ASB-A-148588557
See a problem?- Import Source
- https://storage.googleapis.com/android-osv/ASB-A-148588557.json
- JSON Data
- https://api.osv.dev/v1/vulns/ASB-A-148588557
- Aliases
-
- A-148588557
- CVE-2019-18282
- Published
- 2020-07-01T00:00:00Z
- Modified
- 2024-08-07T19:29:29.616669Z
- Summary
- Android Vomit Report
- Details
-
In _flowhashfromkeys of flow_dissector.c, there is a possible packet injection due to improperly used crypto. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
- References
Affected packages
Android / :linux_kernel:
Package
- Name
- :linux_kernel:
Ecosystem specific
{
"vanir_signatures": [
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"216830771674073952271739855526984651552",
"283248836859075611635659023413831226197",
"311718675173209835525491230762297142798",
"138907628540240926041542864058944672664"
]
},
"id": "ASB-A-148588557-00e8cb6e",
"source": "https://android.googlesource.com/kernel/common/+/55667441c84fa5e0911a0aac44fb059c15ba6da2",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "include/net/fq.h"
},
"signature_type": "Line"
},
{
"digest": {
"length": 163.0,
"function_hash": "328835351401029418920249497314618295909"
},
"id": "ASB-A-148588557-0a64519e",
"source": "https://android.googlesource.com/kernel/common/+/55667441c84fa5e0911a0aac44fb059c15ba6da2",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "include/net/fq_impl.h",
"function": "fq_flow_idx"
},
"signature_type": "Function"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"95301430675572668634442012518580248467",
"33558872309470466940504314230062784060",
"226672203253309007483155044816490731508",
"94604202655693118393347510283009547132",
"246464217681865152535658449423944627627",
"45673665239764653508690458727874884189",
"187534807119985981103973226294024197272",
"194568955491065574382854695787206542160"
]
},
"id": "ASB-A-148588557-120e0d26",
"source": "https://android.googlesource.com/kernel/common/+/55667441c84fa5e0911a0aac44fb059c15ba6da2",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "include/net/fq_impl.h"
},
"signature_type": "Line"
},
{
"digest": {
"length": 112.0,
"function_hash": "301214972810218438893898981966664178076"
},
"id": "ASB-A-148588557-2009a658",
"source": "https://android.googlesource.com/kernel/common/+/55667441c84fa5e0911a0aac44fb059c15ba6da2",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "net/core/flow_dissector.c",
"function": "skb_get_hash_perturb"
},
"signature_type": "Function"
},
{
"digest": {
"length": 1497.0,
"function_hash": "233450745710602483052475666956529446733"
},
"id": "ASB-A-148588557-3804974b",
"source": "https://android.googlesource.com/kernel/common/+/55667441c84fa5e0911a0aac44fb059c15ba6da2",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "net/sched/sch_hhf.c",
"function": "hhf_init"
},
"signature_type": "Function"
},
{
"digest": {
"length": 1705.0,
"function_hash": "312432340274326278942725508660603859137"
},
"id": "ASB-A-148588557-3c807d69",
"source": "https://android.googlesource.com/kernel/common/+/55667441c84fa5e0911a0aac44fb059c15ba6da2",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "net/sched/sch_hhf.c",
"function": "hhf_classify"
},
"signature_type": "Function"
},
{
"digest": {
"length": 3040.0,
"function_hash": "70113639914735468643785314821805692482"
},
"id": "ASB-A-148588557-42580e05",
"source": "https://android.googlesource.com/kernel/common/+/55667441c84fa5e0911a0aac44fb059c15ba6da2",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "net/sched/sch_sfb.c",
"function": "sfb_enqueue"
},
"signature_type": "Function"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"142360484127525313093668691568068032666",
"107695344681350788695525903624567756031",
"330848880062222940283661735280750561516",
"265124191371607535140821176436192052613"
]
},
"id": "ASB-A-148588557-4b1322a9",
"source": "https://android.googlesource.com/kernel/common/+/55667441c84fa5e0911a0aac44fb059c15ba6da2",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "include/linux/skbuff.h"
},
"signature_type": "Line"
},
{
"digest": {
"length": 276.0,
