ASB-A-150693748

See a problem?

Import Source

https://storage.googleapis.com/android-osv/ASB-A-150693748.json

JSON Data

https://api.osv.dev/v1/vulns/ASB-A-150693748

Aliases

A-150693748
CVE-2019-19769

Published

2020-09-01T00:00:00Z

Modified

2024-08-07T19:29:30.431324Z

Summary

KASAN: use-after-free Read in locks_delete_block

Details

In _lockswakeupblocks of locks.c, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

References

Affected packages

Android / :linux_kernel:

Package

Name: :linux_kernel:

Affected ranges

Type: ECOSYSTEM
Events: Introduced

:0

Fixed

:2020-09-05

Affected versions

Other

Kernel

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "147170438247471735262872181660361189118",
                    "20667581815975678095374733830093028840",
                    "139323861530326266815521218572813185942",
                    "70781014294445318550606398216318877596",
                    "302098020917718600652424129246391873287",
                    "309519682506505986837208172260391903695",
                    "316543573264737804965019459068628440726",
                    "120378916552911450787666884521659345196",
                    "339364006147420672475659598520748318918",
                    "130359248380168917926444943362738180268",
                    "304411242047678817991118227768341486817",
                    "294661958350972078486968092908978790155",
                    "116718432804677469241604285799157853816",
                    "61788795752026634568835879633291370796",
                    "141649897245233601064725334454198913794",
                    "162641892488906362811967413703484968629",
                    "90677125886090203754039905180379259871",
                    "156144950439580574421172162759905844329",
                    "48821398821519801329254254586343042197",
                    "165112524404151328144019970855254162063",
                    "10258054918042547245261499711103642894",
                    "262724030209934493137870941260318293942",
                    "271015982427392453731487685284907459353",
                    "264175553619794976116439632956247020406",
                    "187442933328834645744752195333847166048",
                    "109772112146080972666428005818431203792",
                    "317477231651591866567168765895495860636",
                    "53592555628649116959654381653415976309",
                    "217393181790487194897090730831018664480",
                    "156144950439580574421172162759905844329",
                    "48821398821519801329254254586343042197",
                    "165112524404151328144019970855254162063",
                    "54664818252529918240542407535109609311",
                    "156144950439580574421172162759905844329",
                    "48821398821519801329254254586343042197",
                    "165112524404151328144019970855254162063"
                ]
            },
            "id": "ASB-A-150693748-15f817f7",
            "source": "https://android.googlesource.com/kernel/common/+/dcf23ac3e846ca0cf626c155a0e3fcbbcf4fae8a",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "fs/locks.c"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "304965636041637636144385006918204504106",
                    "339511179307545103794769988355311308218",
                    "149107170706775543935573238665799037597",
                    "219820196161272673210706788265307432876"
                ]
            },
            "id": "ASB-A-150693748-3dd4238d",
            "source": "https://android.googlesource.com/kernel/common/+/dcf23ac3e846ca0cf626c155a0e3fcbbcf4fae8a",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "fs/cifs/file.c"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "295258753571822142688390582659995659751",
                    "249012972673120218766751589975700530033",
                    "162990123720776116260922239543944135877",
                    "133628271012868401985618673616336751735",
                    "316495522920972527760247328306192899647",
                    "65274071215700163895272892287108469676"
                ]
            },
            "id": "ASB-A-150693748-400eeedb",
            "source": "https://android.googlesource.com/kernel/common/+/6d390e4b5d48ec03bb87e63cf0a2bff5f4e116da",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "fs/locks.c"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 316.0,
                "function_hash": "60470774782459948818689714194466502039"
            },
            "id": "ASB-A-150693748-5cdc4f67",
            "source": "https://android.googlesource.com/kernel/common/+/6d390e4b5d48ec03bb87e63cf0a2bff5f4e116da",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "fs/locks.c",
                "function": "locks_delete_block"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 547.0,
                "function_hash": "189535822795842630061614558747063062529"
            },
            "id": "ASB-A-150693748-938f4e6f",
            "source": "https://android.googlesource.com/kernel/common/+/dcf23ac3e846ca0cf626c155a0e3fcbbcf4fae8a",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "fs/cifs/file.c",
                "function": "cifs_posix_lock_set"
            },
            "signature_type": "Function"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/kernel/common/+/dcf23ac3e846ca0cf626c155a0e3fcbbcf4fae8a",
        "https://android.googlesource.com/kernel/common/+/6d390e4b5d48ec03bb87e63cf0a2bff5f4e116da"
    ],
    "spl": "2020-09-05",
    "severity": "High",
    "types": [
        "EoP"
    ]
}