PUB-A-228523213

See a problem?

Import Source

https://storage.googleapis.com/android-osv/PUB-A-228523213.json

JSON Data

https://api.osv.dev/v1/vulns/PUB-A-228523213

Aliases

A-228523213
CVE-2022-20524

Published

2022-12-01T00:00:00Z

Modified

2026-04-17T15:55:28.020024Z

Summary

[none]

Details

In compose of Vibrator.cpp, there is a possible arbitrary code execution due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

References

Affected packages

Android / platform/hardware/interfaces

Package

Name: platform/hardware/interfaces

Affected ranges

Type: ECOSYSTEM
Events: Introduced

13:0

Fixed

13:2022-12-01

Affected versions

Other

Ecosystem specific

{
    "severity": "Moderate",
    "fixes": [
        "https://android.googlesource.com/platform/hardware/interfaces/+/608655b45078e310fdc233b7dab325ac5abb9aae"
    ],
    "spl": "2022-12-01",
    "vanir_signatures": [
        {
            "signature_version": "v1",
            "source": "https://android.googlesource.com/platform/hardware/interfaces/+/608655b45078e310fdc233b7dab325ac5abb9aae",
            "target": {
                "function": "Vibrator::compose",
                "file": "vibrator/aidl/default/Vibrator.cpp"
            },
            "deprecated": false,
            "digest": {
                "function_hash": "117130774669409857063412071531567389165",
                "length": 1139.0
            },
            "signature_type": "Function",
            "id": "PUB-A-228523213-2dd3ec5b"
        },
        {
            "signature_version": "v1",
            "source": "https://android.googlesource.com/platform/hardware/interfaces/+/608655b45078e310fdc233b7dab325ac5abb9aae",
            "target": {
                "file": "vibrator/aidl/default/Vibrator.cpp"
            },
            "deprecated": false,
            "digest": {
                "line_hashes": [
                    "137113212944455505595984517359609983707",
                    "335075521863027633565734272190078559092",
                    "204580950817905752338340407551275112154",
                    "140385963569528161743810481876384203007",
                    "318895696344917804675620433413266868091",
                    "285323402050139333162301359377394323723",
                    "54730117134372829604422994571902155397",
                    "279477816286468920600703993624276505236",
                    "241648474350781388323088083648116361874",
                    "4513601005160789433733085062492078791",
                    "247070909339722821364844509451551885792",
                    "185397770891738426885666745588193197906",
                    "30168539055241161394251047116541952088",
                    "280366042502374237525633356860142182585",
                    "167509643502859382776909790525618082094",
                    "170678752709944669269716094535087031638",
                    "266817190545869651818981895912870315734",
                    "97110324255583107309625186198566903209",
                    "298807921226603847089415162752481577904",
                    "131374671433377509151083402036031180699"
                ],
                "threshold": 0.9
            },
            "signature_type": "Line",
            "id": "PUB-A-228523213-40ac193d"
        },
        {
            "deprecated": false,
            "digest": {
                "line_hashes": [
                    "54613332248356254112916616052195213942",
                    "17034216959182564606696825685731436741",
                    "103146724595776529429533467694371502124",
                    "325373083386355576381742031835850724099"
                ],
                "threshold": 0.9
            },
            "signature_type": "Line",
            "signature_version": "v1",
            "source": "https://android.googlesource.com/platform/hardware/interfaces/+/608655b45078e310fdc233b7dab325ac5abb9aae",
            "target": {
                "file": "vibrator/aidl/default/VibratorManager.cpp"
            },
            "match_only_versions": [
                "13"
            ],
            "id": "PUB-A-228523213-5349264a"
        },
        {
            "signature_version": "v1",
            "source": "https://android.googlesource.com/platform/hardware/interfaces/+/608655b45078e310fdc233b7dab325ac5abb9aae",
            "target": {
                "function": "Vibrator::perform",
                "file": "vibrator/aidl/default/Vibrator.cpp"
            },
            "deprecated": false,
            "digest": {
                "function_hash": "320702196129629212860008786629199084442",
                "length": 710.0
            },
            "signature_type": "Function",
            "id": "PUB-A-228523213-6ada12e4"
        },
        {
            "deprecated": false,
            "digest": {
                "function_hash": "228321586261239167258912563811714797003",
                "length": 299.0
            },
            "signature_type": "Function",
            "signature_version": "v1",
            "source": "https://android.googlesource.com/platform/hardware/interfaces/+/608655b45078e310fdc233b7dab325ac5abb9aae",
            "target": {
                "function": "VibratorManager::triggerSynced",
                "file": "vibrator/aidl/default/VibratorManager.cpp"
            },
            "match_only_versions": [
                "13"
            ],
            "id": "PUB-A-228523213-6f3dc623"
        },
        {
            "signature_version": "v1",
            "source": "https://android.googlesource.com/platform/hardware/interfaces/+/608655b45078e310fdc233b7dab325ac5abb9aae",
            "target": {
                "function": "Vibrator::composePwle",
                "file": "vibrator/aidl/default/Vibrator.cpp"
            },
            "deprecated": false,
            "digest": {
                "function_hash": "129286636322486162554207820906498819005",
                "length": 2399.0
            },
            "signature_type": "Function",
            "id": "PUB-A-228523213-b3acb21d"
        },
        {
            "signature_version": "v1",
            "source": "https://android.googlesource.com/platform/hardware/interfaces/+/608655b45078e310fdc233b7dab325ac5abb9aae",
            "target": {
                "function": "Vibrator::on",
                "file": "vibrator/aidl/default/Vibrator.cpp"
            },
            "deprecated": false,
            "digest": {
                "function_hash": "306478687497055041045970042818010893123",
                "length": 461.0
            },
            "signature_type": "Function",
            "id": "PUB-A-228523213-be0b3974"
        }
    ],
    "types": [
        "EoP"
    ]
}

Database specific

source

"https://storage.googleapis.com/android-osv/PUB-A-228523213.json"