PUB-A-182815710
See a problem?- Import Source
- https://storage.googleapis.com/android-osv/PUB-A-182815710.json
- JSON Data
- https://api.osv.dev/v1/vulns/PUB-A-182815710
- Aliases
-
- A-182815710
- CVE-2022-20158
- Published
- 2022-08-01T00:00:00Z
- Modified
- 2024-11-26T22:41:38.593861Z
- Summary
- [none]
- Details
-
In bdiput and bdiunregister of backing-dev.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
- References
Affected packages
Android / :linux_kernel:
Package
- Name
- :linux_kernel:
Ecosystem specific
{
"vanir_signatures": [
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"113215513242572373501115177095692480700",
"146376740562450085479430119081051201234",
"167845098314143482835205259979813114407",
"236196975693995146280669780473702745176",
"179713941776304459402223690009765683179",
"207534210488843669084278475330134141879",
"320215819632338481320743497810732588942",
"128075904718979113341398525991717430481",
"147126970876245669418538450732936814785",
"241440682663761525252903724063500113711"
]
},
"id": "PUB-A-182815710-0b9a609f",
"source": "https://android.googlesource.com/kernel/common/+/69e8f03c5ced3e4e6fb4181f4dac185104e3420b",
"deprecated": true,
"signature_version": "v1",
"target": {
"file": "mm/backing-dev.c"
},
"signature_type": "Line"
},
{
"digest": {
"length": 422.0,
"function_hash": "119294102589541230230989006184100759164"
},
"id": "PUB-A-182815710-49e1c804",
"source": "https://android.googlesource.com/kernel/common/+/80d91b86a199798ee2321a0ab0f09e6e12764678",
"deprecated": true,
"signature_version": "v1",
"target": {
"file": "fs/super.c",
"function": "super_setup_bdi_name"
},
"signature_type": "Function"
},
{
"digest": {
"length": 813.0,
"function_hash": "198982860961498878349235759223809766837"
},
"id": "PUB-A-182815710-502e390a",
"source": "https://android.googlesource.com/kernel/common/+/80d91b86a199798ee2321a0ab0f09e6e12764678",
"deprecated": true,
"signature_version": "v1",
"target": {
"file": "fs/super.c",
"function": "generic_shutdown_super"
},
"signature_type": "Function"
},
{
"digest": {
"length": 333.0,
"function_hash": "191935921694015649765081903418196938719"
},
"id": "PUB-A-182815710-65fe396e",
"source": "https://android.googlesource.com/kernel/common/+/69e8f03c5ced3e4e6fb4181f4dac185104e3420b",
"deprecated": true,
"signature_version": "v1",
"target": {
"file": "mm/backing-dev.c",
"function": "bdi_unregister"
},
"signature_type": "Function"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"245186888783296841206310521981694865194",
"52605353847176674651244620841010243214",
"92369602758052413382318932991536994237",
"8012670222047561370461500628183984996",
"127057961633548355314666410211495682467",
"3068827643211051924240955389725174270",
"292492477069466682508650815827596805901",
"133487563510134085865046698037949369604"
]
},
"id": "PUB-A-182815710-66e60689",
"source": "https://android.googlesource.com/kernel/common/+/80d91b86a199798ee2321a0ab0f09e6e12764678",
"deprecated": true,
"signature_version": "v1",
"target": {
"file": "fs/super.c"
},
"signature_type": "Line"
},
{
"digest": {
"length": 517.0,
"function_hash": "104154573921309456992889799016996082195"
},
"id": "PUB-A-182815710-f6524f6e",
"source": "https://android.googlesource.com/kernel/common/+/69e8f03c5ced3e4e6fb4181f4dac185104e3420b",
"deprecated": true,
"signature_version": "v1",
"target": {
"file": "mm/backing-dev.c",
"function": "bdi_register_va"
},
"signature_type": "Function"
}
],
"fixes": [
"https://android.googlesource.com/kernel/common/+/69e8f03c5ced3e4e6fb4181f4dac185104e3420b",
"https://android.googlesource.com/kernel/common/+/80d91b86a199798ee2321a0ab0f09e6e12764678"
],
"spl": "2022-08-05",
"severity": "Moderate",
"types": [
"EoP"
]
}