ASB-A-162844689

See a problem?
Import Source
https://storage.googleapis.com/android-osv/ASB-A-162844689.json
JSON Data
https://api.osv.dev/v1/vulns/ASB-A-162844689
Aliases
Published
2020-12-01T00:00:00Z
Modified
2024-08-29T06:57:25.636967Z
Summary
USB device causing OOB read and write in input_set_capability
Details

In various methods of hid-multitouch.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

References

Affected packages

Android / :linux_kernel:

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
:0
Fixed
:2020-12-05

Affected versions

Other

Kernel

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "102365989671319969167312359585959806819",
                    "256226433835068931272883394441385349342",
                    "69594018806824216392710014893787353062",
                    "310005376971656420161450717480224640884"
                ]
            },
            "id": "ASB-A-162844689-0154ae60",
            "source": "https://android.googlesource.com/kernel/common/+/35556bed836f",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "drivers/hid/hid-input.c"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 508.0,
                "function_hash": "55578438920159690211795793681720948871"
            },
            "id": "ASB-A-162844689-13821ddb",
            "source": "https://android.googlesource.com/kernel/common/+/35556bed836f",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "include/linux/hid.h",
                "function": "hid_map_usage"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 18936.0,
                "function_hash": "303347000737440041019729659778639181447"
            },
            "id": "ASB-A-162844689-2667b5aa",
            "source": "https://android.googlesource.com/kernel/common/+/35556bed836f",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "drivers/hid/hid-input.c",
                "function": "hidinput_configure_usage"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "59279288054240772512122037148835217342",
                    "211880442018003413039781699765869659646",
                    "214310009365619240478923272630953271789",
                    "321971145287701039621919956120198388347",
                    "207959965809916909403245645649888378685",
                    "188374904451562885539951987849272656462",
                    "319458721325611379528885337716549284009",
                    "104733734344321184961195836625682850135",
                    "31016265555568093321704658062067679381",
                    "122010839418486169462622783824556336648",
                    "107437023064454477683088389321012772659"
                ]
            },
            "id": "ASB-A-162844689-2b4cf815",
            "source": "https://android.googlesource.com/kernel/common/+/bce1305c0ece",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "drivers/hid/hid-core.c",
                "truncated_path_level": 1.0
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 300.0,
                "function_hash": "302779128589865924941927860846474042040"
            },
            "id": "ASB-A-162844689-2ddc193a",
            "source": "https://android.googlesource.com/kernel/common/+/bce1305c0ece",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "drivers/hid/hid-core.c",
                "truncated_path_level": 1.0,
                "function": "hid_output_report"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "268055632556910503923875141730196633634",
                    "57842140175800143513561002722837030009",
                    "256062987324063829249436965411459279206",
                    "147278818551671722688212723285383025825",
                    "29755966740229660384180370909930096114",
                    "266097888082620232400605402951797651461",
                    "185810399974896165757814216270507984909",
                    "55400478342322733729429207564647460027",
                    "247347180192186869385553530003717595827",
                    "157459159319754425538474102118902065284",
                    "29494113422508613892724450904734445976",
                    "303050258295120181445751865994683976355",
                    "213639026524475620781058014780369331033",
                    "282468499377987417238053493939301100993",
                    "336608151542312175675351087751364996743",
                    "97971238702193589345732511247533277637",
                    "19460741356470950011857173442175201888",
                    "247467676171329814373778027005659413946",
                    "170384993852410580444714391441571494691",
                    "196738303956343381626463119174943967446",
                    "153119831316232186570814379757003047523",
                    "32418120173644714942941004303895777690",
                    "137754374682385105452796713601045978495",
                    "292950906428407360827043744764976131146",
                    "91663775131754493790445123261892556958",
                    "174358616378820449793364132421792797121",
                    "70402711916233663845160579785439826944",
                    "328128316290640555281790508825598557477",
                    "223362990571047449891577900360425635873",
                    "115401233118418846040907247466396039538",
                    "208216904010377305567462870482572643187",
                    "74941520705711958706001710257800292838"
                ]
            },
            "id": "ASB-A-162844689-5d9023e2",
            "source": "https://android.googlesource.com/kernel/common/+/35556bed836f",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "include/linux/hid.h"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 1264.0,
                "function_hash": "86180056594490316600717451057640403042"
            },
            "id": "ASB-A-162844689-7c6d861c",
            "source": "https://android.googlesource.com/kernel/common/+/bce1305c0ece",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "drivers/hid/hid-core.c",
                "truncated_path_level": 1.0,
                "function": "hid_report_raw_event"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "299068255504802649116209040212675937216",
                    "53457341015785259956944773031305487166",
                    "246609040952297212995576005721864294505",
                    "71143485541089874782813883057950678646"
                ]
            },
            "id": "ASB-A-162844689-9aef5c44",
            "source": "https://android.googlesource.com/kernel/common/+/35556bed836f",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "drivers/hid/hid-multitouch.c"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 229.0,
                "function_hash": "43365902184106154324947773377471901828"
            },
            "id": "ASB-A-162844689-a0436760",
            "source": "https://android.googlesource.com/kernel/common/+/35556bed836f",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "include/linux/hid.h",
                "function": "hid_map_usage_clear"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 4011.0,
                "function_hash": "246733631214853289331202726487097603349"
            },
            "id": "ASB-A-162844689-d123162c",
            "source": "https://android.googlesource.com/kernel/common/+/35556bed836f",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "drivers/hid/hid-multitouch.c",
                "function": "mt_touch_input_mapping"
            },
            "signature_type": "Function"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/kernel/common/+/35556bed836f",
        "https://android.googlesource.com/kernel/common/+/bce1305c0ece"
    ],
    "spl": "2020-12-05",
    "severity": "High",
    "types": [
        "EoP"
    ]
}