{"id":"ASB-A-370831157","details":"In growData of Parcel.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-370831157","CVE-2024-49745"],"modified":"2026-04-17T15:55:28.020024Z","published":"2025-01-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2025-01-01"},{"type":"FIX","url":"https://android.googlesource.com/platform/frameworks/native/+/01a1e34929996a8fb9791dec6313627fee4ab1b3"}],"affected":[{"package":{"name":"platform/frameworks/native","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"15-next:0"},{"fixed":"15-next:2025-01-01"}]}],"versions":["15-next"],"ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/native/+/608524d462278c2c9f6716cd94f126c85e9f2e91"],"vanir_signatures":[{"target":{"file":"libs/binder/Parcel.cpp"},"exact_target_file_match_only":true,"signature_version":"v1","signature_type":"Line","id":"ASB-A-370831157-35f4128d","digest":{"threshold":0.9,"line_hashes":["307895397742960212067302227339288897944","131822908674115868299276202866042702205","128728771849904874058609409408545893271"]},"deprecated":false,"source":"https://android.googlesource.com/platform/frameworks/native/+/608524d462278c2c9f6716cd94f126c85e9f2e91"},{"target":{"file":"libs/binder/Parcel.cpp","function":"Parcel::growData"},"exact_target_file_match_only":true,"signature_version":"v1","signature_type":"Function","id":"ASB-A-370831157-eda1120b","digest":{"length":356,"function_hash":"282245170247511373716560818747658727727"},"deprecated":false,"source":"https://android.googlesource.com/platform/frameworks/native/+/608524d462278c2c9f6716cd94f126c85e9f2e91"}],"types":["EoP"],"spl":"2025-01-01","severity":"High"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-370831157.json"}},{"package":{"name":"platform/frameworks/native","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12:0"},{"fixed":"12:2025-01-01"}]}],"versions":["12"],"ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/native/+/0db4fced4d2c8325c93f61ac4ab385b47e041f23"],"vanir_signatures":[{"target":{"file":"libs/binder/Parcel.cpp"},"exact_target_file_match_only":true,"signature_version":"v1","signature_type":"Line","id":"ASB-A-370831157-ae333d3e","digest":{"threshold":0.9,"line_hashes":["307895397742960212067302227339288897944","131822908674115868299276202866042702205","128728771849904874058609409408545893271"]},"deprecated":false,"source":"https://android.googlesource.com/platform/frameworks/native/+/0db4fced4d2c8325c93f61ac4ab385b47e041f23"},{"target":{"file":"libs/binder/Parcel.cpp","function":"Parcel::growData"},"exact_target_file_match_only":true,"signature_version":"v1","signature_type":"Function","id":"ASB-A-370831157-ca9f2fe2","digest":{"length":356,"function_hash":"282245170247511373716560818747658727727"},"deprecated":false,"source":"https://android.googlesource.com/platform/frameworks/native/+/0db4fced4d2c8325c93f61ac4ab385b47e041f23"}],"types":["EoP"],"spl":"2025-01-01","severity":"High"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-370831157.json"}},{"package":{"name":"platform/frameworks/native","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12L:0"},{"fixed":"12L:2025-01-01"}]}],"versions":["12L"],"ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/native/+/0db4fced4d2c8325c93f61ac4ab385b47e041f23"],"vanir_signatures":[{"target":{"file":"libs/binder/Parcel.cpp"},"exact_target_file_match_only":true,"signature_version":"v1","signature_type":"Line","id":"ASB-A-370831157-98d76c7f","digest":{"threshold":0.9,"line_hashes":["307895397742960212067302227339288897944","131822908674115868299276202866042702205","128728771849904874058609409408545893271"]},"deprecated":false,"source":"https://android.googlesource.com/platform/frameworks/native/+/0db4fced4d2c8325c93f61ac4ab385b47e041f23"},{"target":{"file":"libs/binder/Parcel.cpp","function":"Parcel::growData"},"exact_target_file_match_only":true,"signature_version":"v1","signature_type":"Function","id":"ASB-A-370831157-bb108777","digest":{"length":356,"function_hash":"282245170247511373716560818747658727727"},"deprecated":false,"source":"https://android.googlesource.com