{"id":"ASB-A-319081336","details":"In com_android_internal_os_ZygoteCommandBuffer_nativeForkRepeatedly of com_android_internal_os_ZygoteCommandBuffer.cpp, there is a possible method to perform arbitrary code execution in any app zygote processes due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-319081336","CVE-2024-34720"],"modified":"2026-05-11T15:02:59.160302Z","published":"2024-07-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2024-07-01"},{"type":"FIX","url":"https://android.googlesource.com/platform/frameworks/base/+/293e9ac230851acbec73f5ab12928d113d6283e1"}],"affected":[{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"14-next:0"},{"fixed":"14-next:2024-07-01"}]}],"versions":["14-next"],"ecosystem_specific":{"vanir_signatures":[{"id":"ASB-A-319081336-51d540c9","deprecated":false,"signature_version":"v1","target":{"file":"core/jni/com_android_internal_os_ZygoteCommandBuffer.cpp"},"signature_type":"Line","source":"https://android.googlesource.com/platform/frameworks/base/+/2ffc7cb220e4220b7e108c4043a3f0f2a85b6508","digest":{"line_hashes":["317233240326962103783385498755210420644","296667423886080615774550624209922421692","129960923227401362471093630573144279385","304172353776351389658884063083076523496","131872770965685154304502767829282250150","13824084930839371983762313109050624911","102627928074578630481165444809187618685","212917782405818034291743181298644256896","181936017352609397951073957723477062822","143470586625561298798199161157744287304","240446822133205767205712066697184985115","191685735335389930931448864934875632507","142106533339130824250475574150115034815","179675932057390629507016689397984118831","121460145586448302935282469884880198161","118897914026303112685523695703207452453","236354956869195670265777518040714003523","141452989353769876823270364516024846615","164578169460615367963344045338738268586","156850524629508349936041049715448427553","106091340302204710101684553389160528276","307159503741182151027791641757576113768","258151654653339928105850517610937582973","227831871290937760222265868007589373043","319741763726740516498334478655628845592","192499861258759845775090291670176985420","104365902721422811994148020088195838191","303388611646501293828267766437485685261","142721887958619895696664436841583325699","216963113424742529903608073011951637841","108244429092477133895134348028163617127","143917490582115337617262660209212378884","191652902911526587007866034096317885480","238073377692551404598449002651844110628","17615070987619399705353470778677118342","24639758249775324052182122198604942384","149253339903057985782503761594761208209","69342173929232291754317661286234341701","22732299344906296769031950774336152138","109507797160542994670257505215963696714","33727660859786154492514829642146997502","144220918641353379439856716593288165611","130754457846632833318495729362940082166","311507550749207462709854891205278632068","338359760086957921898478425767185929628","308057727047611294486335222965692051701","174367054006951318622709003250225681688","80424798898436142819700872394467518595","14990719072357954161935746479306405644","88475019087682199446899708018521736332","12746713889735369502899478048515868176"],"threshold":0.9}},{"id":"ASB-A-319081336-81d19f33","deprecated":false,"signature_version":"v1","target":{"file":"core/java/com/android/internal/os/ZygoteConnection.java"},"signature_type":"Line","source":"https://android.googlesource.com/platform/frameworks/base/+/2ffc7cb220e4220b7e108c4043a3f0f2a85b6508","digest":{"line_hashes":["175925776855749280662474255163233462320","57653288809250709138837272661559963770","321282934198361304589970067257563743053"],"threshold":0.9}},{"id":"ASB-A-319081336-9f4e5272","deprecated":false,"signature_version":"v1","target":{"function":"com_android_internal_os_ZygoteCommandBuffer_nativeForkRepeatedly","file":"core/jni/com_android_internal_os_ZygoteCommandBuffer.cpp"},"signature_type":"Function","source":"https://android.googlesource.com/platform/frameworks/base/+/2ffc7cb220e4220b7e108c4043a3f0f2a85b6508","digest":{"length":3705,"function_hash":"252853064456516822569561543412316875290"}},{"id":"ASB-A-319081336-fee26a3a","deprecated":false,"signature_version":"v1","target":{"function":"ZygoteConnection","file":"core/java/com/android/internal/os/ZygoteConnection.java"},"signature_type":"Function","source":"https://android.googlesource.com/platform/frameworks/base/+/2ffc7cb220e4220b7e108c4043a3f0f2a85b6508","digest":{"length":371,"function_hash":"10780509860466616852010073818185046546"}}],"severity":"High","spl":"2024-07-01","types":["EoP"],"fixes":["https://android.googlesource.com/platform/frameworks/base/+/2ffc7cb220e4220b7e108c4043a3f0f2a85b6508"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-319081336.