PUB-A-186777253

See a problem?
Import Source
https://storage.googleapis.com/android-osv/PUB-A-186777253.json
JSON Data
https://api.osv.dev/v1/vulns/PUB-A-186777253
Aliases
Published
2022-12-01T00:00:00Z
Modified
2024-11-26T22:41:38.593861Z
Summary
[none]
Details

In pppol2tpcreate of l2tpppp.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

References

Affected packages

Android / :linux_kernel:

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
:0
Fixed
:2022-12-05

Affected versions

Other

Kernel

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 708.0,
                "function_hash": "293984007239053792393002895464783282289"
            },
            "id": "PUB-A-186777253-041ee520",
            "source": "https://android.googlesource.com/kernel/common/+/d02ba2a6110c5",
            "deprecated": true,
            "signature_version": "v1",
            "target": {
                "file": "net/l2tp/l2tp_ppp.c",
                "function": "pppol2tp_release"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 43.0,
                "function_hash": "294323057906760878418382000322794272363"
            },
            "id": "PUB-A-186777253-2e567b5b",
            "source": "https://android.googlesource.com/kernel/common/+/d02ba2a6110c5",
            "deprecated": true,
            "signature_version": "v1",
            "target": {
                "file": "net/l2tp/l2tp_ppp.c",
                "function": "pppol2tp_session_close"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 3544.0,
                "function_hash": "179991157583453353224773042644488684840"
            },
            "id": "PUB-A-186777253-a6479973",
            "source": "https://android.googlesource.com/kernel/common/+/d02ba2a6110c5",
            "deprecated": true,
            "signature_version": "v1",
            "target": {
                "file": "net/l2tp/l2tp_ppp.c",
                "function": "pppol2tp_connect"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "182575051683400380894931960465293460270",
                    "178685753806527130145939611568819884419",
                    "1850072516964299076477752515431673895",
                    "332746003126512090385663152750660538099",
                    "206715486598414753925392972716920301690",
                    "71400679277680896932837079796425395426",
                    "52746169369468941750131996301860850276",
                    "47713611854444832082430249605267926768",
                    "312358480221979996624868449781133313041",
                    "116484125823057526067427707721472790146",
                    "36066541622731380503384552113773384435",
                    "140185265788267237192731343539310953229",
                    "34664956656419341483458889974431153939",
                    "295647392400199681034677004623530328573",
                    "242692838826234447879834060495856024542",
                    "309854533319731977087622714040827150998",
                    "260525937409788536081871254994411721615",
                    "325981076631152990338264140109668736596",
                    "280884623113486045427139145984924434869",
                    "20950005889287422430746244900880981558",
                    "199177039509902887901200996447003166286",
                    "87982770161656980593901281082091981266",
                    "290949446441369329208060232601829821831",
                    "57367772676137029855556717275743339173",
                    "340156842807021020085066718868762490465",
                    "101687731321824427313606518344132316024",
                    "22980883861224778956930368535141501497",
                    "115447318389753219609202532772862615552",
                    "155719772197767006418480617187557229696",
                    "39807439234609645250469819326420967718",
                    "300382491838275244404742426395349211203",
                    "77406491546908208741540789261563928343"
                ]
            },
            "id": "PUB-A-186777253-cfc1c5c7",
            "source": "https://android.googlesource.com/kernel/common/+/d02ba2a6110c5",
            "deprecated": true,
            "signature_version": "v1",
            "target": {
                "file": "net/l2tp/l2tp_ppp.c"
            },
            "signature_type": "Line"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/kernel/common/+/d02ba2a6110c5"
    ],
    "spl": "2022-12-05",
    "severity": "Moderate",
    "types": [
        "EoP"
    ]
}