ASB-A-210292376
See a problem?- Import Source
- https://storage.googleapis.com/android-osv/ASB-A-210292376.json
- JSON Data
- https://api.osv.dev/v1/vulns/ASB-A-210292376
- Aliases
-
- A-210292376
- CVE-2021-39685
- Published
- 2022-03-01T00:00:00Z
- Modified
- 2024-08-07T19:29:53.531703Z
- Summary
- Linux USB Gadget Buffer overflows
- Details
-
In various setup methods of the USB gadget subsystem, there is a possible out of bounds write due to an incorrect flag check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
- References
-
- https://source.android.com/security/bulletin/2022-03-01
- https://android.googlesource.com/kernel/common/+/b4604acd52a691c2fd33ad0a0fafb7cc19dee5de
- https://android.googlesource.com/kernel/common/+/53afb231f54a69d827b882fa282b30bb10cb08a5
- https://android.googlesource.com/kernel/common/+/d3c17d5e271ab688cb117330ec85e125ebf24d88
Affected packages
Android / :linux_kernel:
Package
- Name
- :linux_kernel:
Ecosystem specific
{
"vanir_signatures": [
{
"digest": {
"length": 3917.0,
"function_hash": "51759867175630936810844205975104072139"
},
"id": "ASB-A-210292376-07c28504",
"source": "https://android.googlesource.com/kernel/common/+/b4604acd52a691c2fd33ad0a0fafb7cc19dee5de",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "drivers/usb/gadget/legacy/inode.c",
"truncated_path_level": 1.0,
"function": "gadgetfs_setup"
},
"signature_type": "Function"
},
{
"digest": {
"length": 8448.0,
"function_hash": "5478919993484057482267054353714439302"
},
"id": "ASB-A-210292376-10c06503",
"source": "https://android.googlesource.com/kernel/common/+/b4604acd52a691c2fd33ad0a0fafb7cc19dee5de",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "drivers/usb/gadget/composite.c",
"truncated_path_level": 1.0,
"function": "composite_setup"
},
"signature_type": "Function"
},
{
"digest": {
"length": 1621.0,
"function_hash": "93752368828605204984022412487897098288"
},
"id": "ASB-A-210292376-15653578",
"source": "https://android.googlesource.com/kernel/common/+/d3c17d5e271ab688cb117330ec85e125ebf24d88",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "drivers/usb/gadget/legacy/dbgp.c",
"truncated_path_level": 1.0,
"function": "dbgp_setup"
},
"signature_type": "Function"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"132148347048279419280812656841126240180",
"338407080313961553039665632921969748325",
"30319679445911400763643158899393296638",
"23529657258676302058030637143664411757",
"232491551941646124643748727117521007993",
"57219422123411163541532791633072929079",
"328093589067149246509546984881844954464",
"192871118795807847659645640117966101676",
"212530147027068052741102169768699200053"
]
},
"id": "ASB-A-210292376-23d2e7a8",
"source": "https://android.googlesource.com/kernel/common/+/d3c17d5e271ab688cb117330ec85e125ebf24d88",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "drivers/usb/gadget/composite.c",
"truncated_path_level": 1.0
},
"signature_type": "Line"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"44388756161188325535624964539810122580",
"300636872095149243812570197716301505112",
"265144746910665567402077785482016730384",
"209658912545017139654451643257511707256"
]
},
"id": "ASB-A-210292376-3732d93f",
"source": "https://android.googlesource.com/kernel/common/+/53afb231f54a69d827b882fa282b30bb10cb08a5",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "drivers/usb/gadget/legacy/dbgp.c",
"truncated_path_level": 1.0
},
"signature_type": "Line"
},
{
"digest": {
"length": 4122.0,
"function_hash": "105913675375561089862977033170352909625"
},
"id": "ASB-A-210292376-39657ba2",
"source": "https://android.googlesource.com/kernel/common/+/d3c17d5e271ab688cb117330ec85e125ebf24d88",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "drivers/usb/gadget/legacy/inode.c",
"truncated_path_level": 1.0,
"function": "gadgetfs_setup"
},
"signature_type": "Function"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"154577222357527416269986822795562249155",
"325717861012887528918453907485411867611",
"103512566246965709614821552541975923097",
"60644498906439300369322499150066009106",
"280716830574389440697189285742828817462",
"9411139164172316746675297255598101509",
"90436117819536085136593498132603310723",
"131806679178559178436516274321088569118",
"16955264570490424115730333352803763280"
]
},
"id": "ASB-A-210292376-49cbc5e1",
