ASB-A-135368228
See a problem?- Import Source
- https://storage.googleapis.com/android-osv/ASB-A-135368228.json
- JSON Data
- https://api.osv.dev/v1/vulns/ASB-A-135368228
- Aliases
-
- A-135368228
- CVE-2018-20669
- Published
- 2020-07-01T00:00:00Z
- Modified
- 2024-11-06T12:16:03.231308Z
- Summary
- [none]
- Details
-
In i915gemexecbuffer2ioctl of i915gem_execbuffer.c, there is a possible arbitrary kernel memory write due to a missing validation of a userspace pointer. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
- References
Affected packages
Android / :linux_kernel:
Package
- Name
- :linux_kernel:
Ecosystem specific
{
"vanir_signatures": [
{
"digest": {
"length": 450.0,
"function_hash": "400817462396315618127383903223325265"
},
"id": "ASB-A-135368228-286c45f8",
"source": "https://android.googlesource.com/kernel/common/+/594cc251fdd0d231d342d88b2fdff4bc42fb0690",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "lib/strncpy_from_user.c",
"function": "strncpy_from_user"
},
"signature_type": "Function"
},
{
"digest": {
"length": 353.0,
"function_hash": "68090361726321189053984993318968432620"
},
"id": "ASB-A-135368228-41919602",
"source": "https://android.googlesource.com/kernel/common/+/594cc251fdd0d231d342d88b2fdff4bc42fb0690",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "lib/strnlen_user.c",
"function": "strnlen_user"
},
"signature_type": "Function"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"301793275486824344367794203097786741813",
"102988567970991509911455608070440664204",
"62087505603880536755319851132085632346",
"215021906692261901270681321476312701005",
"67401028612326933470622350994445848838",
"215586405974874088585699713914725195748",
"301793275486824344367794203097786741813",
"102988567970991509911455608070440664204",
"62087505603880536755319851132085632346",
"215021906692261901270681321476312701005",
"67401028612326933470622350994445848838",
"215586405974874088585699713914725195748"
]
},
"id": "ASB-A-135368228-4e5bf4fb",
"source": "https://android.googlesource.com/kernel/common/+/594cc251fdd0d231d342d88b2fdff4bc42fb0690",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "kernel/exit.c"
},
"signature_type": "Line"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"232028027986071802307249056167629624847",
"101741051838569941211007432008240308871",
"226565891450945516587800283176920414"
]
},
"id": "ASB-A-135368228-56e1a7ec",
"source": "https://android.googlesource.com/kernel/common/+/594cc251fdd0d231d342d88b2fdff4bc42fb0690",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "arch/x86/include/asm/uaccess.h"
},
"signature_type": "Line"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"218022533227338726032329426921560767208",
"137942850219935925455327831530557818023",
"80541316664184116869923029033572957138",
"60561915142399814488834988941746010422",
"123525920890028007356417567625638805132",
"271195609283421035949361219831426229931",
"39184847628127583315438858453386709687"
]
},
"id": "ASB-A-135368228-57cbe140",
"source": "https://android.googlesource.com/kernel/common/+/594cc251fdd0d231d342d88b2fdff4bc42fb0690",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "lib/strncpy_from_user.c"
},
"signature_type": "Line"
},
{
"digest": {
"length": 962.0,
"function_hash": "161782424011367324522201384309831448963"
},
"id": "ASB-A-135368228-5d591cbe",
"source": "https://android.googlesource.com/kernel/common/+/594cc251fdd0d231d342d88b2fdff4bc42fb0690",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "kernel/exit.c",
"function": "COMPAT_SYSCALL_DEFINE5"
},
"signature_type": "Function"
},
{
"digest": {
"length": 1240.0,
"function_hash": "90893435251128681422669557853531682811"
},
"id": "ASB-A-135368228-6b458526",
"source": "https://android.googlesource.com/kernel/common/+/594cc251fdd0d231d342d88b2fdff4bc42fb0690",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "drivers/gpu/drm/i915/i915_gem_execbuffer.c",
