PUB-A-244713317

See a problem?
Import Source
https://storage.googleapis.com/android-osv/PUB-A-244713317.json
JSON Data
https://api.osv.dev/v1/vulns/PUB-A-244713317
Aliases
  • A-244713317
  • CVE-2022-20509
Published
2022-12-01T00:00:00Z
Modified
2024-11-06T12:16:03.231308Z
Summary
[none]
Details

In mapGrantorDescr of MessageQueueBase.h, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

References

Affected packages

Android / platform/system/libfmq

Package

Name
platform/system/libfmq

Affected ranges

Type
ECOSYSTEM
Events
Introduced
13:0
Fixed
13:2022-12-01

Affected versions

Other

13

Ecosystem specific 

{
    "vanir_signatures": [
        {
            "match_only_versions": [
                "13"
            ],
            "digest": {
                "length": 879.0,
                "function_hash": "117994369638352159013783034520011204441"
            },
            "id": "PUB-A-244713317-21de4b3d",
            "source": "https://android.googlesource.com/platform/system/libfmq/+/98f3a08b2fb44e7cff31c26007fbe9feaac11750",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "include/fmq/MessageQueueBase.h",
                "function": "mapGrantorDescr"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "67484995657003224955318954683180730890",
                    "310898135619990053173729018601956591364",
                    "82562672576624295606832928781752145722",
                    "36725436089181828859930790851667003023",
                    "36537868771495100586021896887413660187",
                    "87011936911745103665835706938036880629",
                    "74203923177464633021985632458672042363",
                    "232120882197160868675065607234827088113",
                    "78069824865304482173256466857155126712",
                    "336954736232264469877665266232841594303",
                    "228275800705197611028944624404120959376",
                    "60674949932139451340654658068829415064",
                    "36962446667510517575636443169051170416",
                    "108173863767492490064272401368814478119",
                    "104312944686749705961981356789070736522",
                    "9072896714428533508821147921062592111",
                    "261465247552439670129999891517903228293",
                    "306534388091778377153740092955299339871",
                    "222777944803476103632358237644215907481",
                    "120333051406497396466302931774170291948",
                    "181723559458669636099384865386688758950",
                    "233213332800372462651745112802777573976",
                    "223819842263929424046456982381302432566",
                    "155891071089090743361178927813790871412",
                    "205681270071692416687839269517531837545",
                    "133169719922426619010269612848792368066",
                    "162389189266637103071289445205663046488",
                    "243589448773824964924565870326528507338",
                    "303233067439603952722300616709136032989",
                    "229473394326643855915392727541527113426",
                    "298058828768244214432078093146135870483",
                    "96786393582123770462785018165781125774",
                    "322864226368143761391301362506668192057",
                    "210560327462933430521818671067756242952"
                ]
            },
            "id": "PUB-A-244713317-2271c3ee",
            "source": "https://android.googlesource.com/platform/system/libfmq/+/98f3a08b2fb44e7cff31c26007fbe9feaac11750",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "include/fmq/MessageQueueBase.h"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 216.0,
                "function_hash": "335445632229354888712475954829175856665"
            },
            "id": "PUB-A-244713317-4c890400",
            "source": "https://android.googlesource.com/platform/system/libfmq/+/98f3a08b2fb44e7cff31c26007fbe9feaac11750",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "tests/fmq_unit_tests.cpp",
                "function": "TEST_F"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "88394673729518826306805389435331654255",
                    "13861490509111225701570021441029735990",
                    "296169833032243481115851601427355571420",
                    "247889856614117105554911986368495120090",
                    "111263984072266053930282828466995813907",
                    "151979667787910445657057514611031764703",
                    "94973963445847237940897541065036454524",
                    "299899666474686650483558448134332789534",
                    "19057638552602960911340720082907008687",
                    "76042016039630806438120073358379163507",
                    "246733554737942011964557257519530184837",
                    "109966967881248564745159406551377700562"
                ]
            },
            "id": "PUB-A-244713317-660aa7be",
            "source": "https://android.googlesource.com/platform/system/libfmq/+/98f3a08b2fb44e7cff31c26007fbe9feaac11750",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "tests/fmq_unit_tests.cpp"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 1770.0,
                "function_hash": "331745186214309042994454776427126214799"
            },
            "id": "PUB-A-244713317-e60a228e",
            "source": "https://android.googlesource.com/platform/system/libfmq/+/98f3a08b2fb44e7cff31c26007fbe9feaac11750",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "include/fmq/MessageQueueBase.h",
                "function": "initMemory"
            },
            "signature_type": "Function"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/system/libfmq/+/98f3a08b2fb44e7cff31c26007fbe9feaac11750"
    ],
    "spl": "2022-12-01",
    "severity": "Moderate",
    "types": [
        "EoP"
    ]
}