PUB-A-236674672

See a problem?
Import Source
https://storage.googleapis.com/android-osv/PUB-A-236674672.json
JSON Data
https://api.osv.dev/v1/vulns/PUB-A-236674672
Aliases
  • A-236674672
  • CVE-2023-20925
Published
2023-01-01T00:00:00Z
Modified
2024-08-29T07:13:06.127539Z
Summary
Crash in /vendor/bin/hw/android.hardware.power-service.pixel-libperfmgr, HWAddressSanitizer: tag-mismatch on address 0x004b55830ca0 at pc 0x00645584f070 READ of size 8 at 0x004b55830ca0 tags: d1/e7 (ptr/mem) in thread T1 #0 0x645584f070 (/vendor/bin/hw/android.hardware.power-service.pixel-libperfmgr+0x1c070) (BuildId: ebb1e0133b08720363d149036875e19a)
Details

In setUclampMinLocked of PowerSessionManager.cpp, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

References

Affected packages

Android / :unknown:

Package

Name
:unknown:

Affected ranges

Type
ECOSYSTEM
Events
Introduced
Pixel-family specific:0
Fixed
Pixel-family specific:2023-01-05

Affected versions

Other

Pixel-family specific

Ecosystem specific

{
    "spl": "2023-01-05",
    "severity": "High",
    "types": [
        "EoP"
    ]
}