ASB-A-232541124
See a problem?- Import Source
- https://storage.googleapis.com/android-osv/ASB-A-232541124.json
- JSON Data
- https://api.osv.dev/v1/vulns/ASB-A-232541124
- Aliases
-
- A-232541124
- CVE-2022-20344
- Published
- 2022-08-01T00:00:00Z
- Modified
- 2026-04-17T15:55:28.020024Z
- Summary
- [none]
- Details
-
In stealReceiveChannel of EventThread.cpp, there is a possible way to interfere with process communication due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
- References
Affected packages
Android
platform/frameworks/native
Package
- Name
- platform/frameworks/native
Ecosystem specific
{
"spl": "2022-08-01",
"types": [
"EoP"
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/native/+/0840cdd08f39994e3f8c58eb65f24a8db1dc1173"
],
"vanir_signatures": [
{
"digest": {
"line_hashes": [
"127469846548409983470268128607023459878",
"203863174457145462361197438585032144196",
"74364492603176318313944470921850953713",
"38035154383168608973232091071577427631"
],
"threshold": 0.9
},
"target": {
"file": "services/surfaceflinger/Scheduler/EventThread.h"
},
"id": "ASB-A-232541124-9b3d0f0f",
"source": "https://android.googlesource.com/platform/frameworks/native/+/0840cdd08f39994e3f8c58eb65f24a8db1dc1173",
"signature_version": "v1",
"signature_type": "Line",
"deprecated": false
},
{
"digest": {
"function_hash": "120725164979726759199208347309898018967",
"length": 147.0
},
"target": {
"file": "services/surfaceflinger/Scheduler/EventThread.cpp",
"function": "EventThreadConnection::stealReceiveChannel"
},
"id": "ASB-A-232541124-de95b6ee",
"source": "https://android.googlesource.com/platform/frameworks/native/+/0840cdd08f39994e3f8c58eb65f24a8db1dc1173",
"signature_version": "v1",
"signature_type": "Function",
"deprecated": false
},
{
"digest": {
"line_hashes": [
"221907669032479801584207109915539829466",
"138596314038625758329930666925880852430",
"205864945925658577086876635294506456286",
"111019090128844940958139250973217588210"
],
"threshold": 0.9
},
"target": {
"file": "services/surfaceflinger/Scheduler/EventThread.cpp"
},
"id": "ASB-A-232541124-e9128e7a",
"source": "https://android.googlesource.com/platform/frameworks/native/+/0840cdd08f39994e3f8c58eb65f24a8db1dc1173",
"signature_version": "v1",
"signature_type": "Line",
"deprecated": false
}
],
"severity": "High"
}platform/frameworks/native
Package
- Name
- platform/frameworks/native
Ecosystem specific
{
"spl": "2022-08-01",
"types": [
"EoP"
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/native/+/a820057ae00dba322b10d47b3711b04519324690"
],
"vanir_signatures": [
{
"digest": {
"line_hashes": [
"221907669032479801584207109915539829466",
"138596314038625758329930666925880852430",
"205864945925658577086876635294506456286",
"111019090128844940958139250973217588210"
],
"threshold": 0.9
},
"target": {
"file": "services/surfaceflinger/Scheduler/EventThread.cpp"
},
"id": "ASB-A-232541124-0b3e1ae8",
"source": "https://android.googlesource.com/platform/frameworks/native/+/a820057ae00dba322b10d47b3711b04519324690",
"signature_version": "v1",
"signature_type": "Line",
"deprecated": false
},
{
"digest": {
"function_hash": "120725164979726759199208347309898018967",
"length": 147.0
},
"target": {
"file": "services/surfaceflinger/Scheduler/EventThread.cpp",
"function": "EventThreadConnection::stealReceiveChannel"
},
"id": "ASB-A-232541124-5ccaab1b",
"source": "https://android.googlesource.com/platform/frameworks/native/+/a820057ae00dba322b10d47b3711b04519324690",
"signature_version": "v1",
"signature_type": "Function",
"deprecated": false
},
{
"digest": {
"line_hashes": [
"127469846548409983470268128607023459878",
"203863174457145462361197438585032144196",
"74364492603176318313944470921850953713",
"38035154383168608973232091071577427631"
],
"threshold": 0.9
},
"target": {
"file": "services/surfaceflinger/Scheduler/EventThread.h"