/platform/frameworks/native/+/0db4fced4d2c8325c93f61ac4ab385b47e041f23"}],"types":["EoP"],"spl":"2025-01-01","severity":"High"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-370831157.json"}},{"package":{"name":"platform/frameworks/native","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"15:0"},{"fixed":"15:2025-01-01"}]}],"versions":["15"],"ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/native/+/94e777ab39848540f9ef9d47229338d8996709d6"],"vanir_signatures":[{"target":{"file":"libs/binder/Parcel.cpp","function":"Parcel::growData"},"exact_target_file_match_only":true,"signature_version":"v1","signature_type":"Function","id":"ASB-A-370831157-cb813b3b","digest":{"length":356,"function_hash":"282245170247511373716560818747658727727"},"deprecated":false,"source":"https://android.googlesource.com/platform/frameworks/native/+/94e777ab39848540f9ef9d47229338d8996709d6"},{"target":{"file":"libs/binder/Parcel.cpp"},"exact_target_file_match_only":true,"signature_version":"v1","signature_type":"Line","id":"ASB-A-370831157-efdfe8dd","digest":{"threshold":0.9,"line_hashes":["307895397742960212067302227339288897944","131822908674115868299276202866042702205","128728771849904874058609409408545893271"]},"deprecated":false,"source":"https://android.googlesource.com/platform/frameworks/native/+/94e777ab39848540f9ef9d47229338d8996709d6"}],"types":["EoP"],"spl":"2025-01-01","severity":"High"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-370831157.json"}},{"package":{"name":"platform/frameworks/native","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"13:0"},{"fixed":"13:2025-01-01"}]}],"versions":["13"],"ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/native/+/0db4fced4d2c8325c93f61ac4ab385b47e041f23"],"vanir_signatures":[{"target":{"file":"libs/binder/Parcel.cpp","function":"Parcel::growData"},"exact_target_file_match_only":true,"signature_version":"v1","signature_type":"Function","id":"ASB-A-370831157-ad79912b","digest":{"length":356,"function_hash":"282245170247511373716560818747658727727"},"deprecated":false,"source":"https://android.googlesource.com/platform/frameworks/native/+/0db4fced4d2c8325c93f61ac4ab385b47e041f23"},{"target":{"file":"libs/binder/Parcel.cpp"},"exact_target_file_match_only":true,"signature_version":"v1","signature_type":"Line","id":"ASB-A-370831157-deac6582","digest":{"threshold":0.9,"line_hashes":["307895397742960212067302227339288897944","131822908674115868299276202866042702205","128728771849904874058609409408545893271"]},"deprecated":false,"source":"https://android.googlesource.com/platform/frameworks/native/+/0db4fced4d2c8325c93f61ac4ab385b47e041f23"}],"types":["EoP"],"spl":"2025-01-01","severity":"High"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-370831157.json"}},{"package":{"name":"platform/frameworks/native","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"14:0"},{"fixed":"14:2025-01-01"}]}],"versions":["14"],"ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/native/+/0db4fced4d2c8325c93f61ac4ab385b47e041f23"],"vanir_signatures":[{"target":{"file":"libs/binder/Parcel.cpp"},"exact_target_file_match_only":true,"signature_version":"v1","signature_type":"Line","id":"ASB-A-370831157-72401778","digest":{"threshold":0.9,"line_hashes":["307895397742960212067302227339288897944","131822908674115868299276202866042702205","128728771849904874058609409408545893271"]},"deprecated":false,"source":"https://android.googlesource.com/platform/frameworks/native/+/0db4fced4d2c8325c93f61ac4ab385b47e041f23"},{"target":{"file":"libs/binder/Parcel.cpp","function":"Parcel::growData"},"exact_target_file_match_only":true,"signature_version":"v1","signature_type":"Function","id":"ASB-A-370831157-a8f294d2","digest":{"length":356,"function_hash":"282245170247511373716560818747658727727"},"deprecated":false,"source":"https://android.googlesource.com/platform/frameworks/native/+/0db4fced4d2c8325c93f61ac4ab385b47e041f23"}],"types":["EoP"],"spl":"2025-01-01","severity":"High"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-370831157.json"}}],"schema_version":"1.7.5"}