"function_hash": "244942309722001007100284513244541276575"
},
"id": "ASB-A-148588557-59422e05",
"source": "https://android.googlesource.com/kernel/common/+/55667441c84fa5e0911a0aac44fb059c15ba6da2",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "net/core/flow_dissector.c",
"function": "__skb_get_hash_symmetric"
},
"signature_type": "Function"
},
{
"digest": {
"length": 121.0,
"function_hash": "61294580310704128260289527285586182669"
},
"id": "ASB-A-148588557-5ca18001",
"source": "https://android.googlesource.com/kernel/common/+/55667441c84fa5e0911a0aac44fb059c15ba6da2",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "net/core/flow_dissector.c",
"function": "__flow_hash_words"
},
"signature_type": "Function"
},
{
"digest": {
"length": 113.0,
"function_hash": "200783125342679606349958298577329162353"
},
"id": "ASB-A-148588557-5f87b11e",
"source": "https://android.googlesource.com/kernel/common/+/55667441c84fa5e0911a0aac44fb059c15ba6da2",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "net/sched/sch_sfb.c",
"function": "sfb_init_perturbation"
},
"signature_type": "Function"
},
{
"digest": {
"length": 89.0,
"function_hash": "108855289393318654356275639202893157750"
},
"id": "ASB-A-148588557-626072db",
"source": "https://android.googlesource.com/kernel/common/+/55667441c84fa5e0911a0aac44fb059c15ba6da2",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "net/core/flow_dissector.c",
"function": "flow_hash_from_keys"
},
"signature_type": "Function"
},
{
"digest": {
"length": 2103.0,
"function_hash": "95157876974844881398587902200201852239"
},
"id": "ASB-A-148588557-71e36f3a",
"source": "https://android.googlesource.com/kernel/common/+/55667441c84fa5e0911a0aac44fb059c15ba6da2",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "net/sched/sch_sfq.c",
"function": "sfq_change"
},
"signature_type": "Function"
},
{
"digest": {
"length": 591.0,
"function_hash": "233076545920371234869040207055007623601"
},
"id": "ASB-A-148588557-78b5cb18",
"source": "https://android.googlesource.com/kernel/common/+/55667441c84fa5e0911a0aac44fb059c15ba6da2",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "include/net/fq_impl.h",
"function": "fq_init"
},
"signature_type": "Function"
},
{
"digest": {
"length": 1455.0,
"function_hash": "279556145455111125077940047211188344909"
},
"id": "ASB-A-148588557-79a5261d",
"source": "https://android.googlesource.com/kernel/common/+/55667441c84fa5e0911a0aac44fb059c15ba6da2",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "net/sched/sch_sfq.c",
"function": "sfq_init"
},
"signature_type": "Function"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"79979489203306868919702268485294150242",
"251370951673513379996076678308160888789",
"63180926785655039675583991355272850381",
"166248064757454729846306804692963438038",
"162542372896037490882271157023992001600",
"335194571253462473163979117948116609724",
"280532423100102971121423873797529509832",
"75943806490275832075447786374742393334",
"203436715078794551815231166811008917741",
"193134419662714212192824643258610856593",
"144773114811236640960089575065025490439",
"146679681415099597704943839812206901427",
"127114370196809433702062632119653808313",
"262427306347761894257408675569972967368",
"262095477663838400102656845155038296238",
"312105671750916166986989484380725318565",
"147953401512340757337024515344970603992",
"205724584600625594126612388372763334108",
"262033334019516433924230310535510911730",
"202818629126144656988776342307460725165",
"12026391729801639883082494713729812302",
"309703912775764386946515522666075205706",
"7854207066863251023350198170556898044",
"96029265068468433356101812162763308812",
"294357992858772491823347533373642779176",
"163125489701551541808892142362599071960",
"164729427639890535407103374772342493432",
"291365271215517720147957387293995207160",
"227249794814160184986426660209708938567",
"173261340292481359523326373990762557704",
"233387438563921598567634250418819240074",
"100779727577290773944817278425903261227",
"24697830407511384049756960096759036895",
"99816855361397682304370734156593974941",
"185312888985018379520731808342332625657",
