A race condition exists in the Frame Resource Manager when handling double-buffered UI rendering under memory pressure. An attacker with no special permissions can deploy a malicious application that rapidly allocates and releases graphic buffers. This triggers a UAF condition, allowing the attacker to overwrite kernel memory and execute arbitrary code with System UID (Root-equivalent on many partitions).
Recommended for immediate deployment across all supported fleets. End of Report
For the purpose of this report, Technical Report: Android Security & Maintenance Update 8259 Document ID: ANDROID-SP-8259 Date: August 25, 2024 Version: 1.0 Severity Rating: High 1. Executive Summary Android Build 8259 (August 2024 Cumulative Update) is a mandatory security and functional maintenance release. It addresses 12 Critical and 28 High severity vulnerabilities, including one zero-day vulnerability (CVE-2024-8259) affecting the Frame Resource Manager in the Android kernel.