VDB
ASB-A-299123598
ASB-A-299123598
PUBLISHED
CVSS 7.5 HIGH
In unix_stream_sendpage of af_unix.c, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.
Risk Scores
CVSS 4.0
7.5
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Android | :linux_kernel: | :0, Kernel, * |
Timeline
- May 1, 2024 CVE Published
- May 15, 2026 CVE Updated
References
- https://source.android.com/security/bulletin/2024-05-01 advisory
- https://android.googlesource.com/kernel/common/+/e6ed59127c865 patch
- https://android.googlesource.com/kernel/common/+/790c2f9d15b59 patch
- https://android.googlesource.com/kernel/common/+/84d3e59750bbd patch
- https://android.googlesource.com/kernel/common/+/d39fc9b94dc07 patch