"246694964277350268851726497634968391502",
"151002103389487109354185622940647973930",
"41392026065318682845965973712627515183",
"129736930492348732647792270305972320513",
"43410658340400779568432824271899230748",
"123984375500959780859614462828784632157",
"137099628540063387458829590214611830916",
"276691337701505515798985627902129359097",
"251467912440892635766407609947745338799",
"199774513872493417565470795211244579756",
"71380111850497218801166485830697709157",
"228847645841818055611897065968566355316",
"288797757235278227300755848710611149816",
"134732646010844751065317519921797175957",
"178639014871355842083866659143800065280",
"126613001318726306868744089657567263059",
"268826432665757980047261362264397067571",
"292891510524277523046709679774866037451",
"117961091512222770245958741270462891546",
"47556611000269997391357412137369416749",
"70150731650327860676199394658143597228"
]
},
"id": "ASB-A-148588557-8266a6a9",
"source": "https://android.googlesource.com/kernel/common/+/55667441c84fa5e0911a0aac44fb059c15ba6da2",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "net/core/flow_dissector.c"
},
"signature_type": "Line"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"46321904095633711232856908845584495634",
"164981817097921993216271206168382636812",
"33689778707238051879096072382301073369",
"8048097136729218845645517010408371932",
"52706020810745923715682222357638293076",
"322819663966862756486707453999684304133",
"243082753464049232154183630212591976769",
"154945423849789118204336112044150150495",
"137596229404116582177911077368161778279",
"178535449232360418271104160074323692943",
"243507719420582121747231291949297361887",
"326307611468778190467212221300579690936",
"303010328855688627709699614302958374761",
"32243868167202509762638958503768886503",
"32160695896514221892408161422016725406",
"121753019160114413613858512058551215465",
"50735514811710182922601088139003558550",
"201751121412240519734745304901865534043",
"193106049672004349629571503415979733562",
"117533765548691628964140797297901676476",
"39746419301996991575501102143767414034",
"25845872273655158396151487303670049095"
]
},
"id": "ASB-A-148588557-8504c82e",
"source": "https://android.googlesource.com/kernel/common/+/55667441c84fa5e0911a0aac44fb059c15ba6da2",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "net/sched/sch_sfb.c"
},
"signature_type": "Line"
},
{
"digest": {
"length": 168.0,
"function_hash": "26493789262049586993809205987823685326"
},
"id": "ASB-A-148588557-8a22c4fb",
"source": "https://android.googlesource.com/kernel/common/+/55667441c84fa5e0911a0aac44fb059c15ba6da2",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "net/core/flow_dissector.c",
"function": "__skb_get_hash"
},
"signature_type": "Function"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"328610208201842994316372318000384694555",
"149348909435491724288299558111771604429",
"235328250235667141527808421592522272972",
"285624164336856129721021521284772463897",
"111636791455912876267743007902321484311",
"197052625801443831392858610229807103789",
"47190608860431281803077012660863281044",
"325993752796299966469040777589648119537",
"146995324075089318528430178436973896483",
"312079628474876225766495203905894626569",
"257479939234590128611643474012923991387",
"321500235280896430700636217895654552396",
"129620742733755408641185063831292979539",
"290445373014201025896033946320766431778",
"200395088472951132853150045332586238709",
"228201285363778035724620594537504006108",
"104170952464160786932425982869419302570"
]
},
"id": "ASB-A-148588557-90b65e99",
"source": "https://android.googlesource.com/kernel/common/+/55667441c84fa5e0911a0aac44fb059c15ba6da2",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "net/sched/sch_hhf.c"
},
"signature_type": "Line"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"218431510198575119302096507414406642825",
"257645698202505926905423445601820625622",
"127526305100006625168419505923942031299",
"63830029220228634867344333408316169330",
"3281554989804526925695543009695330638",
"258856045945770458854936492866305622077",
