{"id":"ASB-A-272382770","details":"In run of MDnsSdListener.cpp, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-272382770","CVE-2023-40084"],"modified":"2026-05-01T15:24:27.653932Z","published":"2023-12-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2023-12-01"},{"type":"FIX","url":"https://android.googlesource.com/platform/system/netd/+/1b8bddd96b2efd4074b6d4eee377b62077c031bd"}],"affected":[{"package":{"name":"platform/system/netd","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"14-next:0"},{"fixed":"14-next:2023-12-01"}]}],"versions":["14-next"],"ecosystem_specific":{"vanir_signatures":[{"source":"https://android.googlesource.com/platform/system/netd/+/9c0c15f80cffb98b36284dd169a2e62e059dbbe3","id":"ASB-A-272382770-181e397f","signature_type":"Line","signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["288508001039333069095848688273573531797","119851012097575545574449533524428691588","91690786432259530172833243249254683079","196148582152129290754150781018897335228","117385763178379715783697240385224354282","133660162135826535019520307634805969353","83642766951557862843112062353733482238","285900262454053172078146923260102989391","70130527465617955341242483235546251692","35090800821588695100548174024815050316","188247135441538865091472115786154298093","207860304642737827790593779345712681566","277864375828173986312926860465223456810","164439631528111666422574620968366918734","178858012821372576660814355102254142221","96937810834973924626786171601908546046","14594971207492405593484842617450939425","327845481311144321233431521323583426093","278700213770189598839311216460650541832","184700282589846506376289741823473344352","48274737620753965742853755971081621258","84263607015463576121744956121371845351","211782208487908126612865375965667170893"]},"target":{"file":"server/MDnsSdListener.cpp"},"deprecated":false},{"source":"https://android.googlesource.com/platform/system/netd/+/9c0c15f80cffb98b36284dd169a2e62e059dbbe3","id":"ASB-A-272382770-6fdd0356","signature_type":"Line","signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["175101083521474262969585747595096688097","177325453451212205003267507749188228088","210759678224050503828066907629831213842","144918195253254391169421628398297121388","217931119106372575049674853995296013363","231101638386576884617936173699719364359","262772268653452037871936653269320894869","50301795927138483764376666351031952474","64591340792462984237610343208853468334","46760820441747493728563123423398048732","334923012185537920638313452033992947385","160464814534566015689892087670364402674"]},"target":{"file":"server/MDnsSdListener.h"},"deprecated":false},{"source":"https://android.googlesource.com/platform/system/netd/+/9c0c15f80cffb98b36284dd169a2e62e059dbbe3","id":"ASB-A-272382770-bafffaed","signature_type":"Function","signature_version":"v1","digest":{"length":1806,"function_hash":"60549781693429576282479641499585071981"},"target":{"file":"server/MDnsSdListener.cpp","function":"MDnsSdListener::Monitor::run"},"deprecated":false},{"source":"https://android.googlesource.com/platform/system/netd/+/9c0c15f80cffb98b36284dd169a2e62e059dbbe3","id":"ASB-A-272382770-c5af2dd8","signature_type":"Function","signature_version":"v1","digest":{"length":390,"function_hash":"49111509324040052961829791559015593766"},"target":{"file":"server/MDnsSdListener.cpp","function":"MDnsSdListener::Monitor::Monitor"},"deprecated":false}],"spl":"2023-12-01","fixes":["https://android.googlesource.com/platform/system/netd/+/9c0c15f80cffb98b36284dd169a2e62e059dbbe3"],"severity":"High","types":["EoP"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-272382770.json"}},{"package":{"name":"platform/system/netd","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"11:0"},{"fixed":"11:2023-12-01"}]}],"versions":["11"],"ecosystem_specific":{"vanir_signatures":[{"source":"https://android.googlesource.com/platform/system/netd/+/75e5e2e1faec7aa2812fc6fba30d6fe80558bacd","id":"ASB-A-