{"id":"ASB-A-370840874","details":"In writeInplace of Parcel.cpp, there is a possible out of bounds write. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-370840874","CVE-2024-49738"],"modified":"2026-04-17T15:55:28.020024Z","published":"2025-01-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2025-01-01"},{"type":"FIX","url":"https://android.googlesource.com/platform/frameworks/native/+/f3c7aac0e3277f7ebabaab94f34b5c9156412cc9"}],"affected":[{"package":{"name":"platform/frameworks/native","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"15-next:0"},{"fixed":"15-next:2025-01-01"}]}],"versions":["15-next"],"ecosystem_specific":{"spl":"2025-01-01","vanir_signatures":[{"exact_target_file_match_only":true,"signature_type":"Function","source":"https://android.googlesource.com/platform/frameworks/native/+/c54dad65317f851ce9d016bd90ec6a7a04da09fc","digest":{"length":1582,"function_hash":"297814362107445610082654090359809384968"},"deprecated":false,"signature_version":"v1","id":"ASB-A-370840874-2d3a29cc","target":{"file":"libs/binder/Parcel.cpp","function":"Parcel::writeObject"}},{"exact_target_file_match_only":true,"signature_type":"Function","source":"https://android.googlesource.com/platform/frameworks/native/+/c54dad65317f851ce9d016bd90ec6a7a04da09fc","digest":{"length":774,"function_hash":"8618114329319310912930896519838241565"},"deprecated":false,"signature_version":"v1","id":"ASB-A-370840874-6c446f38","target":{"file":"libs/binder/Parcel.cpp","function":"Parcel::writeInplace"}},{"exact_target_file_match_only":true,"signature_type":"Line","source":"https://android.googlesource.com/platform/frameworks/native/+/c54dad65317f851ce9d016bd90ec6a7a04da09fc","digest":{"threshold":0.9,"line_hashes":["177286139698374251546338520979178803929","263777811521303244292811673748167317299","306631319605809265062590238010977363154","5459374701110884002122948635842376246","139485230588671050701757286638303746782","27515442413792563850244456883337050092","338273689907845506080366789303687789672","94325907291901409267573572028677659775","334268703811797312539685279166094187699","177929807823366295858787852042555989520","272508042470490873432018013596229747742"]},"deprecated":false,"signature_version":"v1","id":"ASB-A-370840874-e392a48c","target":{"file":"libs/binder/Parcel.cpp"}},{"exact_target_file_match_only":true,"signature_type":"Function","source":"https://android.googlesource.com/platform/frameworks/native/+/c54dad65317f851ce9d016bd90ec6a7a04da09fc","digest":{"length":471,"function_hash":"293563029431163384534579630592325398310"},"deprecated":false,"signature_version":"v1","id":"ASB-A-370840874-e585bc20","target":{"file":"libs/binder/Parcel.cpp","function":"Parcel::writeAligned"}}],"types":["EoP"],"severity":"High","fixes":["https://android.googlesource.com/platform/frameworks/native/+/c54dad65317f851ce9d016bd90ec6a7a04da09fc"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-370840874.json"}},{"package":{"name":"platform/frameworks/native","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12:0"},{"fixed":"12:2025-01-01"}]}],"versions":["12"],"ecosystem_specific":{"spl":"2025-01-01","vanir_signatures":[{"exact_target_file_match_only":true,"signature_type":"Line","source":"https://android.googlesource.com/platform/frameworks/native/+/2aec032c0826ad68cd94c100173b99167bfcb10d","digest":{"threshold":0.9,"line_hashes":["177286139698374251546338520979178803929","263777811521303244292811673748167317299","306631319605809265062590238010977363154","297459603371341219306139209616668062751","246036501175084741583285991937705244678","27515442413792563850244456883337050092","338273689907845506080366789303687789672","250172505421581400181205564251316004121","339718309363086333322952185827518444964","147461113591116849175667398032374209803","154795782594771188218202105235844049986"]