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12:0"},{"fixed":"12:2024-07-01"}]}],"versions":["12"],"ecosystem_specific":{"vanir_signatures":[{"id":"ASB-A-319081336-01e009d9","deprecated":false,"signature_version":"v1","target":{"file":"core/java/com/android/internal/os/ZygoteConnection.java"},"signature_type":"Line","source":"https://android.googlesource.com/platform/frameworks/base/+/e397fd3d20c3f409311e411387ec1524ccecf085","digest":{"line_hashes":["175925776855749280662474255163233462320","57653288809250709138837272661559963770","321282934198361304589970067257563743053"],"threshold":0.9}},{"id":"ASB-A-319081336-3c15d13f","deprecated":false,"signature_version":"v1","target":{"function":"ZygoteConnection","file":"core/java/com/android/internal/os/ZygoteConnection.java"},"signature_type":"Function","source":"https://android.googlesource.com/platform/frameworks/base/+/e397fd3d20c3f409311e411387ec1524ccecf085","digest":{"length":371,"function_hash":"10780509860466616852010073818185046546"}},{"id":"ASB-A-319081336-5207b073","deprecated":false,"signature_version":"v1","target":{"file":"core/jni/com_android_internal_os_ZygoteCommandBuffer.cpp"},"signature_type":"Line","source":"https://android.googlesource.com/platform/frameworks/base/+/e397fd3d20c3f409311e411387ec1524ccecf085","digest":{"line_hashes":["317233240326962103783385498755210420644","296667423886080615774550624209922421692","129960923227401362471093630573144279385","304172353776351389658884063083076523496","131872770965685154304502767829282250150","13824084930839371983762313109050624911","102627928074578630481165444809187618685","5659273744916597745673758373358935939","8454437843820904117148902795166399911","339256820438220454513388609208289533199","282885346148124905769032779509287811805","108562414649489750360654242104747262370","82457752288454104992941837079639389495","119217477883469227992815259889969073435","160299110023525824055677196912727947608","236354956869195670265777518040714003523","141452989353769876823270364516024846615","34297168247109333827089179858277712667","250601035972178309186197961840655205030","169251440979766861289147893384586547824","291691221036455712275335983231371916590","314738494480226914459393766577186595693","258151654653339928105850517610937582973","227831871290937760222265868007589373043","319741763726740516498334478655628845592","192499861258759845775090291670176985420","104365902721422811994148020088195838191","303388611646501293828267766437485685261","142721887958619895696664436841583325699","216963113424742529903608073011951637841","108244429092477133895134348028163617127","143917490582115337617262660209212378884","191652902911526587007866034096317885480","238073377692551404598449002651844110628","17615070987619399705353470778677118342","24639758249775324052182122198604942384","149253339903057985782503761594761208209","69342173929232291754317661286234341701","22732299344906296769031950774336152138","109507797160542994670257505215963696714","33727660859786154492514829642146997502","144220918641353379439856716593288165611","130754457846632833318495729362940082166","311507550749207462709854891205278632068","338359760086957921898478425767185929628","308057727047611294486335222965692051701","174367054006951318622709003250225681688","80424798898436142819700872394467518595","14990719072357954161935746479306405644","88475019087682199446899708018521736332","12746713889735369502899478048515868176"],"threshold":0.9}},{"id":"ASB-A-319081336-98e24749","deprecated":false,"signature_version":"v1","target":{"function":"com_android_internal_os_ZygoteCommandBuffer_nativeForkRepeatedly","file":"core/jni/com_android_internal_os_ZygoteCommandBuffer.cpp"},"signature_type":"Function","source":"https://android.googlesource.com/platform/frameworks/base/+/e397fd3d20c3f409311e411387ec1524ccecf085","digest":{"length":3515,"function_hash":"242106198165723353330994485941128869127"}}],"severity":"High","spl":"2024-07-01","types":["EoP"],"fixes":["https://android.googlesource.com/platform/frameworks/base/+/e397fd3d20c3f409311e411387ec1524ccecf085"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-319081336.