272382770-04f723b7","signature_type":"Line","signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["288508001039333069095848688273573531797","119851012097575545574449533524428691588","91690786432259530172833243249254683079","191013523405452783030069400769807765426","117385763178379715783697240385224354282","133660162135826535019520307634805969353","83642766951557862843112062353733482238","285900262454053172078146923260102989391","70130527465617955341242483235546251692","35090800821588695100548174024815050316","188247135441538865091472115786154298093","207860304642737827790593779345712681566","277864375828173986312926860465223456810","164439631528111666422574620968366918734","178858012821372576660814355102254142221","96937810834973924626786171601908546046","14594971207492405593484842617450939425","327845481311144321233431521323583426093","278700213770189598839311216460650541832","184700282589846506376289741823473344352","48274737620753965742853755971081621258","84263607015463576121744956121371845351","211782208487908126612865375965667170893"]},"target":{"file":"server/MDnsSdListener.cpp"},"deprecated":false},{"source":"https://android.googlesource.com/platform/system/netd/+/75e5e2e1faec7aa2812fc6fba30d6fe80558bacd","id":"ASB-A-272382770-66a701ae","signature_type":"Line","signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["175101083521474262969585747595096688097","177325453451212205003267507749188228088","293326194872920841583463889641486284974","216741225980163612557763190513915026150","217931119106372575049674853995296013363","231101638386576884617936173699719364359","262772268653452037871936653269320894869","50301795927138483764376666351031952474","64591340792462984237610343208853468334","46760820441747493728563123423398048732","186886144997341325486840786359246052104","87935966302827637771757054879881645043"]},"target":{"file":"server/MDnsSdListener.h"},"deprecated":false},{"source":"https://android.googlesource.com/platform/system/netd/+/75e5e2e1faec7aa2812fc6fba30d6fe80558bacd","id":"ASB-A-272382770-9a51b9d3","signature_type":"Function","signature_version":"v1","digest":{"length":1756,"function_hash":"89771476549488489316653760079788142592"},"target":{"file":"server/MDnsSdListener.cpp","function":"MDnsSdListener::Monitor::run"},"deprecated":false},{"source":"https://android.googlesource.com/platform/system/netd/+/75e5e2e1faec7aa2812fc6fba30d6fe80558bacd","id":"ASB-A-272382770-e6770e71","signature_type":"Function","signature_version":"v1","digest":{"length":390,"function_hash":"49111509324040052961829791559015593766"},"target":{"file":"server/MDnsSdListener.cpp","function":"MDnsSdListener::Monitor::Monitor"},"deprecated":false}],"spl":"2023-12-01","fixes":["https://android.googlesource.com/platform/system/netd/+/75e5e2e1faec7aa2812fc6fba30d6fe80558bacd"],"severity":"High","types":["EoP"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-272382770.json"}},{"package":{"name":"platform/system/netd","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12:0"},{"fixed":"12:2023-12-01"}]}],"versions":["12"],"ecosystem_specific":{"vanir_signatures":[{"source":"https://android.googlesource.com/platform/system/netd/+/75e5e2e1faec7aa2812fc6fba30d6fe80558bacd","id":"ASB-A-272382770-a88802a2","signature_type":"Line","signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["288508001039333069095848688273573531797","119851012097575545574449533524428691588","91690786432259530172833243249254683079","191013523405452783030069400769807765426","117385763178379715783697240385224354282","133660162135826535019520307634805969353","83642766951557862843112062353733482238","285900262454053172078146923260102989391","70130527465617955341242483235546251692","35090800821588695100548174024815050316","188247135441538865091472115786154298093","207860304642737827790593779345712681566","277864375828173986312926860465223456810","164439631528111666422574620968366918734","178858012821372576660814355102254142221","96937810