ASB-A-265303544

See a problem?
Import Source
https://storage.googleapis.com/android-osv/ASB-A-265303544.json
JSON Data
https://api.osv.dev/v1/vulns/ASB-A-265303544
Aliases
Published
2023-05-01T00:00:00Z
Modified
2024-11-06T16:45:39.809623Z
Summary
[none]
Details

In ctlelemreaduser, ctlelemwriteuser of control_compat.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

References

Affected packages

Android / :linux_kernel:

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
:0
Fixed
:2023-05-05

Affected versions

Other

Kernel

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 1120.0,
                "function_hash": "108546834540970082224391656027863927244"
            },
            "id": "ASB-A-265303544-1c383694",
            "source": "https://android.googlesource.com/kernel/common/+/cc6c5c7fa237f65b08b9618188efe4b24b9cd886",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "sound/core/control.c",
                "function": "snd_ctl_elem_read"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 432.0,
                "function_hash": "110624146881422686246579966075625091336"
            },
            "id": "ASB-A-265303544-a3d349d4",
            "source": "https://android.googlesource.com/kernel/common/+/cc6c5c7fa237f65b08b9618188efe4b24b9cd886",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "sound/core/control.c",
                "function": "snd_ctl_elem_read_user"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "186607239495494521708467879435343065615",
                    "212664839145390613949645046363591000271",
                    "149113412087965249285789999789759829250",
                    "38831955080342594281681030311705626136",
                    "2537851518482303166650449799008285652",
                    "229097576403856898208282461426400186192",
                    "40668920917381371557727796699509832693",
                    "269030988961068168477352165339310355473",
                    "34683639759013372286990791926674267764",
                    "70533672557710452064723629541716687229",
                    "294271495427283444300796166215170512256",
                    "181425378123470567080983780060214632848",
                    "20729971361921587414157959717294908533",
                    "193093375844389302646809722951735316713",
                    "300087900115591481794084679833867949444",
                    "307970832768720826231072904430866452061",
                    "82581469905076220839769012484966017757",
                    "323474068548694245121911692978069740543",
                    "87189583438830893185036350527740470068",
                    "218168557449617070597694659820908984599",
                    "217050888083783622938933330720759435266",
                    "172039338081040665959204736151636134986",
                    "4290970684720465065950032129580990899",
                    "61328621556464847727911229436532507196",
                    "143410256173377944969896050248475418633",
                    "85577603903434646525647638053671613602",
                    "256411198170490882597005897306046760777",
                    "150441140108143852574155293743550206083",
                    "219844924398793537918222388243334597605"
                ]
            },
            "id": "ASB-A-265303544-b3a84caf",
            "source": "https://android.googlesource.com/kernel/common/+/cc6c5c7fa237f65b08b9618188efe4b24b9cd886",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "sound/core/control.c"
            },
            "signature_type": "Line"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/kernel/common/+/cc6c5c7fa237f65b08b9618188efe4b24b9cd886"
    ],
    "spl": "2023-05-05",
    "severity": "Moderate",
    "types": [
        "EoP"
    ]
}