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12L:0"},{"fixed":"12L:2024-07-01"}]}],"versions":["12L"],"ecosystem_specific":{"vanir_signatures":[{"id":"ASB-A-319081336-2a2ca092","deprecated":false,"signature_version":"v1","target":{"file":"core/java/com/android/internal/os/ZygoteConnection.java"},"signature_type":"Line","source":"https://android.googlesource.com/platform/frameworks/base/+/e397fd3d20c3f409311e411387ec1524ccecf085","digest":{"line_hashes":["175925776855749280662474255163233462320","57653288809250709138837272661559963770","321282934198361304589970067257563743053"],"threshold":0.9}},{"id":"ASB-A-319081336-b11fd481","deprecated":false,"signature_version":"v1","target":{"function":"ZygoteConnection","file":"core/java/com/android/internal/os/ZygoteConnection.java"},"signature_type":"Function","source":"https://android.googlesource.com/platform/frameworks/base/+/e397fd3d20c3f409311e411387ec1524ccecf085","digest":{"length":371,"function_hash":"10780509860466616852010073818185046546"}},{"id":"ASB-A-319081336-b4db0f9f","deprecated":false,"signature_version":"v1","target":{"function":"com_android_internal_os_ZygoteCommandBuffer_nativeForkRepeatedly","file":"core/jni/com_android_internal_os_ZygoteCommandBuffer.cpp"},"signature_type":"Function","source":"https://android.googlesource.com/platform/frameworks/base/+/e397fd3d20c3f409311e411387ec1524ccecf085","digest":{"length":3515,"function_hash":"242106198165723353330994485941128869127"}},{"id":"ASB-A-319081336-fef61f15","deprecated":false,"signature_version":"v1","target":{"file":"core/jni/com_android_internal_os_ZygoteCommandBuffer.cpp"},"signature_type":"Line","source":"https://android.googlesource.com/platform/frameworks/base/+/e397fd3d20c3f409311e411387ec1524ccecf085","digest":{"line_hashes":["317233240326962103783385498755210420644","296667423886080615774550624209922421692","129960923227401362471093630573144279385","304172353776351389658884063083076523496","131872770965685154304502767829282250150","13824084930839371983762313109050624911","102627928074578630481165444809187618685","5659273744916597745673758373358935939","8454437843820904117148902795166399911","339256820438220454513388609208289533199","282885346148124905769032779509287811805","108562414649489750360654242104747262370","82457752288454104992941837079639389495","119217477883469227992815259889969073435","160299110023525824055677196912727947608","236354956869195670265777518040714003523","141452989353769876823270364516024846615","34297168247109333827089179858277712667","250601035972178309186197961840655205030","169251440979766861289147893384586547824","291691221036455712275335983231371916590","314738494480226914459393766577186595693","258151654653339928105850517610937582973","227831871290937760222265868007589373043","319741763726740516498334478655628845592","192499861258759845775090291670176985420","104365902721422811994148020088195838191","303388611646501293828267766437485685261","142721887958619895696664436841583325699","216963113424742529903608073011951637841","108244429092477133895134348028163617127","143917490582115337617262660209212378884","191652902911526587007866034096317885480","238073377692551404598449002651844110628","17615070987619399705353470778677118342","24639758249775324052182122198604942384","149253339903057985782503761594761208209","69342173929232291754317661286234341701","22732299344906296769031950774336152138","109507797160542994670257505215963696714","33727660859786154492514829642146997502","144220918641353379439856716593288165611","130754457846632833318495729362940082166","311507550749207462709854891205278632068","338359760086957921898478425767185929628","308057727047611294486335222965692051701","174367054006951318622709003250225681688","80424798898436142819700872394467518595","14990719072357954161935746479306405644","88475019087682199446899708018521736332","12746713889735369502899478048515868176"],"threshold":0.9}}],"severity":"High","spl":"2024-07-01","types":["EoP"],"fixes":["https://android.googlesource.com/platform/frameworks/base/+/e397fd3d20c3f409311e411387ec1524ccecf085"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-319081336.