ASB-A-150226608

See a problem?

Import Source

https://storage.googleapis.com/android-osv/ASB-A-150226608.json

JSON Data

https://api.osv.dev/v1/vulns/ASB-A-150226608

Aliases

A-150226608
CVE-2020-0392

Published

2020-09-01T00:00:00Z

Modified

2026-04-22T14:59:17.843400Z

Summary

[none]

Details

In getLayerDebugInfo of SurfaceFlinger.cpp, there is a possible code execution due to a double free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

References

Affected packages

Android / platform/frameworks/native

Package

Name: platform/frameworks/native

Affected ranges

Type: ECOSYSTEM
Events: Introduced

9:0

Fixed

9:2020-09-01

Affected versions

Other

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "279892208236253564008877748364442316453",
                    "212684056485600267638472651103858896529",
                    "251887410353660652079092738441179855112",
                    "322845906811849055248103031727735753750"
                ]
            },
            "id": "ASB-A-150226608-05d16021",
            "deprecated": false,
            "signature_version": "v1",
            "signature_type": "Line",
            "source": "https://android.googlesource.com/platform/frameworks/native/+/927b3b120839954a575b4e8c498b1b4d4d375afa",
            "target": {
                "file": "services/surfaceflinger/SurfaceFlinger.h"
            }
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "223697908175301589635617829670166033825",
                    "103276583437563678454131510975309837669",
                    "190879393243834201331530337743556412059",
                    "4965345062133724478128712781051707213"
                ]
            },
            "id": "ASB-A-150226608-077e3ad6",
            "deprecated": false,
            "signature_version": "v1",
            "signature_type": "Line",
            "source": "https://android.googlesource.com/platform/frameworks/native/+/927b3b120839954a575b4e8c498b1b4d4d375afa",
            "target": {
                "file": "libs/gui/ISurfaceComposer.cpp"
            }
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "278033471089196988739353975783395754424",
                    "76750493340843466445310418806504079228",
                    "96020788444478474301477768415534849114",
                    "16635247494696910248192472705054870586"
                ]
            },
            "id": "ASB-A-150226608-3d29422d",
            "deprecated": false,
            "signature_version": "v1",
            "signature_type": "Line",
            "source": "https://android.googlesource.com/platform/frameworks/native/+/927b3b120839954a575b4e8c498b1b4d4d375afa",
            "target": {
                "file": "libs/gui/tests/Surface_test.cpp"
            }
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "253013780927489254078431926363478233060",
                    "82998567570220766550797209981119914037",
                    "53866981525007040530969185145135367031",
                    "38629208550646971905814806094640344934"
                ]
            },
            "id": "ASB-A-150226608-49ecd94b",
            "deprecated": false,
            "signature_version": "v1",
            "signature_type": "Line",
            "source": "https://android.googlesource.com/platform/frameworks/native/+/927b3b120839954a575b4e8c498b1b4d4d375afa",
            "target": {
                "file": "services/surfaceflinger/Layer.cpp"
            }
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "328444169892577800952769584335059202070",
                    "17780198377971919271829219589130742036",
                    "66681311962608104674274676257953871082",
                    "90660744020570539897597161225884379257",
                    "78510987932124128710458000306692172868",
                    "163180945899777767723129520919999956929",
                    "65410003161576778333030173614928359133",
                    "43885405959532513787725276534642191506",
                    "198368395584681117820390964865820924141",
                    "336459725639104140610566519283613431226",
                    "9186346653109451217684927591360330599",
                    "339916386276484476972215502416395060909",
                    "171657867540652853954989416980086770133",
                    "147364075805799238607239751437818631659",
                    "29094161073673199829934722024541142869",
                    "293108412750060418577208602340033442749",
                    "201333226247228512517691475016438013646",
                    "290763619202781511485156169261299622046"
                ]
            },
            "id": "ASB-A-150226608-6d1ec002",
            "deprecated": false,
            "signature_version": "v1",
            "signature_type": "Line",
            "source": "https://android.googlesource.com/platform/frameworks/native/+/927b3b120839954a575b4e8c498b1b4d4d375afa",
            "target": {
                "file": "services/surfaceflinger/SurfaceFlinger.cpp"
            }
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "16887627837282564350380534996385721230",
                    "278400392248205245869060571650135117049",
                    "28023980458228271308818976418887737798",
                    "21021764418948415105208395769017456056"
                ]
            },
            "id": "ASB-A-150226608-bdf068f8",
            "deprecated": false,
            "signature_version": "v1",
            "signature_type": "Line",
            "source": "https://android.googlesource.com/platform/frameworks/native/+/927b3b120839954a575b4e8c498b1b4d4d375afa",
            "target": {
                "file": "libs/gui/include/gui/ISurfaceComposer.h"
            }
        },
        {
            "digest": {
                "length": 1735.0,
                "function_hash": "173584616515376182884654838254735231892"
            },
            "id": "ASB-A-150226608-fb6458b9",
            "deprecated": false,
            "signature_version": "v1",
            "signature_type": "Function",
            "source": "https://android.googlesource.com/platform/frameworks/native/+/927b3b120839954a575b4e8c498b1b4d4d375afa",
            "target": {
                "function": "Layer::getLayerDebugInfo",
                "file": "services/surfaceflinger/Layer.cpp"
            }
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/native/+/927b3b120839954a575b4e8c498b1b4d4d375afa"
    ],
    "types": [
        "EoP"
    ],
    "spl": "2020-09-01",
    "severity": "High"
}

Database specific

source

"https://storage.googleapis.com/android-osv/ASB-A-150226608.json"