834973924626786171601908546046","14594971207492405593484842617450939425","327845481311144321233431521323583426093","278700213770189598839311216460650541832","184700282589846506376289741823473344352","48274737620753965742853755971081621258","84263607015463576121744956121371845351","211782208487908126612865375965667170893"]},"target":{"file":"server/MDnsSdListener.cpp"},"deprecated":false},{"source":"https://android.googlesource.com/platform/system/netd/+/75e5e2e1faec7aa2812fc6fba30d6fe80558bacd","id":"ASB-A-272382770-bde0da34","signature_type":"Line","signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["175101083521474262969585747595096688097","177325453451212205003267507749188228088","293326194872920841583463889641486284974","216741225980163612557763190513915026150","217931119106372575049674853995296013363","231101638386576884617936173699719364359","262772268653452037871936653269320894869","50301795927138483764376666351031952474","64591340792462984237610343208853468334","46760820441747493728563123423398048732","186886144997341325486840786359246052104","87935966302827637771757054879881645043"]},"target":{"file":"server/MDnsSdListener.h"},"deprecated":false},{"source":"https://android.googlesource.com/platform/system/netd/+/75e5e2e1faec7aa2812fc6fba30d6fe80558bacd","id":"ASB-A-272382770-be265695","signature_type":"Function","signature_version":"v1","digest":{"length":390,"function_hash":"49111509324040052961829791559015593766"},"target":{"file":"server/MDnsSdListener.cpp","function":"MDnsSdListener::Monitor::Monitor"},"deprecated":false},{"source":"https://android.googlesource.com/platform/system/netd/+/75e5e2e1faec7aa2812fc6fba30d6fe80558bacd","id":"ASB-A-272382770-e47129f9","signature_type":"Function","signature_version":"v1","digest":{"length":1756,"function_hash":"89771476549488489316653760079788142592"},"target":{"file":"server/MDnsSdListener.cpp","function":"MDnsSdListener::Monitor::run"},"deprecated":false}],"spl":"2023-12-01","fixes":["https://android.googlesource.com/platform/system/netd/+/75e5e2e1faec7aa2812fc6fba30d6fe80558bacd"],"severity":"High","types":["EoP"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-272382770.json"}},{"package":{"name":"platform/system/netd","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12L:0"},{"fixed":"12L:2023-12-01"}]}],"versions":["12L"],"ecosystem_specific":{"vanir_signatures":[{"source":"https://android.googlesource.com/platform/system/netd/+/75e5e2e1faec7aa2812fc6fba30d6fe80558bacd","id":"ASB-A-272382770-31755625","signature_type":"Line","signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["288508001039333069095848688273573531797","119851012097575545574449533524428691588","91690786432259530172833243249254683079","191013523405452783030069400769807765426","117385763178379715783697240385224354282","133660162135826535019520307634805969353","83642766951557862843112062353733482238","285900262454053172078146923260102989391","70130527465617955341242483235546251692","35090800821588695100548174024815050316","188247135441538865091472115786154298093","207860304642737827790593779345712681566","277864375828173986312926860465223456810","164439631528111666422574620968366918734","178858012821372576660814355102254142221","96937810834973924626786171601908546046","14594971207492405593484842617450939425","327845481311144321233431521323583426093","278700213770189598839311216460650541832","184700282589846506376289741823473344352","48274737620753965742853755971081621258","84263607015463576121744956121371845351","211782208487908126612865375965667170893"]},"target":{"file":"server/MDnsSdListener.cpp"},"deprecated":false},{"source":"https://android.googlesource.com/platform/system/netd/+/75e5e2e1faec7aa2812fc6fba30d6fe80558bacd","id":"ASB-A-272382770-5b898acd","signature_type":"Line","signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["175101083521474262969585747595096688097","177325453451212205003267507749188228088","293326194872920841583463889641486284