PUB-A-229742774
See a problem?- Import Source
- https://storage.googleapis.com/android-osv/PUB-A-229742774.json
- JSON Data
- https://api.osv.dev/v1/vulns/PUB-A-229742774
- Aliases
-
- A-229742774
- CVE-2022-20526
- Published
- 2022-12-01T00:00:00Z
- Modified
- 2026-05-22T15:55:21.353668239Z
- Summary
- [none]
- Details
-
In CanvasContext::draw of CanvasContext.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
- References
Affected packages
Android / platform/frameworks/base
Package
Ecosystem specific
{
"spl": "2022-12-01",
"vanir_signatures": [
{
"id": "PUB-A-229742774-103e86d9",
"target": {
"file": "libs/hwui/FrameInfoVisualizer.cpp"
},
"signature_version": "v1",
"match_only_versions": [
"13"
],
"digest": {
"threshold": 0.9,
"line_hashes": [
"332575304169604046373995395576761201456",
"329301664017695044908573214346195847286",
"257037388195589102935482116407481014853",
"171455927107890126776726322188613058790"
]
},
"deprecated": false,
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/frameworks/base/+/5d28aee1b1ac76e73db174535802bd2cc6069909"
},
{
"id": "PUB-A-229742774-590cae2c",
"target": {
"file": "libs/hwui/FrameInfoVisualizer.cpp",
"function": "FrameInfoVisualizer::nextBarSegment"
},
"signature_version": "v1",
"match_only_versions": [
"13"
],
"digest": {
"length": 638.0,
"function_hash": "77236501572456398032443108328482488218"
},
"deprecated": false,
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/frameworks/base/+/5d28aee1b1ac76e73db174535802bd2cc6069909"
},
{
"id": "PUB-A-229742774-85194b62",
"target": {
"file": "libs/hwui/renderthread/CanvasContext.cpp",
"function": "CanvasContext::onSurfaceStatsAvailable"
},
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/base/+/5d28aee1b1ac76e73db174535802bd2cc6069909",
"deprecated": false,
"digest": {
"length": 860.0,
"function_hash": "4570008046076987509615668333020167213"
},
"signature_type": "Function"
},
{
"id": "PUB-A-229742774-956cbf37",
"target": {
"file": "libs/hwui/renderthread/CanvasContext.cpp"
},
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/base/+/5d28aee1b1ac76e73db174535802bd2cc6069909",
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"136036484645580033590034926786381783113",
"286182598713294241382167997903296974850",
"208520091836852653793089187179183660920",
"34495167826175740236009714883912152891",
"176910068477763083712927446041636024693",
"235146050989470696510493056667434466956",
"134755034926969709763907032505494704978",
"132608253427553793286476480970960557634",
"8956288746563152474906955038773292284",
"103188423544935536618636123577602863303",
"33958679328751432236185906336983336374",
"248517836361100168985139186596235949564",
"94596338033748485168029896863827351169",
"126662666419580173960697217552828704436",
"244759753838698840204309196174112839226"
]
},
"signature_type": "Line"
},
{
"id": "PUB-A-229742774-981a678e",
"target": {
"file": "libs/hwui/renderthread/CanvasContext.cpp",
"function": "CanvasContext::draw"
},
"signature_version": "v1",
"signature_type": "Function",
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/5d28aee1b1ac76e73db174535802bd2cc6069909",
"digest": {
"length": 4629.0,
"function_hash": "21084141182325107831168949708426691438"
}
}
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/5d28aee1b1ac76e73db174535802bd2cc6069909"
],
"types": [
"EoP"
],
"severity": "Low"
}