"250874369499676706479348147034044491787",
"39435925379446642350284622935585406896",
"12497613566455699071280319294137739700",
"142210501070545365509734551573787009906",
"197010059616658668041119831159127161757",
"254704709689106544523169775280205878550",
"39655166749394213655050489834445918526",
"314310337567906398266446331317996488707",
"31009757692421739246287178480270363278",
"302152988077229263233383269473301531988",
"284377558547778943110735073975400231422",
"197224973872784890139422573742721375812",
"231296173561525568579626392161427667165",
"147072978618577701321711613900205087562",
"45389949648610294718533614508534989030",
"128738295853805304642853564110751982852",
"294484262749481742583652608363874546400",
"78906937787581239204202648915306929609",
"262524157491704130317561191533586847804",
"232170410262869952301551954208121332006"
]
},
"id": "ASB-A-148588557-a6951122",
"source": "https://android.googlesource.com/kernel/common/+/55667441c84fa5e0911a0aac44fb059c15ba6da2",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "net/sched/sch_sfq.c"
},
"signature_type": "Line"
},
{
"digest": {
"length": 202.0,
"function_hash": "315018008532792634838947805969196315637"
},
"id": "ASB-A-148588557-bfeaf23e",
"source": "https://android.googlesource.com/kernel/common/+/55667441c84fa5e0911a0aac44fb059c15ba6da2",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "net/core/flow_dissector.c",
"function": "__flow_hash_from_keys"
},
"signature_type": "Function"
},
{
"digest": {
"length": 159.0,
"function_hash": "176284280421538353086942238463946131042"
},
"id": "ASB-A-148588557-d1eccb63",
"source": "https://android.googlesource.com/kernel/common/+/55667441c84fa5e0911a0aac44fb059c15ba6da2",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "net/sched/sch_sfq.c",
"function": "sfq_hash"
},
"signature_type": "Function"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"23614965184244061597913813826817286862",
"1053369916977101385407799434666440463",
"292102435721935121808695719257678050463",
"859621337595235562735971769733622519",
"110675886615930258050298918997487942206",
"198782319067369760839260682964366688420",
"174012846144389341728915002689124139301"
]
},
"id": "ASB-A-148588557-da8b4b0f",
"source": "https://android.googlesource.com/kernel/common/+/55667441c84fa5e0911a0aac44fb059c15ba6da2",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "include/net/flow_dissector.h"
},
"signature_type": "Line"
},
{
"digest": {
"length": 189.0,
"function_hash": "99057023828108968658529212262762313078"
},
"id": "ASB-A-148588557-e05fb1c1",
"source": "https://android.googlesource.com/kernel/common/+/55667441c84fa5e0911a0aac44fb059c15ba6da2",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "net/core/flow_dissector.c",
"function": "___skb_get_hash"
},
"signature_type": "Function"
},
{
"digest": {
"length": 669.0,
"function_hash": "68129618127123959380036175218985112568"
},
"id": "ASB-A-148588557-f01997cb",
"source": "https://android.googlesource.com/kernel/common/+/55667441c84fa5e0911a0aac44fb059c15ba6da2",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "net/core/flow_dissector.c",
"function": "flow_keys_hash_length"
},
"signature_type": "Function"
},
{
"digest": {
"length": 411.0,
"function_hash": "19375162217843495230721034774766806037"
},
"id": "ASB-A-148588557-f945f49a",
"source": "https://android.googlesource.com/kernel/common/+/55667441c84fa5e0911a0aac44fb059c15ba6da2",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "net/sched/sch_sfq.c",
"function": "sfq_perturbation"
},
"signature_type": "Function"
},
{
"digest": {
"length": 205.0,
"function_hash": "309451441038152215406383278796075854742"
},
"id": "ASB-A-148588557-fe8b0ae6",
"source": "https://android.googlesource.com/kernel/common/+/55667441c84fa5e0911a0aac44fb059c15ba6da2",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "net/core/flow_dissector.c",
"function": "flow_keys_hash_start"
},
"signature_type": "Function"
}
],
"fixes": [
"https://android.googlesource.com/kernel/common/+/55667441c84fa5e0911a0aac44fb059c15ba6da2"
],
"spl": "2020-07-05",
"severity": "High",
"types": [
"EoP"
]
}