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"13:0"},{"fixed":"13:2024-07-01"}]}],"versions":["13"],"ecosystem_specific":{"vanir_signatures":[{"id":"ASB-A-319081336-6dd2ed64","deprecated":false,"signature_version":"v1","target":{"file":"core/jni/com_android_internal_os_ZygoteCommandBuffer.cpp"},"signature_type":"Line","source":"https://android.googlesource.com/platform/frameworks/base/+/f1d4b34ad51b6ccb84ab042486923da8b2451e0f","digest":{"line_hashes":["317233240326962103783385498755210420644","296667423886080615774550624209922421692","129960923227401362471093630573144279385","304172353776351389658884063083076523496","131872770965685154304502767829282250150","13824084930839371983762313109050624911","102627928074578630481165444809187618685","212917782405818034291743181298644256896","181936017352609397951073957723477062822","143470586625561298798199161157744287304","240446822133205767205712066697184985115","191685735335389930931448864934875632507","108562414649489750360654242104747262370","82457752288454104992941837079639389495","119217477883469227992815259889969073435","160299110023525824055677196912727947608","236354956869195670265777518040714003523","141452989353769876823270364516024846615","34297168247109333827089179858277712667","250601035972178309186197961840655205030","169251440979766861289147893384586547824","291691221036455712275335983231371916590","314738494480226914459393766577186595693","258151654653339928105850517610937582973","227831871290937760222265868007589373043","319741763726740516498334478655628845592","192499861258759845775090291670176985420","104365902721422811994148020088195838191","303388611646501293828267766437485685261","142721887958619895696664436841583325699","216963113424742529903608073011951637841","108244429092477133895134348028163617127","143917490582115337617262660209212378884","191652902911526587007866034096317885480","238073377692551404598449002651844110628","17615070987619399705353470778677118342","24639758249775324052182122198604942384","149253339903057985782503761594761208209","69342173929232291754317661286234341701","22732299344906296769031950774336152138","109507797160542994670257505215963696714","33727660859786154492514829642146997502","144220918641353379439856716593288165611","130754457846632833318495729362940082166","311507550749207462709854891205278632068","338359760086957921898478425767185929628","308057727047611294486335222965692051701","174367054006951318622709003250225681688","80424798898436142819700872394467518595","14990719072357954161935746479306405644","88475019087682199446899708018521736332","12746713889735369502899478048515868176"],"threshold":0.9}},{"id":"ASB-A-319081336-7a889e6b","deprecated":false,"signature_version":"v1","target":{"function":"com_android_internal_os_ZygoteCommandBuffer_nativeForkRepeatedly","file":"core/jni/com_android_internal_os_ZygoteCommandBuffer.cpp"},"signature_type":"Function","source":"https://android.googlesource.com/platform/frameworks/base/+/f1d4b34ad51b6ccb84ab042486923da8b2451e0f","digest":{"length":3581,"function_hash":"119699853986043324337276296617717304736"}},{"id":"ASB-A-319081336-bc44d958","deprecated":false,"signature_version":"v1","target":{"function":"ZygoteConnection","file":"core/java/com/android/internal/os/ZygoteConnection.java"},"signature_type":"Function","source":"https://android.googlesource.com/platform/frameworks/base/+/f1d4b34ad51b6ccb84ab042486923da8b2451e0f","digest":{"length":371,"function_hash":"10780509860466616852010073818185046546"}},{"id":"ASB-A-319081336-d834c6bb","deprecated":false,"signature_version":"v1","target":{"file":"core/java/com/android/internal/os/ZygoteConnection.java"},"signature_type":"Line","source":"https://android.googlesource.com/platform/frameworks/base/+/f1d4b34ad51b6ccb84ab042486923da8b2451e0f","digest":{"line_hashes":["175925776855749280662474255163233462320","57653288809250709138837272661559963770","321282934198361304589970067257563743053"],"threshold":0.9}}],"severity":"High","spl":"2024-07-01","types":["EoP"],"fixes":["https://android.googlesource.com/platform/frameworks/base/+/f1d4b34ad51b6ccb84ab042486923da8b2451e0f"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-319081336.