},"deprecated":false,"signature_version":"v1","id":"ASB-A-370840874-26cf92f8","target":{"file":"libs/binder/Parcel.cpp"}},{"exact_target_file_match_only":true,"signature_type":"Function","source":"https://android.googlesource.com/platform/frameworks/native/+/2aec032c0826ad68cd94c100173b99167bfcb10d","digest":{"length":1174,"function_hash":"94828663791970858100698628675736531893"},"deprecated":false,"signature_version":"v1","id":"ASB-A-370840874-3486245c","target":{"file":"libs/binder/Parcel.cpp","function":"Parcel::writeObject"}},{"exact_target_file_match_only":true,"signature_type":"Function","source":"https://android.googlesource.com/platform/frameworks/native/+/2aec032c0826ad68cd94c100173b99167bfcb10d","digest":{"length":774,"function_hash":"8618114329319310912930896519838241565"},"deprecated":false,"signature_version":"v1","id":"ASB-A-370840874-72507174","target":{"file":"libs/binder/Parcel.cpp","function":"Parcel::writeInplace"}},{"exact_target_file_match_only":true,"signature_type":"Function","source":"https://android.googlesource.com/platform/frameworks/native/+/2aec032c0826ad68cd94c100173b99167bfcb10d","digest":{"length":416,"function_hash":"172039250980780037644587941896111450844"},"deprecated":false,"signature_version":"v1","id":"ASB-A-370840874-f1aca62a","target":{"file":"libs/binder/Parcel.cpp","function":"Parcel::writeAligned"}}],"types":["EoP"],"severity":"High","fixes":["https://android.googlesource.com/platform/frameworks/native/+/2aec032c0826ad68cd94c100173b99167bfcb10d"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-370840874.json"}},{"package":{"name":"platform/frameworks/native","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12L:0"},{"fixed":"12L:2025-01-01"}]}],"versions":["12L"],"ecosystem_specific":{"spl":"2025-01-01","vanir_signatures":[{"exact_target_file_match_only":true,"signature_type":"Line","source":"https://android.googlesource.com/platform/frameworks/native/+/2aec032c0826ad68cd94c100173b99167bfcb10d","digest":{"threshold":0.9,"line_hashes":["177286139698374251546338520979178803929","263777811521303244292811673748167317299","306631319605809265062590238010977363154","297459603371341219306139209616668062751","246036501175084741583285991937705244678","27515442413792563850244456883337050092","338273689907845506080366789303687789672","250172505421581400181205564251316004121","339718309363086333322952185827518444964","147461113591116849175667398032374209803","154795782594771188218202105235844049986"]},"deprecated":false,"signature_version":"v1","id":"ASB-A-370840874-0fb16d06","target":{"file":"libs/binder/Parcel.cpp"}},{"exact_target_file_match_only":true,"signature_type":"Function","source":"https://android.googlesource.com/platform/frameworks/native/+/2aec032c0826ad68cd94c100173b99167bfcb10d","digest":{"length":1174,"function_hash":"94828663791970858100698628675736531893"},"deprecated":false,"signature_version":"v1","id":"ASB-A-370840874-81134aac","target":{"file":"libs/binder/Parcel.cpp","function":"Parcel::writeObject"}},{"exact_target_file_match_only":true,"signature_type":"Function","source":"https://android.googlesource.com/platform/frameworks/native/+/2aec032c0826ad68cd94c100173b99167bfcb10d","digest":{"length":774,"function_hash":"8618114329319310912930896519838241565"},"deprecated":false,"signature_version":"v1","id":"ASB-A-370840874-9294a6e1","target":{"file":"libs/binder/Parcel.cpp","function":"Parcel::writeInplace"}},{"exact_target_file_match_only":true,"signature_type":"Function","source":"https://android.googlesource.com/platform/frameworks/native/+/2aec032c0826ad68cd94c100173b99167bfcb10d","digest":{"length":416,"function_hash":"172039250980780037644587941896111450844"},"deprecated":false,"signature_version":"v1","id":"ASB-A-370840874-cade1a99","target":{"file":"libs/binder/Parcel.cpp","function":"Parcel::writeAligned"