ASB-A-253167854

See a problem?
Import Source
https://storage.googleapis.com/android-osv/ASB-A-253167854.json
JSON Data
https://api.osv.dev/v1/vulns/ASB-A-253167854
Aliases
Published
2023-07-01T00:00:00Z
Modified
2024-11-06T12:16:03.231308Z
Summary
[none]
Details

In multiple functions of rmap.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.

References

Affected packages

Android / :linux_kernel:

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
:0
Fixed
:2023-07-05

Affected versions

Other

Kernel

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 687.0,
                "function_hash": "413876971249427366280981010431739294"
            },
            "id": "ASB-A-253167854-2c699e73",
            "source": "https://android.googlesource.com/kernel/common/+/4158b1508f2b1",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "mm/rmap.c",
                "function": "anon_vma_fork"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 235.0,
                "function_hash": "294861604179330059374891161424076166122"
            },
            "id": "ASB-A-253167854-31b68f72",
            "source": "https://android.googlesource.com/kernel/common/+/4158b1508f2b1",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "mm/rmap.c",
                "function": "anon_vma_alloc"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "53962649639763233970948212694881421515",
                    "84884910008937723792924890095741653296",
                    "289867361511434814136123946885745888236",
                    "245903668714838938944946366142246911878",
                    "7504442450920536846254297967102986599",
                    "170665496767246331176487875624775263605",
                    "168699009635849469993220089260387118541",
                    "182287695170942524395419799087063004871",
                    "533866088722823609017455530673486983",
                    "313027068298794090365486964410309829326",
                    "336493157822611584327939368899964601960",
                    "296119125086239714642941165376460712027",
                    "266265758359309360185401581924675077206",
                    "36622159241989234324490422552343211678",
                    "114366509948682029070596655782548042949",
                    "193938668713863072987745587723473057740",
                    "42832006219450414687602044916665859861",
                    "147238279415313911581832328879523818383",
                    "42702638619284906314173202170468475595",
                    "186413678602772043095760350576427708437",
                    "173048368773596193194083044067328405448",
                    "158166927491439700286848852333255255347",
                    "301527743379964096980997933040507532404",
                    "71612227596357554682401515725270920600",
                    "299490904399019313452172412026378390492",
                    "71962879047266613195068785033495330736",
                    "308375586868443743926771849697112842787",
                    "5695837694089487521148948934220922801",
                    "11497727573043574341907238339817413282",
                    "287641481904851358730420512354555018348",
                    "112298026522885300470890549776052790709",
                    "314490892413925017290992948475146194491",
                    "78541310617131215065574220616429276473",
                    "222249550039722999987906512185799461883",
                    "267222439639796914251981434040591952207",
                    "187465436170710299502948888589123844046",
                    "85196756190627545801528378347478082423",
                    "271120847853824052285664116129678105206",
                    "293007435426808708732828541317132284138",
                    "195561005819661276361807507816859137686",
                    "301682403224686008359860802743155404003"
                ]
            },
            "id": "ASB-A-253167854-4acc8175",
            "source": "https://android.googlesource.com/kernel/common/+/4158b1508f2b1",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "mm/rmap.c"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 749.0,
                "function_hash": "248798089287116874307980156262571407947"
            },
            "id": "ASB-A-253167854-630a7523",
            "source": "https://android.googlesource.com/kernel/common/+/4158b1508f2b1",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "mm/rmap.c",
                "function": "__anon_vma_prepare"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "28529880573164184256702864318383047754",
                    "13882231745604494488027443938890665830",
                    "16698794253301106328322973646249352856",
                    "339657138332194339729048279335610990480",
                    "22055166315496536466008059418266599137",
                    "118371139073832862477863072944397281468"
                ]
            },
            "id": "ASB-A-253167854-8e0402c8",
            "source": "https://android.googlesource.com/kernel/common/+/4158b1508f2b1",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "include/linux/rmap.h"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 749.0,
                "function_hash": "43011515890785096118418955014559653648"
            },
            "id": "ASB-A-253167854-8e3825c2",
            "source": "https://android.googlesource.com/kernel/common/+/4158b1508f2b1",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "mm/rmap.c",
                "function": "unlink_anon_vmas"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 706.0,
                "function_hash": "253495737710119128415430282118805701955"
            },
            "id": "ASB-A-253167854-b162bc81",
            "source": "https://android.googlesource.com/kernel/common/+/4158b1508f2b1",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "mm/rmap.c",
                "function": "anon_vma_clone"
            },
            "signature_type": "Function"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/kernel/common/+/4158b1508f2b1"
    ],
    "spl": "2023-07-05",
    "severity": "High",
    "types": [
        "EoP"
    ]
}