ASB-A-265016072

See a problem?
Import Source
https://storage.googleapis.com/android-osv/ASB-A-265016072.json
JSON Data
https://api.osv.dev/v1/vulns/ASB-A-265016072
Aliases
Published
2023-05-01T00:00:00Z
Modified
2025-12-01T17:12:54.802817Z
Summary
[none]
Details

In adrenosetparam of adreno_gpu.c, there is a possible memory corruption due to a double free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

References

Affected packages

Android / :linux_kernel:

Package

Name
:linux_kernel:

Affected ranges

Type
ECOSYSTEM
Events
Introduced
:0
Fixed
:2023-05-05

Affected versions

Other

Kernel

Ecosystem specific 

{
    "fixes": [
        "https://android.googlesource.com/kernel/common/+/8103d53f25ec7"
    ],
    "types": [
        "EoP"
    ],
    "severity": "High",
    "vanir_signatures": [
        {
            "id": "ASB-A-265016072-09a23a07",
            "signature_version": "v1",
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "137499823065546987751838243333912764874",
                    "313781014223327949248879367044420520162",
                    "143690902458475044838598812343736842239",
                    "70078867355138051369967558370536672710",
                    "317807581993598243132077952695981339857",
                    "247812858636199983564700080281754340264"
                ]
            },
            "deprecated": false,
            "signature_type": "Line",
            "source": "https://android.googlesource.com/kernel/common/+/8103d53f25ec7",
            "target": {
                "file": "drivers/gpu/drm/msm/adreno/adreno_gpu.c"
            }
        },
        {
            "id": "ASB-A-265016072-3e0a3903",
            "signature_version": "v1",
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "118492932545520791641655017401360173934",
                    "163526697256376568562232606184995229554",
                    "217608385893849329291499603075213132191"
                ]
            },
            "deprecated": false,
            "signature_type": "Line",
            "source": "https://android.googlesource.com/kernel/common/+/8103d53f25ec7",
            "target": {
                "file": "drivers/gpu/drm/msm/msm_gpu.c"
            }
        },
        {
            "id": "ASB-A-265016072-b1fc8290",
            "signature_version": "v1",
            "digest": {
                "length": 901.0,
                "function_hash": "38937292462211299424417340593056186837"
            },
            "deprecated": false,
            "signature_type": "Function",
            "source": "https://android.googlesource.com/kernel/common/+/8103d53f25ec7",
            "target": {
                "file": "drivers/gpu/drm/msm/adreno/adreno_gpu.c",
                "function": "adreno_set_param"
            }
        },
        {
            "id": "ASB-A-265016072-fa78c0d6",
            "signature_version": "v1",
            "digest": {
                "length": 451.0,
                "function_hash": "172533765802362585631188051682220935161"
            },
            "deprecated": false,
            "signature_type": "Function",
            "source": "https://android.googlesource.com/kernel/common/+/8103d53f25ec7",
            "target": {
                "file": "drivers/gpu/drm/msm/msm_gpu.c",
                "function": "get_comm_cmdline"
            }
        }
    ],
    "spl": "2023-05-05"
}