10d","id":"ASB-A-342490466-84491598","deprecated":false},{"signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["179904369906772442813952687533508936760","112877094314623297297532108694988313493","272044055355748369951572805757421426940","250191847698780052467595274490109004534"]},"signature_version":"v1","target":{"file":"net/unix/af_unix.c"},"source":"https://android.googlesource.com/kernel/common/+/30d168eb06cd8bd51d5cbf9c374b8bc6b667d7f6","id":"ASB-A-342490466-8bedfc7a","deprecated":false},{"signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["254304164795536250053127170783492138677","105462636328949246489903629108269668046","20573765473696067324831203188464769490","93832483395875750720796689483312547147","217780774133683158965324523859977731519","123215435071613848545107460336807057226","183142727679165382842700200721568998597","138051571796102409297802863785801489657","288484838968544984887739437775807415209","186019269047928716193985603977616600697","260693522245445690795225260964522969388","160081501034026980599823995568734046322","40305284401451820825613319017533599205","60532195400591136061990257697395378796","42821201480983946584326479636174284240","314639969027777242298588520473308271249","104288012559777059553736187259329671803","44265179350399165397171526591519960331","28612329891590521977152249056041237075","318925668682420257738872829661125961678","137172568043226062402333322073562116441","217083988873519472629542845744417000441","286067593580821388333339314075367549241","107129081346080638717275927934007700197","86944875138486024571549413838200342761","170660616878980343628198244979802036273","234557122560131040946338613905752951770","257990560573202138337444553177717994482","161065187970028706209042947438959079168","325960809431862154301076418446353217715","114146366935522974299599549901205903696"]},"signature_version":"v1","target":{"file":"net/unix/af_unix.c"},"source":"https://android.googlesource.com/kernel/common/+/de6fb073c606c19695893b874c005741fa4c0f06","id":"ASB-A-342490466-8e3829d2","deprecated":false},{"signature_type":"Function","digest":{"function_hash":"78752625956467784290503026470283977553","length":967},"signature_version":"v1","target":{"file":"net/unix/af_unix.c","function":"queue_oob"},"source":"https://android.googlesource.com/kernel/common/+/de6fb073c606c19695893b874c005741fa4c0f06","id":"ASB-A-342490466-94486d9e","deprecated":false},{"signature_type":"Function","digest":{"function_hash":"78752625956467784290503026470283977553","length":967},"signature_version":"v1","target":{"file":"net/unix/af_unix.c","function":"queue_oob"},"source":"https://android.googlesource.com/kernel/common/+/685a016cdeac2b7f1d968c6b56e698547976e10d","id":"ASB-A-342490466-b9ae1d00","deprecated":false},{"signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["254304164795536250053127170783492138677","105462636328949246489903629108269668046","20573765473696067324831203188464769490","93832483395875750720796689483312547147","217780774133683158965324523859977731519","123215435071613848545107460336807057226","183142727679165382842700200721568998597","138051571796102409297802863785801489657","288484838968544984887739437775807415209","186019269047928716193985603977616600697","260693522245445690795225260964522969388","160081501034026980599823995568734046322","40305284401451820825613319017533599205","60532195400591136061990257697395378796","42821201480983946584326479636174284240","314639969027777242298588520473308271249","104288012559777059553736187259329671803","44265179350399165397171526591519960331","28612329891590521977152249056041237075","318925668682420257738872829661125961678","137172568043226062402333322073562116441","217083988873519472629542845744417000441","286067593580821388333339314075367549241","107129081346080638717275927934007700197","86944875138486024571549413838200342761","170660616878980343628198244979802036273","234557122560131040946338613905752951770","257990560573202138337444553177717994482","161065187970028706209042947438959079168","325960809431862154301076418446353217715","114146366935522974299599549901205903696"]},"signature_version":"v1","target":{"file":"net/unix/af_unix.c"},"source":"https://android.googlesource.com/kernel/common/+/685a016cdeac2b7f1d968c6b56e698547976e10d","id":"ASB-A-342490466-cdbd55b8","deprecated":false},{"signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["179904369906772442813952687533508936760","112877094314623297297532108694988313493","272044055355748369951572805757421426940","250191847698780052467595274490109004534"]},"signature_version":"v1","target":{"file":"net/unix/af_unix.c"},"source":"https://android.googlesource.com/kernel/common/+/3169d3641a8f6e1c2c61c328d171665c5ec65780","id":"ASB-A-342490466-f71c4b22","deprecated":false}],"fixes":["https://android.googlesource.com/kernel/common/+/3169d3641a8f6e1c2c61c328d171665c5ec65780","https://android.googlesource.com/kernel/common/+/5c86c33a36e96a7ef91645d41dd3bf2ece19a8ca","https://android.googlesource.com/kernel/common/+/685a016cdeac2b7f1d968c6b56e698547976e10d","https://android.googlesource.com/kernel/common/+/30d168eb06cd8bd51d5cbf9c374b8bc6b667d7f6","https://android.googlesource.com/kernel/common/+/0e9ee9221f28d842f9d764cf4ce1e600a62470a7","https://android.googlesource.com/kernel/common/+/de6fb073c606c19695893b874c005741fa4c0f06"],"severity":"High","spl":"2024-09-05","types":["EoP"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv-test/ASB-A-342490466.json"}}],"schema_version":"1.7.5"}