974","216741225980163612557763190513915026150","217931119106372575049674853995296013363","231101638386576884617936173699719364359","262772268653452037871936653269320894869","50301795927138483764376666351031952474","64591340792462984237610343208853468334","46760820441747493728563123423398048732","186886144997341325486840786359246052104","87935966302827637771757054879881645043"]},"target":{"file":"server/MDnsSdListener.h"},"deprecated":false},{"source":"https://android.googlesource.com/platform/system/netd/+/75e5e2e1faec7aa2812fc6fba30d6fe80558bacd","id":"ASB-A-272382770-8b4d58d8","signature_type":"Function","signature_version":"v1","digest":{"length":390,"function_hash":"49111509324040052961829791559015593766"},"target":{"file":"server/MDnsSdListener.cpp","function":"MDnsSdListener::Monitor::Monitor"},"deprecated":false},{"source":"https://android.googlesource.com/platform/system/netd/+/75e5e2e1faec7aa2812fc6fba30d6fe80558bacd","id":"ASB-A-272382770-ca4cad26","signature_type":"Function","signature_version":"v1","digest":{"length":1756,"function_hash":"89771476549488489316653760079788142592"},"target":{"file":"server/MDnsSdListener.cpp","function":"MDnsSdListener::Monitor::run"},"deprecated":false}],"spl":"2023-12-01","fixes":["https://android.googlesource.com/platform/system/netd/+/75e5e2e1faec7aa2812fc6fba30d6fe80558bacd"],"severity":"High","types":["EoP"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-272382770.json"}},{"package":{"name":"platform/system/netd","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"13:0"},{"fixed":"13:2023-12-01"}]}],"versions":["13"],"ecosystem_specific":{"vanir_signatures":[{"source":"https://android.googlesource.com/platform/system/netd/+/75e5e2e1faec7aa2812fc6fba30d6fe80558bacd","id":"ASB-A-272382770-3fb6e4ba","signature_type":"Line","signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["175101083521474262969585747595096688097","177325453451212205003267507749188228088","293326194872920841583463889641486284974","216741225980163612557763190513915026150","217931119106372575049674853995296013363","231101638386576884617936173699719364359","262772268653452037871936653269320894869","50301795927138483764376666351031952474","64591340792462984237610343208853468334","46760820441747493728563123423398048732","186886144997341325486840786359246052104","87935966302827637771757054879881645043"]},"target":{"file":"server/MDnsSdListener.h"},"deprecated":false},{"source":"https://android.googlesource.com/platform/system/netd/+/75e5e2e1faec7aa2812fc6fba30d6fe80558bacd","id":"ASB-A-272382770-4d22e6f4","signature_type":"Function","signature_version":"v1","digest":{"length":390,"function_hash":"49111509324040052961829791559015593766"},"target":{"file":"server/MDnsSdListener.cpp","function":"MDnsSdListener::Monitor::Monitor"},"deprecated":false},{"source":"https://android.googlesource.com/platform/system/netd/+/75e5e2e1faec7aa2812fc6fba30d6fe80558bacd","id":"ASB-A-272382770-5dde3789","signature_type":"Function","signature_version":"v1","digest":{"length":1756,"function_hash":"89771476549488489316653760079788142592"},"target":{"file":"server/MDnsSdListener.cpp","function":"MDnsSdListener::Monitor::run"},"deprecated":false},{"source":"https://android.googlesource.com/platform/system/netd/+/75e5e2e1faec7aa2812fc6fba30d6fe80558bacd","id":"ASB-A-272382770-7899e47b","signature_type":"Line","signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["288508001039333069095848688273573531797","119851012097575545574449533524428691588","91690786432259530172833243249254683079","191013523405452783030069400769807765426","117385763178379715783697240385224354282","133660162135826535019520307634805969353","83642766951557862843112062353733482238","285900262454053172078146923260102989391","70130527465617955341242483235546251692","35090800821588695100548174024815050316","188247135441538865091472115786154298093","207860304642737827790593779345712681566","277864375828173986312926860465223456810","164439