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"14:0"},{"fixed":"14:2024-07-01"}]}],"versions":["14"],"ecosystem_specific":{"vanir_signatures":[{"id":"ASB-A-319081336-4937e03d","deprecated":false,"signature_version":"v1","target":{"file":"core/jni/com_android_internal_os_ZygoteCommandBuffer.cpp"},"signature_type":"Line","source":"https://android.googlesource.com/platform/frameworks/base/+/e4b3ba817073b66ee37da8f1aba93b345309b435","digest":{"line_hashes":["317233240326962103783385498755210420644","296667423886080615774550624209922421692","129960923227401362471093630573144279385","304172353776351389658884063083076523496","131872770965685154304502767829282250150","13824084930839371983762313109050624911","102627928074578630481165444809187618685","212917782405818034291743181298644256896","181936017352609397951073957723477062822","143470586625561298798199161157744287304","240446822133205767205712066697184985115","191685735335389930931448864934875632507","108562414649489750360654242104747262370","82457752288454104992941837079639389495","119217477883469227992815259889969073435","160299110023525824055677196912727947608","236354956869195670265777518040714003523","141452989353769876823270364516024846615","34297168247109333827089179858277712667","250601035972178309186197961840655205030","169251440979766861289147893384586547824","291691221036455712275335983231371916590","314738494480226914459393766577186595693","258151654653339928105850517610937582973","227831871290937760222265868007589373043","319741763726740516498334478655628845592","192499861258759845775090291670176985420","104365902721422811994148020088195838191","303388611646501293828267766437485685261","142721887958619895696664436841583325699","216963113424742529903608073011951637841","108244429092477133895134348028163617127","143917490582115337617262660209212378884","191652902911526587007866034096317885480","238073377692551404598449002651844110628","17615070987619399705353470778677118342","24639758249775324052182122198604942384","149253339903057985782503761594761208209","69342173929232291754317661286234341701","22732299344906296769031950774336152138","109507797160542994670257505215963696714","33727660859786154492514829642146997502","144220918641353379439856716593288165611","130754457846632833318495729362940082166","311507550749207462709854891205278632068","338359760086957921898478425767185929628","308057727047611294486335222965692051701","174367054006951318622709003250225681688","80424798898436142819700872394467518595","14990719072357954161935746479306405644","88475019087682199446899708018521736332","12746713889735369502899478048515868176"],"threshold":0.9}},{"id":"ASB-A-319081336-543254a6","deprecated":false,"signature_version":"v1","target":{"file":"core/java/com/android/internal/os/ZygoteConnection.java"},"signature_type":"Line","source":"https://android.googlesource.com/platform/frameworks/base/+/e4b3ba817073b66ee37da8f1aba93b345309b435","digest":{"line_hashes":["175925776855749280662474255163233462320","57653288809250709138837272661559963770","321282934198361304589970067257563743053"],"threshold":0.9}},{"id":"ASB-A-319081336-614ec153","deprecated":false,"signature_version":"v1","target":{"function":"ZygoteConnection","file":"core/java/com/android/internal/os/ZygoteConnection.java"},"signature_type":"Function","source":"https://android.googlesource.com/platform/frameworks/base/+/e4b3ba817073b66ee37da8f1aba93b345309b435","digest":{"length":371,"function_hash":"10780509860466616852010073818185046546"}},{"id":"ASB-A-319081336-a4648716","deprecated":false,"signature_version":"v1","target":{"function":"com_android_internal_os_ZygoteCommandBuffer_nativeForkRepeatedly","file":"core/jni/com_android_internal_os_ZygoteCommandBuffer.cpp"},"signature_type":"Function","source":"https://android.googlesource.com/platform/frameworks/base/+/e4b3ba817073b66ee37da8f1aba93b345309b435","digest":{"length":3581,"function_hash":"119699853986043324337276296617717304736"}}],"severity":"High","spl":"2024-07-01","types":["EoP"],"fixes":["https://android.googlesource.com/platform/frameworks/base/+/e4b3ba817073b66ee37da8f1aba93b345309b435"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-319081336.json"}}],"schema_version":"1.7.5"}