ASB-A-216481035

See a problem?
Import Source
https://storage.googleapis.com/android-osv/ASB-A-216481035.json
JSON Data
https://api.osv.dev/v1/vulns/ASB-A-216481035
Aliases
Published
2022-05-01T00:00:00Z
Modified
2024-08-07T19:29:31.471750Z
Summary
Linux Kernel SD MMC Memory Exposure
Details

In mmcblkread_single of block.c, there is a possible way to read kernel heap memory due to uninitialized data. This could lead to local information disclosure if reading from an SD card that triggers errors, with no additional execution privileges needed. User interaction is not needed for exploitation.

References

Affected packages

Android / :linux_kernel:

Package

Name
:linux_kernel:

Affected ranges

Type
ECOSYSTEM
Events
Introduced
:0
Fixed
:2022-05-05

Affected versions

Other

Kernel

Ecosystem specific 

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 978.0,
                "function_hash": "290459416158443490269445564131014734238"
            },
            "id": "ASB-A-216481035-0d8a59c6",
            "source": "https://android.googlesource.com/kernel/common/+/8f66dc1a78a743ea3c3f039500d2aa0cddd776d5",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "drivers/mmc/core/block.c",
                "truncated_path_level": 1.0,
                "function": "mmc_blk_read_single"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 978.0,
                "function_hash": "290459416158443490269445564131014734238"
            },
            "id": "ASB-A-216481035-3203c8b1",
            "source": "https://android.googlesource.com/kernel/common/+/8a3679a75730c1babde6bf63e35d227f3305bd90",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "drivers/mmc/core/block.c",
                "truncated_path_level": 1.0,
                "function": "mmc_blk_read_single"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "2907444189528137582598791217727045976",
                    "80646727252109438267268950575052761574",
                    "214455761909637698135983059591719148404",
                    "314224666913841343005414661948040423198",
                    "301079217581052051189090274480861617100",
                    "333000515435920061536231456913963985304",
                    "130151144031969264003597906697477326274",
                    "248909641728583318544137915805454314577",
                    "41714600779776968329513128334675758975",
                    "145170706701966385612643393627647051505",
                    "269644774211126604351262929141648861431",
                    "200409849303713783695564726255665398656",
                    "254740679565737498548231481744941635265",
                    "95260411534038648523560557426888444784",
                    "149451371566647158598358333914912173079",
                    "246028754277326850540093589276958046608",
                    "123655838134129163841804075222723179401",
                    "336965310461298005801655302288838830825",
                    "91701752304520966890165163965022529758",
                    "184328425099164550879843336430941754535",
                    "14189298840319197261086693072886128807"
                ]
            },
            "id": "ASB-A-216481035-8719bca4",
            "source": "https://android.googlesource.com/kernel/common/+/8f66dc1a78a743ea3c3f039500d2aa0cddd776d5",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "drivers/mmc/core/block.c",
                "truncated_path_level": 1.0
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "2907444189528137582598791217727045976",
                    "80646727252109438267268950575052761574",
                    "214455761909637698135983059591719148404",
                    "314224666913841343005414661948040423198",
                    "301079217581052051189090274480861617100",
                    "333000515435920061536231456913963985304",
                    "130151144031969264003597906697477326274",
                    "248909641728583318544137915805454314577",
                    "41714600779776968329513128334675758975",
                    "145170706701966385612643393627647051505",
                    "82779074392281770542715410463218417675",
                    "321248953353821862450469011039827550385",
                    "324843245304616300959363174425865350731",
                    "151898391135442215427971803908467078645",
                    "149451371566647158598358333914912173079",
                    "246028754277326850540093589276958046608",
                    "123655838134129163841804075222723179401",
                    "336965310461298005801655302288838830825",
                    "91701752304520966890165163965022529758",
                    "184328425099164550879843336430941754535",
                    "14189298840319197261086693072886128807"
                ]
            },
            "id": "ASB-A-216481035-91b2ef5b",
            "source": "https://android.googlesource.com/kernel/common/+/8a3679a75730c1babde6bf63e35d227f3305bd90",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "drivers/mmc/core/block.c",
                "truncated_path_level": 1.0
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 978.0,
                "function_hash": "290459416158443490269445564131014734238"
            },
            "id": "ASB-A-216481035-d11d0f38",
            "source": "https://android.googlesource.com/kernel/common/+/2aea7dc18f4249dc53e53598db50b59c26a60aeb",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "drivers/mmc/core/block.c",
                "truncated_path_level": 1.0,
                "function": "mmc_blk_read_single"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "2907444189528137582598791217727045976",
                    "80646727252109438267268950575052761574",
                    "214455761909637698135983059591719148404",
                    "314224666913841343005414661948040423198",
                    "301079217581052051189090274480861617100",
                    "333000515435920061536231456913963985304",
                    "130151144031969264003597906697477326274",
                    "248909641728583318544137915805454314577",
                    "41714600779776968329513128334675758975",
                    "145170706701966385612643393627647051505",
                    "82779074392281770542715410463218417675",
                    "321248953353821862450469011039827550385",
                    "324843245304616300959363174425865350731",
                    "151898391135442215427971803908467078645",
                    "149451371566647158598358333914912173079",
                    "246028754277326850540093589276958046608",
                    "123655838134129163841804075222723179401",
                    "336965310461298005801655302288838830825",
                    "91701752304520966890165163965022529758",
                    "184328425099164550879843336430941754535",
                    "14189298840319197261086693072886128807"
                ]
            },
            "id": "ASB-A-216481035-ee7289ad",
            "source": "https://android.googlesource.com/kernel/common/+/2aea7dc18f4249dc53e53598db50b59c26a60aeb",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "drivers/mmc/core/block.c",
                "truncated_path_level": 1.0
            },
            "signature_type": "Line"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/kernel/common/+/2aea7dc18f4249dc53e53598db50b59c26a60aeb",
        "https://android.googlesource.com/kernel/common/+/8a3679a75730c1babde6bf63e35d227f3305bd90",
        "https://android.googlesource.com/kernel/common/+/8f66dc1a78a743ea3c3f039500d2aa0cddd776d5"
    ],
    "spl": "2022-05-05",
    "severity": "High",
    "types": [
        "ID"
    ]
}