631528111666422574620968366918734","178858012821372576660814355102254142221","96937810834973924626786171601908546046","14594971207492405593484842617450939425","327845481311144321233431521323583426093","278700213770189598839311216460650541832","184700282589846506376289741823473344352","48274737620753965742853755971081621258","84263607015463576121744956121371845351","211782208487908126612865375965667170893"]},"target":{"file":"server/MDnsSdListener.cpp"},"deprecated":false}],"spl":"2023-12-01","fixes":["https://android.googlesource.com/platform/system/netd/+/75e5e2e1faec7aa2812fc6fba30d6fe80558bacd"],"severity":"High","types":["EoP"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-272382770.json"}},{"package":{"name":"platform/system/netd","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"14:0"},{"fixed":"14:2023-12-01"}]}],"versions":["14"],"ecosystem_specific":{"vanir_signatures":[{"source":"https://android.googlesource.com/platform/system/netd/+/75e5e2e1faec7aa2812fc6fba30d6fe80558bacd","id":"ASB-A-272382770-71a651fa","signature_type":"Line","signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["175101083521474262969585747595096688097","177325453451212205003267507749188228088","293326194872920841583463889641486284974","216741225980163612557763190513915026150","217931119106372575049674853995296013363","231101638386576884617936173699719364359","262772268653452037871936653269320894869","50301795927138483764376666351031952474","64591340792462984237610343208853468334","46760820441747493728563123423398048732","186886144997341325486840786359246052104","87935966302827637771757054879881645043"]},"target":{"file":"server/MDnsSdListener.h"},"deprecated":false},{"source":"https://android.googlesource.com/platform/system/netd/+/75e5e2e1faec7aa2812fc6fba30d6fe80558bacd","id":"ASB-A-272382770-75600f36","signature_type":"Function","signature_version":"v1","digest":{"length":390,"function_hash":"49111509324040052961829791559015593766"},"target":{"file":"server/MDnsSdListener.cpp","function":"MDnsSdListener::Monitor::Monitor"},"deprecated":false},{"source":"https://android.googlesource.com/platform/system/netd/+/75e5e2e1faec7aa2812fc6fba30d6fe80558bacd","id":"ASB-A-272382770-a8c5ab15","signature_type":"Line","signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["288508001039333069095848688273573531797","119851012097575545574449533524428691588","91690786432259530172833243249254683079","191013523405452783030069400769807765426","117385763178379715783697240385224354282","133660162135826535019520307634805969353","83642766951557862843112062353733482238","285900262454053172078146923260102989391","70130527465617955341242483235546251692","35090800821588695100548174024815050316","188247135441538865091472115786154298093","207860304642737827790593779345712681566","277864375828173986312926860465223456810","164439631528111666422574620968366918734","178858012821372576660814355102254142221","96937810834973924626786171601908546046","14594971207492405593484842617450939425","327845481311144321233431521323583426093","278700213770189598839311216460650541832","184700282589846506376289741823473344352","48274737620753965742853755971081621258","84263607015463576121744956121371845351","211782208487908126612865375965667170893"]},"target":{"file":"server/MDnsSdListener.cpp"},"deprecated":false},{"source":"https://android.googlesource.com/platform/system/netd/+/75e5e2e1faec7aa2812fc6fba30d6fe80558bacd","id":"ASB-A-272382770-e259a415","signature_type":"Function","signature_version":"v1","digest":{"length":1756,"function_hash":"89771476549488489316653760079788142592"},"target":{"file":"server/MDnsSdListener.cpp","function":"MDnsSdListener::Monitor::run"},"deprecated":false}],"spl":"2023-12-01","fixes":["https://android.googlesource.com/platform/system/netd/+/75e5e2e1faec7aa2812fc6fba30d6fe80558bacd"],"severity":"High","types":["EoP"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-272382770.json"}}],"schema_version":"1.7.5"}