PUB-A-219513976

See a problem?

Import Source

https://storage.googleapis.com/android-osv/PUB-A-219513976.json

JSON Data

https://api.osv.dev/v1/vulns/PUB-A-219513976

Aliases

A-219513976
CVE-2022-20148

Published

2022-06-01T00:00:00Z

Modified

2024-11-06T12:16:03.231308Z

Summary

[none]

Details

In TBD of TBD, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege in the kernel with System execution privileges needed. User interaction is not needed for exploitation.

References

Affected packages

Android / :linux_kernel:

Package

Name: :linux_kernel:

Affected ranges

Type: ECOSYSTEM
Events: Introduced

:0

Fixed

:2022-06-05

Affected versions

Other

Kernel

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "100550003805936508978399047396326224371",
                    "171810357572506426255619989224019930958",
                    "284885123953262004139666634273452505732",
                    "225098806647677938088022812972113366532"
                ]
            },
            "id": "PUB-A-219513976-5b42cc8b",
            "source": "https://android.googlesource.com/kernel/common/+/528611246fcbd",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "fs/f2fs/segment.c"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "275524825056871943550649434064986060158",
                    "18927195407250780513485689513467948271",
                    "117170156640733490049054414317855245112",
                    "75566913145128028525066547198824834806"
                ]
            },
            "id": "PUB-A-219513976-884f6cae",
            "source": "https://android.googlesource.com/kernel/common/+/528611246fcbd",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "fs/f2fs/node.h"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 1211.0,
                "function_hash": "124795099909584009493040841190699187516"
            },
            "id": "PUB-A-219513976-968de9a4",
            "source": "https://android.googlesource.com/kernel/common/+/528611246fcbd",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "fs/f2fs/segment.c",
                "function": "issue_discard_thread"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 10895.0,
                "function_hash": "73922163594570922536534468179859994660"
            },
            "id": "PUB-A-219513976-969455e5",
            "source": "https://android.googlesource.com/kernel/common/+/591f4296cc0ec",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "fs/f2fs/super.c",
                "function": "f2fs_fill_super"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "164794814252404592396856061901572293866",
                    "302718834081509623251213419733649194900",
                    "86969399921663805006140175577701133664",
                    "319820189924798219988047065114688845304",
                    "155081408156856591448869104553061554010",
                    "226454674697238250232309970998124516266",
                    "99786372657074736536655489455922278116",
                    "128713118076494478372631901848533363002",
                    "77394357389440150691911950026098680435",
                    "35990866368908636322316629771688518032",
                    "316737431451238317545788166880694529035",
                    "148153745301289592432815959347836340118"
                ]
            },
            "id": "PUB-A-219513976-c04b5e75",
            "source": "https://android.googlesource.com/kernel/common/+/528611246fcbd",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "fs/f2fs/node.c"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 1479.0,
                "function_hash": "241266305705586423821221299052759637553"
            },
            "id": "PUB-A-219513976-ea2d1eb6",
            "source": "https://android.googlesource.com/kernel/common/+/528611246fcbd",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "fs/f2fs/node.c",
                "function": "f2fs_available_free_memory"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "297045096466490533789788922437153138842",
                    "113917250405168422863723285243872347872",
                    "28481845303400581227335460415412101085",
                    "337534317556263621772141779692703110544"
                ]
            },
            "id": "PUB-A-219513976-ebc65da1",
            "source": "https://android.googlesource.com/kernel/common/+/591f4296cc0ec",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "fs/f2fs/super.c"
            },
            "signature_type": "Line"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/kernel/common/+/528611246fcbd",
        "https://android.googlesource.com/kernel/common/+/591f4296cc0ec"
    ],
    "spl": "2022-06-05",
    "severity": "Moderate",
    "types": [
        "EoP"
    ]
}