PUB-A-237291506
See a problem?- Import Source
- https://storage.googleapis.com/android-osv/PUB-A-237291506.json
- JSON Data
- https://api.osv.dev/v1/vulns/PUB-A-237291506
- Aliases
-
- A-237291506
- CVE-2022-20540
- Published
- 2022-12-01T00:00:00Z
- Modified
- 2026-04-17T15:55:28.020024Z
- Summary
- [none]
- Details
-
In SurfaceFlinger::doDump of SurfaceFlinger.cpp, there is possible arbitrary code execution due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
- References
Affected packages
Android / platform/frameworks/native
Package
Ecosystem specific
{
"vanir_signatures": [
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"202552566103172794334449075147116261977",
"17828242352471470747654031650459973474",
"178920184540350817198664693925416737068",
"22861166017075532457214272563558181225",
"106092344314481662412359495682883828618",
"10002953465525676573429818277245464833",
"199752922789999390898171994449354968765",
"40486688523457856319539344616562793109",
"156261275014300865892894173602100980344",
"261994475144878985181199186560335943212",
"116664300387759021222945622545125784354",
"145370459592591971971703608573357510240",
"123934905376987760421715678347351933206",
"118792984744032921721784902033423144310",
"337746606604105444770841156528986888679",
"8370428410160955034372225559325938572",
"155811780327961771535423292880495748352",
"73750773721777150041906658941322049354",
"166844114380611729495132428277631231212",
"294682923990878206365699557575840182427",
"85153290377142314535769775064027372193",
"126785933011848558680650342112282968603",
"234319306269885407629505207240028504053",
"52381328539908633917726348164360209338",
"149842562003426643530537863145769810764"
]
},
"id": "PUB-A-237291506-5a7fa69b",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/frameworks/native/+/3b3e59185dc1e9a319d8ce20ac19c30a966a5a9c",
"target": {
"file": "services/surfaceflinger/SurfaceFlinger.cpp"
}
},
{
"digest": {
"length": 2609.0,
"function_hash": "84383745075848416457401126393956279062"
},
"id": "PUB-A-237291506-6b0ff607",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/frameworks/native/+/3b3e59185dc1e9a319d8ce20ac19c30a966a5a9c",
"target": {
"function": "SurfaceFlinger::doDump",
"file": "services/surfaceflinger/SurfaceFlinger.cpp"
}
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"61295553883382107246551767482679757213",
"234407580720518423129798393674012316815",
"74396831356225118241411121716367814081",
"334816721397443605868571587195675287237"
]
},
"id": "PUB-A-237291506-a39e64e4",
"deprecated": false,
"target": {
"file": "services/surfaceflinger/SurfaceFlinger.h"
},
"signature_type": "Line",
"match_only_versions": [
"13"
],
"source": "https://android.googlesource.com/platform/frameworks/native/+/3b3e59185dc1e9a319d8ce20ac19c30a966a5a9c",
"signature_version": "v1"
},
{
"digest": {
"length": 4629.0,
"function_hash": "319702184430085328226299782705555270871"
},
"id": "PUB-A-237291506-f117618b",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/frameworks/native/+/3b3e59185dc1e9a319d8ce20ac19c30a966a5a9c",
"target": {
"function": "SurfaceFlinger::dumpAllLocked",
"file": "services/surfaceflinger/SurfaceFlinger.cpp"
}
}
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/native/+/3b3e59185dc1e9a319d8ce20ac19c30a966a5a9c"
],
"types": [
"EoP"
],
"spl": "2022-12-01",
"severity": "Moderate"
}