{"id":"ASB-A-321341508","details":"In availableToWriteBytes of MessageQueueBase.h, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-321341508","CVE-2024-31313"],"modified":"2026-05-22T15:55:21.353668239Z","published":"2024-06-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2024-06-01"},{"type":"FIX","url":"https://android.googlesource.com/platform/system/libfmq/+/79bbf4aeef4b254c52da670a972e22956c8c659d"}],"affected":[{"package":{"name":"platform/system/libfmq","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"14-next:0"},{"fixed":"14-next:2024-06-01"}]}],"versions":["14-next"],"ecosystem_specific":{"severity":"High","spl":"2024-06-01","vanir_signatures":[{"target":{"function":"availableToWriteBytes","file":"include/fmq/MessageQueueBase.h"},"source":"https://android.googlesource.com/platform/system/libfmq/+/db9028d6eead72c9cd45da48087ec6d5f1ac9c5a","signature_version":"v1","deprecated":false,"digest":{"length":67,"function_hash":"152908095466554525151767292445838411466"},"id":"ASB-A-321341508-b6da29fd","signature_type":"Function"},{"target":{"function":"availableToReadBytes","file":"include/fmq/MessageQueueBase.h"},"digest":{"length":132,"function_hash":"42176836157770431253731899450536067667"},"signature_version":"v1","deprecated":false,"source":"https://android.googlesource.com/platform/system/libfmq/+/db9028d6eead72c9cd45da48087ec6d5f1ac9c5a","id":"ASB-A-321341508-d833764a","signature_type":"Function"},{"target":{"file":"include/fmq/MessageQueueBase.h"},"source":"https://android.googlesource.com/platform/system/libfmq/+/db9028d6eead72c9cd45da48087ec6d5f1ac9c5a","signature_version":"v1","deprecated":false,"digest":{"line_hashes":["223300289963335374737942252888573102210","18488681837412616122657724577069121117","117125899055428656738178779745640830831","124740727282001485722438669538694109634","26754661951786742350714602196532112434","309930484527067763940979091410551508531","12256677282735441436613688363205428834","296149326157022037812024307966699756893","186726450763857558586092957778372274909","109017410997082114250456964558342449531"],"threshold":0.9},"id":"ASB-A-321341508-eecf1aa8","signature_type":"Line"}],"types":["EoP"],"fixes":["https://android.googlesource.com/platform/system/libfmq/+/db9028d6eead72c9cd45da48087ec6d5f1ac9c5a"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-321341508.json"}},{"package":{"name":"platform/system/libfmq","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12:0"},{"fixed":"12:2024-06-01"}]}],"versions":["12"],"ecosystem_specific":{"severity":"High","spl":"2024-06-01","vanir_signatures":[{"target":{"function":"availableToWriteBytes","file":"include/fmq/MessageQueueBase.h"},"digest":{"length":67,"function_hash":"152908095466554525151767292445838411466"},"signature_version":"v1","deprecated":false,"source":"https://android.googlesource.com/platform/system/libfmq/+/af19e0ef034174afd794563552f91303fd9f1529","id":"ASB-A-321341508-4c2650f1","signature_type":"Function"},{"target":{"function":"availableToReadBytes","file":"include/fmq/MessageQueueBase.h"},"source":"https://android.googlesource.com/platform/system/libfmq/+/af19e0ef034174afd794563552f91303fd9f1529","signature_version":"v1","deprecated":false,"digest":{"length":132,"function_hash":"42176836157770431253731899450536067667"},"id":"ASB-A-321341508-c7b1ad30","signature_type":"Function"},{"target":{"file":"include/fmq/MessageQueueBase.h"},"digest":{"line_hashes":["223300289963335374737942252888573102210","18488681837412616122657724577069121117","117125899055428656738178779745640830831","124740727282001485722438669538694109634","26754661951786742350714602196532112434","309930484527067763940979091410551508531","12256677282735441436613688363205428834","296149326157022037812024307966699756893","186726450763857558586092957778372274909","109017410997082114250456964558342449531"],"threshold":0.9},"signature_version":"v1","deprecated":false,"source":"https://android.googlesource.com/platform/system/libfmq/+/af19e0ef034174afd794563552f91303fd9f1529","id":"ASB-A-321341508-eb5c74d7","signature_type":"Line"}],"fixes":["https://android.googlesource.com/platform/system/libfmq/+/af19e0ef034174afd794563552f91303fd9f1529"],"types":["EoP"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-321341508.json"}},{"package":{"name":"platform/system/libfmq","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12L:0"},{"fixed":"12L:2024-06-01"}]}],"versions":["12L"],"ecosystem_specific":{"severity":"High","vanir_signatures":[{"target":{"file":"include/fmq/MessageQueueBase.h"},"source":"https://android.googlesource.com/platform/system/libfmq/+/b923a7c0d0d25de7b0c9ba7a7c2a3e917819d95a","signature_version":"v1","deprecated":false,"digest":{"line_hashes":["223300289963335374737942252888573102210","18488681837412616122657724577069121117","117125899055428656738178779745640830831","124740727282001485722438669538694109634","26754661951786742350714602196532112434","309930484527067763940979091410551508531","12256677282735441436613688363205428834","296149326157022