}}],"types":["EoP"],"severity":"High","fixes":["https://android.googlesource.com/platform/frameworks/native/+/2aec032c0826ad68cd94c100173b99167bfcb10d"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-370840874.json"}},{"package":{"name":"platform/frameworks/native","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"15:0"},{"fixed":"15:2025-01-01"}]}],"versions":["15"],"ecosystem_specific":{"spl":"2025-01-01","vanir_signatures":[{"exact_target_file_match_only":true,"signature_type":"Function","source":"https://android.googlesource.com/platform/frameworks/native/+/43feae49c343b948a38b15d5e12c78916bafee61","digest":{"length":471,"function_hash":"293563029431163384534579630592325398310"},"deprecated":false,"signature_version":"v1","id":"ASB-A-370840874-55796520","target":{"file":"libs/binder/Parcel.cpp","function":"Parcel::writeAligned"}},{"exact_target_file_match_only":true,"signature_type":"Function","source":"https://android.googlesource.com/platform/frameworks/native/+/43feae49c343b948a38b15d5e12c78916bafee61","digest":{"length":774,"function_hash":"8618114329319310912930896519838241565"},"deprecated":false,"signature_version":"v1","id":"ASB-A-370840874-c6dd35d0","target":{"file":"libs/binder/Parcel.cpp","function":"Parcel::writeInplace"}},{"exact_target_file_match_only":true,"signature_type":"Function","source":"https://android.googlesource.com/platform/frameworks/native/+/43feae49c343b948a38b15d5e12c78916bafee61","digest":{"length":1582,"function_hash":"297814362107445610082654090359809384968"},"deprecated":false,"signature_version":"v1","id":"ASB-A-370840874-d291a540","target":{"file":"libs/binder/Parcel.cpp","function":"Parcel::writeObject"}},{"exact_target_file_match_only":true,"signature_type":"Line","source":"https://android.googlesource.com/platform/frameworks/native/+/43feae49c343b948a38b15d5e12c78916bafee61","digest":{"threshold":0.9,"line_hashes":["177286139698374251546338520979178803929","263777811521303244292811673748167317299","306631319605809265062590238010977363154","5459374701110884002122948635842376246","139485230588671050701757286638303746782","27515442413792563850244456883337050092","338273689907845506080366789303687789672","94325907291901409267573572028677659775","334268703811797312539685279166094187699","177929807823366295858787852042555989520","272508042470490873432018013596229747742"]},"deprecated":false,"signature_version":"v1","id":"ASB-A-370840874-d760f237","target":{"file":"libs/binder/Parcel.cpp"}}],"types":["EoP"],"severity":"High","fixes":["https://android.googlesource.com/platform/frameworks/native/+/43feae49c343b948a38b15d5e12c78916bafee61"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-370840874.json"}},{"package":{"name":"platform/frameworks/native","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"13:0"},{"fixed":"13:2025-01-01"}]}],"versions":["13"],"ecosystem_specific":{"spl":"2025-01-01","vanir_signatures":[{"exact_target_file_match_only":true,"signature_type":"Function","source":"https://android.googlesource.com/platform/frameworks/native/+/4e76d6907ec1e8f065f7af3e4032e4b8cee6b2c1","digest":{"length":1154,"function_hash":"175000366554730585123907779373568441240"},"deprecated":false,"signature_version":"v1","id":"ASB-A-370840874-9bff609b","target":{"file":"libs/binder/Parcel.cpp","function":"Parcel::writeObject"}},{"exact_target_file_match_only":true,"signature_type":"Function","source":"https://android.googlesource.com/platform/frameworks/native/+/4e76d6907ec1e8f065f7af3e4032e4b8cee6b2c1","digest":{"length":774,"function_hash":"8618114329319310912930896519838241565"},"deprecated":false,"signature_version":"v1","id":"ASB-A-370840874-b1ae812a","target":{"file":"libs/binder/Parcel.cpp","function":"Parcel::writeInplace"}},{"exact_target_file_match_only":true,"signature_type":"Function","source":"https://android.googlesource.com/platform/frameworks/native/+/4e76d6907ec1e8f065f7af3e4032e4b8cee6b2c1","digest":{"length":471,"function_hash":"293563029431163384534579630592325398310"},"deprecated":false,"signature_version":"v1","id":"ASB-A-370840874-b1f00902","target":{"file":"libs/binder/Parcel.cpp","function":"Parcel::writeAligned"}},{"exact_target_file_match_only":true,"signature_type":"Line","source":"https://android.googlesource.com/platform/frameworks/native/+/4e76d6907ec1e8f065f7af3e4032e4b8cee6b2c1","digest":{"threshold":0.9,"line_hashes":["177286139698374251546338520979178803929","263777811521303244292811673748167317299","306631319605809265062590238010977363154","297459603371341219306139209616668062751","246036501175084741583285991937705244678","27515442413792563850244456883337050092","338273689907845506080366789303687789672","94325907291901409267573572028677659775","334268703811797312539685279166094187699","177929807823366295858787852042555989520","272508042470490873432018013596229747742"]},"deprecated":false,"signature_version":"v1","id":"ASB-A-370840874-d5cb983e","target":{"file":"libs/binder/Parcel.cpp"}}],"types":["EoP"],"severity":"High","fixes":["https://android.googlesource.com/platform/frameworks/native/+/4e76d6907ec1e8f065f7af3e4032e4b8cee6b2c1"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-370840874.json"}},{"package":{"name":"platform/frameworks/native","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"14:0"},{"fixed":"14:2025-01-01"}]}],"versions":["14"],"ecosystem_specific":{"spl":"2025-01-01","vanir_signatures":[{"exact_target_file_match_only":true,"signature_type":"Function","source":"https://android.googlesource.com/platform/frameworks/native/+/4e76d6907ec1e8f065f7af3e4032e4b8cee6b2c1","digest":{"length":1154,"function_hash":"175000366554730585123907779373568441240"},"deprecated":false,"signature_version":"v1","id":"ASB-A-370840874-5a1968e2","target":{"file":"libs/binder/Parcel.cpp","function":"Parcel::writeObject"}},{"exact_target_file_match_only":true,"signature_type":"Function","source":"https://android.googlesource.com/platform/frameworks/native/+/4e76d6907ec1e8f065f7af3e4032e4b8cee6b2c1","digest":{"length":774,"function_hash":"8618114329319310912930896519838241565"},"deprecated":false,"signature_version":"v1","id":"ASB-A-370840874-89487df9","target":{"file":"libs/binder/Parcel.cpp","function":"Parcel::writeInplace"}},{"exact_target_file_match_only":true,"signature_type":"Function","source":"https://android.googlesource.com/platform/frameworks/native/+/4e76d6907ec1e8f065f7af3e4032e4b8cee6b2c1","digest":{"length":471,"function_hash":"293563029431163384534579630592325398310"},"deprecated":false,"signature_version":"v1","id":"ASB-A-370840874-cc7b2381","target":{"file":"libs/binder/Parcel.cpp","function":"Parcel::writeAligned"}},{"exact_target_file_match_only":true,"signature_type":"Line","source":"https://android.googlesource.com/platform/frameworks/native/+/4e76d6907ec1e8f065f7af3e4032e4b8cee6b2c1","digest":{"threshold":0.9,"line_hashes":["177286139698374251546338520979178803929","263777811521303244292811673748167317299","306631319605809265062590238010977363154","297459603371341219306139209616668062751","246036501175084741583285991937705244678","27515442413792563850244456883337050092","338273689907845506080366789303687789672","94325907291901409267573572028677659775","334268703811797312539685279166094187699","177929807823366295858787852042555989520","272508042470490873432018013596229747742"]},"deprecated":false,"signature_version":"v1","id":"ASB-A-370840874-f0bc538d","target":{"file":"libs/binder/Parcel.cpp"}}],"types":["EoP"],"severity":"High","fixes":["https://android.googlesource.com/platform/frameworks/native/+/4e76d6907ec1e8f065f7af3e4032e4b8cee6b2c1"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-370840874.json"}}],"schema_version":"1.7.5"}