{"id":"ASB-A-330054251","details":"In increment_annotation_count of stats_event.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-330054251","CVE-2024-31311"],"modified":"2026-05-22T15:55:21.353668239Z","published":"2024-06-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2024-06-01"},{"type":"FIX","url":"https://android.googlesource.com/platform/packages/modules/StatsD/+/b6aab6c000ab85f4e4d8bb3941bcc33800550374"}],"affected":[{"package":{"name":"platform/packages/modules/StatsD","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"14-next:0"},{"fixed":"14-next:2024-06-01"}]}],"versions":["14-next"],"ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/packages/modules/StatsD/+/39d3f08cbea67468411d8becd03f31f3a1a1be9d"],"types":["EoP"],"spl":"2024-06-01","severity":"High","vanir_signatures":[{"digest":{"line_hashes":["25608807365508790758592269875890469658","275547101538307787913205473237144764838","240572379499218011316952381048467884487","297955085587280879483905699524165595939"],"threshold":0.9},"signature_version":"v1","signature_type":"Line","deprecated":false,"source":"https://android.googlesource.com/platform/packages/modules/StatsD/+/39d3f08cbea67468411d8becd03f31f3a1a1be9d","id":"ASB-A-330054251-1b098996","target":{"file":"lib/libstatssocket/stats_event.c"}},{"digest":{"length":372,"function_hash":"188177099814377904508818737966482960063"},"signature_version":"v1","signature_type":"Function","deprecated":false,"source":"https://android.googlesource.com/platform/packages/modules/StatsD/+/39d3f08cbea67468411d8becd03f31f3a1a1be9d","id":"ASB-A-330054251-afd99fd0","target":{"function":"increment_annotation_count","file":"lib/libstatssocket/stats_event.c"}}]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-330054251.json"}},{"package":{"name":"platform/packages/modules/StatsD","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12:0"},{"fixed":"12:2024-06-01"}]}],"versions":["12"],"ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/packages/modules/StatsD/+/e440696c4fd6d44d21451467294b3e31c6867e08"],"types":["EoP"],"spl":"2024-06-01","vanir_signatures":[{"target":{"file":"lib/libstatssocket/stats_event.c"},"signature_version":"v1","signature_type":"Line","deprecated":false,"source":"https://android.googlesource.com/platform/packages/modules/StatsD/+/e440696c4fd6d44d21451467294b3e31c6867e08","id":"ASB-A-330054251-302264be","digest":{"line_hashes":["40818449407841122966676705733223152827","275547101538307787913205473237144764838","240572379499218011316952381048467884487","297955085587280879483905699524165595939"],"threshold":0.9}},{"digest":{"length":372,"function_hash":"188177099814377904508818737966482960063"},"signature_version":"v1","signature_type":"Function","deprecated":false,"source":"https://android.googlesource.com/platform/packages/modules/StatsD/+/e440696c4fd6d44d21451467294b3e31c6867e08","id":"ASB-A-330054251-c744808b","target":{"function":"increment_annotation_count","file":"lib/libstatssocket/stats_event.c"}}],"severity":"High"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-330054251.json"}},{"package":{"name":"platform/packages/modules/StatsD","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12L:0"},{"fixed":"12L:2024-06-01"}]}],"versions":["12L"],"ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/packages/modules/StatsD/+/e440696c4fd6d44d21451467294b3e31c6867e08"],"types":["EoP"],"spl":"2024-06-01","severity":"High","vanir_signatures":[{"target":{"function":"increment_annotation_count","file":"lib/libstatssocket/stats_event.c"},"signature_version":"v1","signature_type":"Function","deprecated":false,"source":"https://android.googlesource.com/platform/packages/modules/StatsD/+/e440696c4fd6d44d21451467294b3e31c6867e08","id":"ASB-A-330054251-93232e0a","digest":{"length":372,"function_hash":"188177099814377904508818737966482960063"}},{"target":{"file":"lib/libstatssocket/stats_event.c"},"signature_version":"v1","signature_type":"Line","deprecated":false,"source":"https://android.googlesource.com/platform/packages/modules/StatsD/+/e440696c4fd6d44d21451467294b3e31c6867e08","id":"ASB-A-330054251-f9eee20e","digest":{"line_hashes":["40818449407841122966676705733223152827","275547101538307787913205473237144764838","240572379499218011316952381048467884487","297955085587280879483905699524165595939"],"threshold":0.9}}]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-330054251.json"}},{"package":{"name":"platform/packages/modules/StatsD","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"13:0"},{"fixed":"13:2024-06-01"}]}],"versions":["13"],"ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/packages/modules/StatsD/+/e440696c4fd6d44d21451467294b3e31c6867e08"],"types":["EoP"],"spl":"2024-06-01","severity":"High","vanir_signatures":[{"target":{"function":"increment_annotation_count","file":"lib/libstatssocket/stats_event.c"},"signature_version":"v1","signature_type":"Function","deprecated":false,"source":"https://android.googlesource.com/platform/packages/modules/StatsD/+/e440696c4fd6d44d21451467294b3e31c6867e08","id":"ASB-A-330054251-08dfc1af","digest":{"length":372,"function_hash":"188177099814377904508818737966482960063"}},{"target":{"file":"lib/libstatssocket/stats_event.c"},"signature_version":"v1","signature_type":"Line","deprecated":false,"source":"https://android.googlesource.com/platform/packages/modules/StatsD/+/e440696c4fd6d44d21451467294b3e31c6867e08","id":"ASB-A-330054251-32789bf8","digest":{"line_hashes":["40818449407841122966676705733223152827","275547101538307787913205473237144764838","240572379499218011316952381048467884487","297955085587280879483905699524165595939"],"threshold":0.9}}]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-330054251.json"}},{"package":{"name":"platform/packages/modules/StatsD","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"14:0"},{"fixed":"14:2024-06-01"}]}],"versions":["14"],"ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/packages/modules/StatsD/+/e440696c4fd6d44d21451467294b3e31c6867e08"],"types":["EoP"],"spl":"2024-06-01","vanir_signatures":[{"target":{"file":"lib/libstatssocket/stats_event.c"},"signature_version":"v1","signature_type":"Line","deprecated":false,"source":"https://android.googlesource.com/platform/packages/modules/StatsD/+/e440696c4fd6d44d21451467294b3e31c6867e08","id":"ASB-A-330054251-6fdf7709","digest":{"line_hashes":["40818449407841122966676705733223152827","275547101538307787913205473237144764838","240572379499218011316952381048467884487","297955085587280879483905699524165595939"],"threshold":0.9}},{"target":{"function":"increment_annotation_count","file":"lib/libstatssocket/stats_event.c"},"signature_version":"v1","signature_type":"Function","deprecated":false,"source":"https://android.googlesource.com/platform/packages/modules/StatsD/+/e440696c4fd6d44d21451467294b3e31c6867e08","id":"ASB-A-330054251-b4122673","digest":{"length":372,"function_hash":"188177099814377904508818737966482960063"}}],"severity":"High"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-330054251.json"}}],"schema_version":"1.7.5"}