037812024307966699756893","186726450763857558586092957778372274909","109017410997082114250456964558342449531"],"threshold":0.9},"id":"ASB-A-321341508-71cda85e","signature_type":"Line"},{"target":{"function":"availableToWriteBytes","file":"include/fmq/MessageQueueBase.h"},"digest":{"length":67,"function_hash":"152908095466554525151767292445838411466"},"signature_version":"v1","deprecated":false,"source":"https://android.googlesource.com/platform/system/libfmq/+/b923a7c0d0d25de7b0c9ba7a7c2a3e917819d95a","id":"ASB-A-321341508-99698b61","signature_type":"Function"},{"target":{"function":"availableToReadBytes","file":"include/fmq/MessageQueueBase.h"},"digest":{"length":132,"function_hash":"42176836157770431253731899450536067667"},"signature_version":"v1","deprecated":false,"source":"https://android.googlesource.com/platform/system/libfmq/+/b923a7c0d0d25de7b0c9ba7a7c2a3e917819d95a","id":"ASB-A-321341508-f0af7d31","signature_type":"Function"}],"spl":"2024-06-01","fixes":["https://android.googlesource.com/platform/system/libfmq/+/b923a7c0d0d25de7b0c9ba7a7c2a3e917819d95a"],"types":["EoP"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-321341508.json"}},{"package":{"name":"platform/system/libfmq","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"13:0"},{"fixed":"13:2024-06-01"}]}],"versions":["13"],"ecosystem_specific":{"severity":"High","vanir_signatures":[{"target":{"file":"include/fmq/MessageQueueBase.h"},"digest":{"line_hashes":["223300289963335374737942252888573102210","18488681837412616122657724577069121117","117125899055428656738178779745640830831","124740727282001485722438669538694109634","26754661951786742350714602196532112434","309930484527067763940979091410551508531","12256677282735441436613688363205428834","296149326157022037812024307966699756893","186726450763857558586092957778372274909","109017410997082114250456964558342449531"],"threshold":0.9},"signature_version":"v1","deprecated":false,"source":"https://android.googlesource.com/platform/system/libfmq/+/050952bf5f9bd035e469ce005300115d563e524a","id":"ASB-A-321341508-54886f13","signature_type":"Line"},{"target":{"function":"availableToWriteBytes","file":"include/fmq/MessageQueueBase.h"},"digest":{"length":67,"function_hash":"152908095466554525151767292445838411466"},"signature_version":"v1","deprecated":false,"source":"https://android.googlesource.com/platform/system/libfmq/+/050952bf5f9bd035e469ce005300115d563e524a","id":"ASB-A-321341508-588489ff","signature_type":"Function"},{"target":{"function":"availableToReadBytes","file":"include/fmq/MessageQueueBase.h"},"digest":{"length":132,"function_hash":"42176836157770431253731899450536067667"},"signature_version":"v1","deprecated":false,"source":"https://android.googlesource.com/platform/system/libfmq/+/050952bf5f9bd035e469ce005300115d563e524a","id":"ASB-A-321341508-c0375658","signature_type":"Function"}],"spl":"2024-06-01","types":["EoP"],"fixes":["https://android.googlesource.com/platform/system/libfmq/+/050952bf5f9bd035e469ce005300115d563e524a"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-321341508.json"}},{"package":{"name":"platform/system/libfmq","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"14:0"},{"fixed":"14:2024-06-01"}]}],"versions":["14"],"ecosystem_specific":{"severity":"High","vanir_signatures":[{"target":{"file":"include/fmq/MessageQueueBase.h"},"source":"https://android.googlesource.com/platform/system/libfmq/+/da080aa565f0cd1158bde3b8100dc73604959035","signature_version":"v1","deprecated":false,"digest":{"line_hashes":["223300289963335374737942252888573102210","18488681837412616122657724577069121117","117125899055428656738178779745640830831","124740727282001485722438669538694109634","26754661951786742350714602196532112434","309930484527067763940979091410551508531","12256677282735441436613688363205428834","296149326157022037812024307966699756893","186726450763857558586092957778372274909","109017410997082114250456964558342449531"],"threshold":0.9},"id":"ASB-A-321341508-11822135","signature_type":"Line"},{"target":{"function":"availableToReadBytes","file":"include/fmq/MessageQueueBase.h"},"digest":{"length":132,"function_hash":"42176836157770431253731899450536067667"},"signature_version":"v1","deprecated":false,"source":"https://android.googlesource.com/platform/system/libfmq/+/da080aa565f0cd1158bde3b8100dc73604959035","id":"ASB-A-321341508-6cb18cc9","signature_type":"Function"},{"target":{"function":"availableToWriteBytes","file":"include/fmq/MessageQueueBase.h"},"source":"https://android.googlesource.com/platform/system/libfmq/+/da080aa565f0cd1158bde3b8100dc73604959035","signature_version":"v1","deprecated":false,"digest":{"length":67,"function_hash":"152908095466554525151767292445838411466"},"id":"ASB-A-321341508-a76eed42","signature_type":"Function"}],"spl":"2024-06-01","fixes":["https://android.googlesource.com/platform/system/libfmq/+/da080aa565f0cd1158bde3b8100dc73604959035"],"types":["EoP"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-321341508.json"}}],"schema_version":"1.7.5"}