},
"id": "ASB-A-232541124-97a46e1e",
"source": "https://android.googlesource.com/platform/frameworks/native/+/a820057ae00dba322b10d47b3711b04519324690",
"signature_version": "v1",
"signature_type": "Line",
"deprecated": false
}
],
"severity": "High"
}platform/frameworks/native
Package
- Name
- platform/frameworks/native
Ecosystem specific
{
"spl": "2022-08-01",
"types": [
"EoP"
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/native/+/29e34cfcf95c6de1f2cbfe2bf588e4e354dbabe0"
],
"vanir_signatures": [
{
"digest": {
"function_hash": "103285955403123022205109012819107315947",
"length": 232.0
},
"target": {
"file": "services/surfaceflinger/Scheduler/EventThread.cpp",
"function": "EventThreadConnection::stealReceiveChannel"
},
"id": "ASB-A-232541124-2600328f",
"source": "https://android.googlesource.com/platform/frameworks/native/+/29e34cfcf95c6de1f2cbfe2bf588e4e354dbabe0",
"signature_version": "v1",
"signature_type": "Function",
"deprecated": false
},
{
"digest": {
"line_hashes": [
"127469846548409983470268128607023459878",
"188398773197276973434461446177019563054",
"19997007814924338987186876491082489832",
"204955967200086192988718999219434011228"
],
"threshold": 0.9
},
"target": {
"file": "services/surfaceflinger/Scheduler/EventThread.h"
},
"id": "ASB-A-232541124-55167f91",
"source": "https://android.googlesource.com/platform/frameworks/native/+/29e34cfcf95c6de1f2cbfe2bf588e4e354dbabe0",
"signature_version": "v1",
"signature_type": "Line",
"deprecated": false
},
{
"digest": {
"line_hashes": [
"221907669032479801584207109915539829466",
"138596314038625758329930666925880852430",
"186654799477268374922345054802916573947",
"196432090748956429713506356090416189275"
],
"threshold": 0.9
},
"target": {
"file": "services/surfaceflinger/Scheduler/EventThread.cpp"
},
"id": "ASB-A-232541124-79abf23a",
"source": "https://android.googlesource.com/platform/frameworks/native/+/29e34cfcf95c6de1f2cbfe2bf588e4e354dbabe0",
"signature_version": "v1",
"signature_type": "Line",
"deprecated": false
}
],
"severity": "High"
}platform/frameworks/native
Package
- Name
- platform/frameworks/native
Ecosystem specific
{
"spl": "2022-08-01",
"types": [
"EoP"
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/native/+/97a317064a76b8fc3a65bd980027f820fd4d53ae"
],
"vanir_signatures": [
{
"digest": {
"line_hashes": [
"127469846548409983470268128607023459878",
"188398773197276973434461446177019563054",
"19997007814924338987186876491082489832",
"204955967200086192988718999219434011228"
],
"threshold": 0.9
},
"target": {
"file": "services/surfaceflinger/Scheduler/EventThread.h"
},
"id": "ASB-A-232541124-038a302b",
"source": "https://android.googlesource.com/platform/frameworks/native/+/97a317064a76b8fc3a65bd980027f820fd4d53ae",
"signature_version": "v1",
"signature_type": "Line",
"deprecated": false
},
{
"digest": {
"function_hash": "103285955403123022205109012819107315947",
"length": 232.0
},
"target": {
"file": "services/surfaceflinger/Scheduler/EventThread.cpp",
"function": "EventThreadConnection::stealReceiveChannel"
},
"id": "ASB-A-232541124-cf660c59",
"source": "https://android.googlesource.com/platform/frameworks/native/+/97a317064a76b8fc3a65bd980027f820fd4d53ae",
"signature_version": "v1",
"signature_type": "Function",
"deprecated": false
},
{
"digest": {
"line_hashes": [
"221907669032479801584207109915539829466",
"138596314038625758329930666925880852430",
"186654799477268374922345054802916573947",
"196432090748956429713506356090416189275"
],
"threshold": 0.9
},
"target": {
"file": "services/surfaceflinger/Scheduler/EventThread.cpp"
},
"id": "ASB-A-232541124-e47ce203",
"source": "https://android.googlesource.com/platform/frameworks/native/+/97a317064a76b8fc3a65bd980027f820fd4d53ae",
"signature_version": "v1",
"signature_type": "Line",
"deprecated": false
}
],
"severity": "High"
}