PUB-A-247092734
See a problem?- Import Source
- https://storage.googleapis.com/android-osv/PUB-A-247092734.json
- JSON Data
- https://api.osv.dev/v1/vulns/PUB-A-247092734
- Aliases
-
- A-247092734
- CVE-2022-20557
- Published
- 2022-12-01T00:00:00Z
- Modified
- 2025-11-20T16:40:03.878765Z
- Summary
- [none]
- Details
-
In MessageQueueBase of MessageQueueBase.h, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
- References
Affected packages
Android / platform/system/libfmq
Package
Ecosystem specific
{
"types": [
"EoP"
],
"severity": "Moderate",
"fixes": [
"https://android.googlesource.com/platform/system/libfmq/+/98f3a08b2fb44e7cff31c26007fbe9feaac11750"
],
"vanir_signatures": [
{
"id": "PUB-A-247092734-21de4b3d",
"deprecated": false,
"digest": {
"length": 879.0,
"function_hash": "117994369638352159013783034520011204441"
},
"match_only_versions": [
"13"
],
"source": "https://android.googlesource.com/platform/system/libfmq/+/98f3a08b2fb44e7cff31c26007fbe9feaac11750",
"signature_version": "v1",
"target": {
"function": "mapGrantorDescr",
"file": "include/fmq/MessageQueueBase.h"
},
"signature_type": "Function"
},
{
"id": "PUB-A-247092734-2271c3ee",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "include/fmq/MessageQueueBase.h"
},
"source": "https://android.googlesource.com/platform/system/libfmq/+/98f3a08b2fb44e7cff31c26007fbe9feaac11750",
"digest": {
"line_hashes": [
"67484995657003224955318954683180730890",
"310898135619990053173729018601956591364",
"82562672576624295606832928781752145722",
"36725436089181828859930790851667003023",
"36537868771495100586021896887413660187",
"87011936911745103665835706938036880629",
"74203923177464633021985632458672042363",
"232120882197160868675065607234827088113",
"78069824865304482173256466857155126712",
"336954736232264469877665266232841594303",
"228275800705197611028944624404120959376",
"60674949932139451340654658068829415064",
"36962446667510517575636443169051170416",
"108173863767492490064272401368814478119",
"104312944686749705961981356789070736522",
"9072896714428533508821147921062592111",
"261465247552439670129999891517903228293",
"306534388091778377153740092955299339871",
"222777944803476103632358237644215907481",
"120333051406497396466302931774170291948",
"181723559458669636099384865386688758950",
"233213332800372462651745112802777573976",
"223819842263929424046456982381302432566",
"155891071089090743361178927813790871412",
"205681270071692416687839269517531837545",
"133169719922426619010269612848792368066",
"162389189266637103071289445205663046488",
"243589448773824964924565870326528507338",
"303233067439603952722300616709136032989",
"229473394326643855915392727541527113426",
"298058828768244214432078093146135870483",
"96786393582123770462785018165781125774",
"322864226368143761391301362506668192057",
"210560327462933430521818671067756242952"
],
"threshold": 0.9
},
"signature_type": "Line"
},
{
"id": "PUB-A-247092734-4c890400",
"deprecated": false,
"signature_version": "v1",
"target": {
"function": "TEST_F",
"file": "tests/fmq_unit_tests.cpp"
},
"source": "https://android.googlesource.com/platform/system/libfmq/+/98f3a08b2fb44e7cff31c26007fbe9feaac11750",
"digest": {
"length": 216.0,
"function_hash": "335445632229354888712475954829175856665"
},
"signature_type": "Function"
},
{
"id": "PUB-A-247092734-660aa7be",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "tests/fmq_unit_tests.cpp"
},
"source": "https://android.googlesource.com/platform/system/libfmq/+/98f3a08b2fb44e7cff31c26007fbe9feaac11750",
"digest": {
"line_hashes": [
"88394673729518826306805389435331654255",
"13861490509111225701570021441029735990",
"296169833032243481115851601427355571420",
"247889856614117105554911986368495120090",
"111263984072266053930282828466995813907",
"151979667787910445657057514611031764703",
"94973963445847237940897541065036454524",
"299899666474686650483558448134332789534",
"19057638552602960911340720082907008687",
"76042016039630806438120073358379163507",
"246733554737942011964557257519530184837",
"109966967881248564745159406551377700562"
],
"threshold": 0.9
},
"signature_type": "Line"
},
{
"id": "PUB-A-247092734-e60a228e",
"deprecated": false,
"signature_version": "v1",
"target": {
"function": "initMemory",
"file": "include/fmq/MessageQueueBase.h"
},
"source": "https://android.googlesource.com/platform/system/libfmq/+/98f3a08b2fb44e7cff31c26007fbe9feaac11750",
"digest": {
"length": 1770.0,
"function_hash": "331745186214309042994454776427126214799"
},
"signature_type": "Function"
}
],
"spl": "2022-12-01"
}