PUB-A-237291425

See a problem?

Import Source

https://storage.googleapis.com/android-osv/PUB-A-237291425.json

JSON Data

https://api.osv.dev/v1/vulns/PUB-A-237291425

Aliases

A-237291425
CVE-2022-20539

Published

2022-12-01T00:00:00Z

Modified

2026-04-17T15:55:28.020024Z

Summary

[none]

Details

In parameterToHal of Effect.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege in the audio server with System execution privileges needed. User interaction is not needed for exploitation.

References

Affected packages

Android / platform/hardware/interfaces

Package

Name: platform/hardware/interfaces

Affected ranges

Type: ECOSYSTEM
Events: Introduced

13:0

Fixed

13:2022-12-01

Affected versions

Other

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 555.0,
                "function_hash": "317495746485922110331306168398437462706"
            },
            "id": "PUB-A-237291425-431ce068",
            "deprecated": false,
            "target": {
                "function": "Effect::getParameterImpl",
                "file": "audio/effect/all-versions/default/Effect.cpp"
            },
            "signature_type": "Function",
            "match_only_versions": [
                "13"
            ],
            "source": "https://android.googlesource.com/platform/hardware/interfaces/+/4f110343d667159f85df5c2b787a9e9a5349bcbe",
            "signature_version": "v1"
        },
        {
            "digest": {
                "length": 535.0,
                "function_hash": "30123266802065356885115692504846696672"
            },
            "id": "PUB-A-237291425-5ff1da6d",
            "deprecated": false,
            "target": {
                "function": "Effect::parameterToHal",
                "file": "audio/effect/all-versions/default/Effect.cpp"
            },
            "signature_type": "Function",
            "match_only_versions": [
                "13"
            ],
            "source": "https://android.googlesource.com/platform/hardware/interfaces/+/4f110343d667159f85df5c2b787a9e9a5349bcbe",
            "signature_version": "v1"
        },
        {
            "digest": {
                "length": 257.0,
                "function_hash": "29579660006996074852613495412883982288"
            },
            "id": "PUB-A-237291425-69d37c7b",
            "deprecated": false,
            "target": {
                "function": "Effect::setParameterImpl",
                "file": "audio/effect/all-versions/default/Effect.cpp"
            },
            "signature_type": "Function",
            "match_only_versions": [
                "13"
            ],
            "source": "https://android.googlesource.com/platform/hardware/interfaces/+/4f110343d667159f85df5c2b787a9e9a5349bcbe",
            "signature_version": "v1"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "241345803428274514914173750033235143439",
                    "298917489403951161474252177580383745491",
                    "204918743027436695181852476445492936696",
                    "248059365483983222598316756158843715662",
                    "66822891934574946509925347350274344198"
                ]
            },
            "id": "PUB-A-237291425-bd5ae7c4",
            "deprecated": false,
            "target": {
                "file": "audio/effect/all-versions/default/Effect.h"
            },
            "signature_type": "Line",
            "match_only_versions": [
                "13"
            ],
            "source": "https://android.googlesource.com/platform/hardware/interfaces/+/4f110343d667159f85df5c2b787a9e9a5349bcbe",
            "signature_version": "v1"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "313059225383503440477440576076796639768",
                    "227621403652004929095362390026884299138",
                    "318529299587967281414003747786286545567",
                    "24771999819195088072931779467914237968",
                    "266160911258182898482401649488858568793",
                    "63132663513363580818699841070826610106",
                    "148207872206608168082714377543143285242",
                    "142613355609468974098312976183629596872",
                    "99312486785625554246400588369878169704",
                    "318637139589062211065762957205511152412",
                    "75009748631100807500709188096213170068",
                    "78691052645781660711009870316563570461",
                    "280549801420680188423824461990705934769",
                    "88997130257885229649108908344598353686",
                    "152243725183288471995187783439429214751",
                    "328470510571465043752673378022626710887",
                    "229506037448769977422689472174879608986",
                    "118651229590935032251534793302388468773",
                    "184127610439288084211946895359479852215",
                    "252561610820495140261623815577275630659",
                    "27478599967662449078636264537078252088",
                    "26180971022269590998001646870428867891",
                    "170585366046268702959843789117970440253",
                    "226573480289599342413102365773257030364",
                    "272465068728968602953041888046671296023",
                    "327956488084163979081976006159521689607"
                ]
            },
            "id": "PUB-A-237291425-dab24b9e",
            "deprecated": false,
            "target": {
                "file": "audio/effect/all-versions/default/Effect.cpp"
            },
            "signature_type": "Line",
            "match_only_versions": [
                "13"
            ],
            "source": "https://android.googlesource.com/platform/hardware/interfaces/+/4f110343d667159f85df5c2b787a9e9a5349bcbe",
            "signature_version": "v1"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "42200179381301016134820353144508083862",
                    "263620422702024950336934368050914565764",
                    "233494592712189971446162782491874540621"
                ]
            },
            "id": "PUB-A-237291425-e7638dd9",
            "deprecated": false,
            "target": {
                "file": "audio/effect/all-versions/vts/functional/VtsHalAudioEffectTargetTest.cpp"
            },
            "signature_type": "Line",
            "match_only_versions": [
                "13"
            ],
            "source": "https://android.googlesource.com/platform/hardware/interfaces/+/4f110343d667159f85df5c2b787a9e9a5349bcbe",
            "signature_version": "v1"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/hardware/interfaces/+/4f110343d667159f85df5c2b787a9e9a5349bcbe"
    ],
    "types": [
        "EoP"
    ],
    "spl": "2022-12-01",
    "severity": "Moderate"
}

Database specific

source

"https://storage.googleapis.com/android-osv/PUB-A-237291425.json"