ASB-A-174738029

See a problem?
Import Source
https://storage.googleapis.com/android-osv/ASB-A-174738029.json
JSON Data
https://api.osv.dev/v1/vulns/ASB-A-174738029
Aliases
Published
2022-03-01T00:00:00Z
Modified
2025-11-18T16:17:57.446691Z
Summary
[none]
Details

In _splithugepmd of hugememory.c, there is a possible incorrectly mapped page due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

References

Affected packages

Android / :linux_kernel:

Package

Name
:linux_kernel:

Affected ranges

Type
ECOSYSTEM
Events
Introduced
:0
Fixed
:2022-03-05

Affected versions

Other

Kernel

Ecosystem specific 

{
    "types": [
        "EoP"
    ],
    "severity": "High",
    "vanir_signatures": [
        {
            "digest": {
                "length": 706.0,
                "function_hash": "62518233568053495378856513386487914666"
            },
            "target": {
                "function": "__split_huge_pmd",
                "file": "mm/huge_memory.c"
            },
            "signature_version": "v1",
            "deprecated": false,
            "source": "https://android.googlesource.com/kernel/common/+/c444eb564fb16645c172d550359cb3d75fe8a040",
            "id": "ASB-A-174738029-91a22839",
            "signature_type": "Function"
        },
        {
            "digest": {
                "line_hashes": [
                    "186575377702378297788877657258455811578",
                    "62280791117301714953475261891481182799",
                    "157717077011240822145473274654014649277",
                    "254348974979409281079232387991930179706",
                    "297789660306839784457895863694677159988",
                    "184260271923848413843788031012598222837",
                    "160587493053965929408564373791498951336",
                    "303745111411998574222958840361365078339",
                    "312463488833165955664499971355803067084",
                    "238308424915957855665396696743588872857",
                    "41344355247723848313475928304551289332",
                    "113369615935754813213873612931572692496",
                    "24352837519995616835921924564141996617",
                    "339096172300213892236954473131030810260",
                    "108625528906053915165477637024389099595"
                ],
                "threshold": 0.9
            },
            "target": {
                "file": "mm/huge_memory.c"
            },
            "signature_version": "v1",
            "deprecated": false,
            "source": "https://android.googlesource.com/kernel/common/+/c444eb564fb16645c172d550359cb3d75fe8a040",
            "id": "ASB-A-174738029-dac3e6fa",
            "signature_type": "Line"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/kernel/common/+/c444eb564fb16645c172d550359cb3d75fe8a040"
    ],
    "spl": "2022-03-05"
}