CVE-2024-31313Out-of-bounds Write in System Libfmq

CWE-787Out-of-bounds WriteCWE-269Improper Privilege Management5 documents5 sources
Severity
7.8HIGHNVD
EPSS
0.0%
top 86.24%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Platform System LibfmqGoogle Android
Timeline
PublishedJul 9

Description

In availableToWriteBytes of MessageQueueBase.h, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

Androidplatform/system_libfmq14-next:014-next:2024-06-01+4
CVEListV5google/android4 versions+3
NVDgoogle/android4 versions+3

Patches

Patch: android.googlesource.comPatch: source.android.comPatch: android.googlesource.com

🔴Vulnerability Details

3
CVEList
CVE-2024-31313: In availableToWriteBytes of MessageQueueBase2024-07-09
GHSA
GHSA-vqgf-5288-7fgg: In availableToWriteBytes of MessageQueueBase2024-07-09
OSV
CVE-2024-31313: In availableToWriteBytes of MessageQueueBase2024-06-01

📋Vendor Advisories

1
Android
CVE-2024-31313: Android Security Bulletin 2024-06-01 CVE: CVE-2024-31313 Severity: HIGH Type: EoP Affected AOSP versions: 12, 12L, 13, 14 References: A-3213415082024-06-01
CVE-2024-31313 — Out-of-bounds Write in System Libfmq | cvebase