"source": "https://android.googlesource.com/kernel/common/+/d3c17d5e271ab688cb117330ec85e125ebf24d88",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "drivers/usb/gadget/legacy/dbgp.c",
"truncated_path_level": 1.0
},
"signature_type": "Line"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"294771366740492330844059928101261168882",
"329472988511519008266114862851615948738",
"230055354007917815238754878125146233726",
"241615109029172640209368064780730838459",
"64969316027898508467714672781279523538",
"30332420178214091468338430140846186405",
"255997175657941735343107809281305721211",
"128343364494571164832515145964696539800",
"192991251693947936407784405714326144362",
"63161658648569397665050629489358928343"
]
},
"id": "ASB-A-210292376-50988772",
"source": "https://android.googlesource.com/kernel/common/+/b4604acd52a691c2fd33ad0a0fafb7cc19dee5de",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "drivers/usb/gadget/legacy/inode.c",
"truncated_path_level": 1.0
},
"signature_type": "Line"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"143355955488074582918923422113678678741",
"158622893703874087713169325837116412141",
"297775984847593364130718939583473816625",
"271682105717194122968248441977048350079"
]
},
"id": "ASB-A-210292376-74c756f2",
"source": "https://android.googlesource.com/kernel/common/+/53afb231f54a69d827b882fa282b30bb10cb08a5",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "drivers/usb/gadget/composite.c",
"truncated_path_level": 1.0
},
"signature_type": "Line"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"332656553028460648197238486507283164994",
"184822845197430248537449464647837682435",
"24535556639354158768388367629306163538"
]
},
"id": "ASB-A-210292376-815b9cfe",
"source": "https://android.googlesource.com/kernel/common/+/b4604acd52a691c2fd33ad0a0fafb7cc19dee5de",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "drivers/usb/gadget/composite.c",
"truncated_path_level": 1.0
},
"signature_type": "Line"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"220786696602669738420112968039916400508",
"58419054149626582732950653854970518386",
"58319612690254011723664119190774671516"
]
},
"id": "ASB-A-210292376-a6d5cb50",
"source": "https://android.googlesource.com/kernel/common/+/b4604acd52a691c2fd33ad0a0fafb7cc19dee5de",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "drivers/usb/gadget/legacy/dbgp.c",
"truncated_path_level": 1.0
},
"signature_type": "Line"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"168277062198575889714986975878996299946",
"159910597357020912291532397137645290576",
"174943010202927998149349872012672394311",
"152872091973965522016408549605659888007",
"268975379940599946310143948958215003762",
"253428316892486559519603479463959125254",
"141788946652623718247459303476047175349",
"323168905024258372889636080819264832317",
"252842714006000820472903548430965511964"
]
},
"id": "ASB-A-210292376-b8629c30",
"source": "https://android.googlesource.com/kernel/common/+/d3c17d5e271ab688cb117330ec85e125ebf24d88",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "drivers/usb/gadget/legacy/inode.c",
"truncated_path_level": 1.0
},
"signature_type": "Line"
},
{
"digest": {
"length": 9168.0,
"function_hash": "262748161316401576846558063530053601345"
},
"id": "ASB-A-210292376-ba3b28b2",
"source": "https://android.googlesource.com/kernel/common/+/d3c17d5e271ab688cb117330ec85e125ebf24d88",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "drivers/usb/gadget/composite.c",
"truncated_path_level": 1.0,
"function": "composite_setup"
},
"signature_type": "Function"
},
{
"digest": {
"length": 1417.0,
"function_hash": "211557554950156766019146613511635348846"
},
"id": "ASB-A-210292376-d55f671b",
"source": "https://android.googlesource.com/kernel/common/+/b4604acd52a691c2fd33ad0a0fafb7cc19dee5de",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "drivers/usb/gadget/legacy/dbgp.c",
"truncated_path_level": 1.0,
"function": "dbgp_setup"
},
"signature_type": "Function"
}
],
"fixes": [
"https://android.googlesource.com/kernel/common/+/b4604acd52a691c2fd33ad0a0fafb7cc19dee5de",
"https://android.googlesource.com/kernel/common/+/53afb231f54a69d827b882fa282b30bb10cb08a5",
"https://android.googlesource.com/kernel/common/+/d3c17d5e271ab688cb117330ec85e125ebf24d88"
],
"spl": "2022-03-05",
"severity": "High",
"types": [
"EoP"
]
}