"function": "eb_copy_relocations"
},
"signature_type": "Function"
},
{
"digest": {
"length": 586.0,
"function_hash": "154366867923671533612107094974457337412"
},
"id": "ASB-A-135368228-7b8e9daa",
"source": "https://android.googlesource.com/kernel/common/+/594cc251fdd0d231d342d88b2fdff4bc42fb0690",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "kernel/compat.c",
"function": "compat_get_bitmap"
},
"signature_type": "Function"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"28753910527890398429155628937748401289",
"88255200070039553500928015676306213639",
"96976392715654179192670499544011966251",
"46811759026676158653595696424697518491",
"213360730056040620491420435481845118594",
"309664431301100582699492956019389484622",
"74179071256697267931849937505900386267"
]
},
"id": "ASB-A-135368228-7e59e0e0",
"source": "https://android.googlesource.com/kernel/common/+/594cc251fdd0d231d342d88b2fdff4bc42fb0690",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "lib/strnlen_user.c"
},
"signature_type": "Line"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"118893384689130072144087209496881372223",
"234039337514851006561512442585312447880",
"101516614282764592504035395470523621229",
"106735922113113865280917134505946497615",
"18386945575918201229826480636158424542",
"210569225136584335750370450469637248112",
"118893384689130072144087209496881372223",
"234039337514851006561512442585312447880",
"101516614282764592504035395470523621229",
"106735922113113865280917134505946497615",
"49859743504563330794551454427122425777",
"269365552827766514839575326448491315684"
]
},
"id": "ASB-A-135368228-8be2e773",
"source": "https://android.googlesource.com/kernel/common/+/594cc251fdd0d231d342d88b2fdff4bc42fb0690",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "kernel/compat.c"
},
"signature_type": "Line"
},
{
"digest": {
"length": 568.0,
"function_hash": "115877470744406940500836715527564044470"
},
"id": "ASB-A-135368228-9e06e0ba",
"source": "https://android.googlesource.com/kernel/common/+/594cc251fdd0d231d342d88b2fdff4bc42fb0690",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "kernel/compat.c",
"function": "compat_put_bitmap"
},
"signature_type": "Function"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"122493765503606359477130812823671555898",
"94652218836112744307968883406309058435",
"193137173227543583514496588598312738195",
"251250042594426313574327667970291785962",
"117526506907837341952913343302241645153",
"275119994724402740229238148493030663420",
"221948311057522641890568928933523118333",
"153186835061866607804432263621120210933"
]
},
"id": "ASB-A-135368228-a0f0ca3d",
"source": "https://android.googlesource.com/kernel/common/+/594cc251fdd0d231d342d88b2fdff4bc42fb0690",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "drivers/gpu/drm/i915/i915_gem_execbuffer.c"
},
"signature_type": "Line"
},
{
"digest": {
"length": 873.0,
"function_hash": "144372160533408814895396248617853295473"
},
"id": "ASB-A-135368228-c6d05a1a",
"source": "https://android.googlesource.com/kernel/common/+/594cc251fdd0d231d342d88b2fdff4bc42fb0690",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "kernel/exit.c",
"function": "SYSCALL_DEFINE5"
},
"signature_type": "Function"
},
{
"digest": {
"length": 1405.0,
"function_hash": "283650863692651573154452340659572963107"
},
"id": "ASB-A-135368228-d588bb6f",
"source": "https://android.googlesource.com/kernel/common/+/594cc251fdd0d231d342d88b2fdff4bc42fb0690",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "drivers/gpu/drm/i915/i915_gem_execbuffer.c",
"function": "i915_gem_execbuffer2_ioctl"
},
"signature_type": "Function"
}
],
"fixes": [
"https://android.googlesource.com/kernel/common/+/594cc251fdd0d231d342d88b2fdff4bc42fb0690"
],
"spl": "2020-07-05",
"severity": "High",
"types": [
"EoP"
]
}