PUB-A-174846563

See a problem?
Import Source
https://storage.googleapis.com/android-osv/PUB-A-174846563.json
JSON Data
https://api.osv.dev/v1/vulns/PUB-A-174846563
Aliases
A-174846563
CVE-2022-20154
Published
2022-06-01T00:00:00Z
Modified
2024-11-06T12:16:03.231308Z
Summary
[none]
Details
In locksocknested of sock.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
References
Affected packages

Android / :linux_kernel:

Package

Name: :linux_kernel:
Affected ranges

Type: ECOSYSTEM
Events: Introduced

:0

Fixed

:2022-06-05
Affected versions

Other

Kernel
Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "23347061211291941481806857906102284911",
                    "177002230662709273784008017188721606951",
                    "48376934442674723451773150477588234907",
                    "182299074923096271849129184776724678993",
                    "338676634134201886380325063000256267269",
                    "291290793429430997008888280029755099487",
                    "144172288641749097597953834940837677490",
                    "336369842191703597786746992019606580619",
                    "71065391040256152326279089265785663849",
                    "323652614636588655306470968658792666077",
                    "85746989684007224125230686831696881199",
                    "59410769388531461730540176810929051063",
                    "217131076971137137259778968319834908859",
                    "158810023086232955152764885098882485330",
                    "338676634134201886380325063000256267269",
                    "135099952024222933799081601528028364426",
                    "97021692627629513048798716597852309642",
                    "86193371296286845210734849710227024821",
                    "297085228972537975585287790301781137066",
                    "266439521223484594231214930226963099212",
                    "271182323383272205431929266079022407078"
                ]
            },
            "id": "PUB-A-174846563-106ccc13",
            "source": "https://android.googlesource.com/kernel/common/+/769d14abd35e0",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "net/sctp/diag.c"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 76.0,
                "function_hash": "289627938984407819320593096123563229491"
            },
            "id": "PUB-A-174846563-143af40f",
            "source": "https://android.googlesource.com/kernel/common/+/769d14abd35e0",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "net/sctp/endpointola.c",
                "function": "sctp_endpoint_hold"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "309383236726669950585157689903458752515",
                    "88260067284349508674870075420060564826",
                    "155292910023572277903270872531702950838",
                    "134290720386689805509421112861744409388",
                    "137027131051176327367587178198067611650",
                    "105526423192713990914016495304444566670",
                    "6131714833563070702088356873832316837",
                    "270597856673008406909092052482272803316"
                ]
            },
            "id": "PUB-A-174846563-1541fde2",
            "source": "https://android.googlesource.com/kernel/common/+/769d14abd35e0",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "include/net/sctp/structs.h"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 607.0,
                "function_hash": "163259973829971906389599524297629906217"
            },
            "id": "PUB-A-174846563-1630c632",
            "source": "https://android.googlesource.com/kernel/common/+/769d14abd35e0",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "net/sctp/socket.c",
                "function": "sctp_for_each_transport"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 1260.0,
                "function_hash": "126825142230646115460025181308384348397"
            },
            "id": "PUB-A-174846563-22e1eacf",
            "source": "https://android.googlesource.com/kernel/common/+/769d14abd35e0",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "net/sctp/diag.c",
                "function": "sctp_sock_dump"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "21029744086309906970192052545801022644",
                    "106626585854412762394079991574934827856",
                    "50472161052762845031951012452900617485",
                    "161416688380122876796813718749523477740",
                    "201400781867629564491302620713910763644",
                    "135879850248734875220118336854112733897",
                    "237041325697964225834429682552458975556",
                    "41173980032348538667588302154121489846",
                    "113562329963194921225501512825865264236"
                ]
            },
            "id": "PUB-A-174846563-7f204eef",
            "source": "https://android.googlesource.com/kernel/common/+/769d14abd35e0",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "include/net/sctp/sctp.h"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "77193003971849626018765633387649046973",
                    "82115348930108064197334200024154074498",
                    "269294668493860627699164151471595859596",
                    "43650239782021040008766962902246222476",
                    "163270045153988776586878691775726133960",
                    "315911071379310057430653051766749740245",
                    "186201964194282393744418514394443606371",
                    "296980782533405293265090397253198875652",
                    "270293343885687206722616696434647117664",
                    "121785418128703810881838935323955722146",
                    "52695996913667367082078284090442762055",
                    "36214710859350875217012576783547298531",
                    "165385393037156771776296065381759236306",
                    "340103536046995691884541934066684729201",
                    "267199293733246693683458233170125595373",
                    "46958561471194245189831729508447736562",
                    "44096646829538136613692942564487221239",
                    "69887669591234300476500013493416067482",
                    "287433118589882673733146831615774929913",
                    "207011356434488265614941819158240886511",
                    "25771891663138874142886022233768142948",
                    "101958866392095468117239515781232537850",
                    "2021272789740270285622707479131571873",
                    "112722235892719158983243476694290259423",
                    "9146097746976765165105370416997648494",
                    "322296279780217818017213369637734780454",
                    "233689922645175987651037017009216159089",
                    "115220128488945262303025556472777370136",
                    "91704628221969302552468011035767942819"
                ]
            },
            "id": "PUB-A-174846563-8b402d12",
            "source": "https://android.googlesource.com/kernel/common/+/769d14abd35e0",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "net/sctp/socket.c"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "136705704668287840838098663425903034513",
                    "209011007118665923910912207593411207834",
                    "195304914403678243150676024956944031826",
                    "234261603079972679903775017704876541856",
                    "160982432776247276356533607157783564410",
                    "231748902300842946121468390622158524838",
                    "105702593457023692281795196419238299983",
                    "166824963132324437765813543408167983364",
                    "251960731091318363314892629619975711501",
                    "208190353853242567467607915468660235125",
                    "102563894740154053488831973439967749797",
                    "219675865577385818886984314696480683657",
                    "27342335990728957538735726433258772481",
                    "328276165476366546641643445894555965025"
                ]
            },
            "id": "PUB-A-174846563-a0e935f9",
            "source": "https://android.googlesource.com/kernel/common/+/769d14abd35e0",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "net/sctp/endpointola.c"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 618.0,
                "function_hash": "95825773360939100849072090054173255776"
            },
            "id": "PUB-A-174846563-c6208bdd",
            "source": "https://android.googlesource.com/kernel/common/+/769d14abd35e0",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "net/sctp/endpointola.c",
                "function": "sctp_endpoint_destroy"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 436.0,
                "function_hash": "219892017511828597570517694760514253467"
            },
            "id": "PUB-A-174846563-cf1e5d11",
            "source": "https://android.googlesource.com/kernel/common/+/769d14abd35e0",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "net/sctp/diag.c",
                "function": "sctp_sock_filter"
            },
            "signature_type": "Function"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/kernel/common/+/769d14abd35e0"
    ],
    "spl": "2022-06-05",
    "severity": "Moderate",
    "types": [
        "EoP"
    ]
}