ASB-A-213850092

See a problem?
Import Source
https://storage.googleapis.com/android-osv/ASB-A-213850092.json
JSON Data
https://api.osv.dev/v1/vulns/ASB-A-213850092
Aliases
  • A-213850092
  • CVE-2022-20228
Published
2022-07-01T00:00:00Z
Modified
2024-08-07T19:30:09.186752Z
Summary
C2FuzzerVorbisDec: Heap-use-after-free in android::C2DmaBufAllocation::unmap
Details

In various functions of C2DmaBufAllocator.cpp, there is a possible memory corruption due to a use after free. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.

References

Affected packages

Android / platform/frameworks/av

Affected ranges

Type
ECOSYSTEM
Events
Introduced
12:0
Fixed
12:2022-07-01

Affected versions

Other

12

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "192227934232514726557426748198738623410",
                    "317255628712816926328077450866894228452",
                    "311631332125272066488853762979160572930",
                    "200969091410336481141966200584404115575",
                    "51559047303558521212122549833089270220",
                    "74221046007737194667233700832096575063",
                    "228252480631705538231742767406619682407",
                    "22492156979977295798095182627872838035",
                    "231399710022428264346164184280306177067",
                    "211655241687773405580550050359533509495",
                    "194651649701829123340808045550149298755",
                    "88287981816864687367563400153199024117",
                    "21133483344499622561215568506296204047",
                    "44914622061145209070180209937845868801",
                    "194300837437827142635570084323525444759",
                    "21270117293079764063673154557878170952",
                    "235620155372164143951842304285161307163",
                    "310040829824071364552459800808268420305",
                    "320746817924010270769999961346433377402",
                    "181590233791588607348333510668637482539",
                    "37077830568388809013384498335522893334",
                    "287683952838851208945788423954754367332",
                    "314318985694173977636984479840306674552",
                    "123801798367134975462997417348237060122",
                    "314686063585001825113132334808958923677",
                    "195903363165327730377140988313203592017",
                    "316461725082244718898528055752115183257",
                    "66275611729325449737339854251446508253",
                    "274283264904369067223163265774635421682",
                    "154925317047249732204408814864411678525",
                    "93064771771212267697144890968037783838",
                    "54456604817051958429238255474257769216",
                    "4415980063983488735625236013337988711",
                    "121665763636476463751885739650815948483",
                    "39325296754708017965824161051703363402",
                    "239240393691106160585830857877140432688",
                    "239670772907459229346688508752068172892",
                    "332859814753134252708024752127214576688",
                    "90661642236740509347713288329185464032",
                    "134868697679941322428296847329038362219",
                    "59162336919209653723894857708251608234",
                    "295312956171829762994738736568944178687",
                    "268734471588714994898013031994459612349",
                    "103233899701424350933302057997214161275",
                    "242604353954162070547450642583046068316",
                    "59287285465733016241748955774357058775",
                    "141394885991717466741112758253931869448",
                    "27028203555431716372373482172836092522",
                    "332407439834065522916652423857843263185",
                    "18370254986684097256761458897809386866",
                    "324916189533104502194359447110009875807",
                    "119736582797376422820720639432704534758",
                    "10138077624400305967329662390503689073",
                    "168087749518512853078711943852155356037",
                    "34445881603422342436620705275987892025"
                ]
            },
            "id": "ASB-A-213850092-15618e38",
            "source": "https://android.googlesource.com/platform/frameworks/av/+/5cbca291a6d288fa6d471c0dc223537ca12700d3",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "media/codec2/vndk/C2AllocatorIon.cpp"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 784.0,
                "function_hash": "167525502730782928918426667957436792503"
            },
            "id": "ASB-A-213850092-3de18407",
            "source": "https://android.googlesource.com/platform/frameworks/av/+/5cbca291a6d288fa6d471c0dc223537ca12700d3",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "media/codec2/vndk/C2DmaBufAllocator.cpp",
                "function": "C2DmaBufAllocation::unmap"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 308.0,
                "function_hash": "84751803150063703769184018163581837046"
            },
            "id": "ASB-A-213850092-ae3bd88b",
            "source": "https://android.googlesource.com/platform/frameworks/av/+/5cbca291a6d288fa6d471c0dc223537ca12700d3",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "media/codec2/vndk/C2DmaBufAllocator.cpp",
                "function": "C2DmaBufAllocation::~C2DmaBufAllocation"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 718.0,
                "function_hash": "81310799912256614906691639230053021652"
            },
            "id": "ASB-A-213850092-b4f4e2cc",
            "source": "https://android.googlesource.com/platform/frameworks/av/+/5cbca291a6d288fa6d471c0dc223537ca12700d3",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "media/codec2/vndk/C2DmaBufAllocator.cpp",
                "function": "C2DmaBufAllocation::map"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "189398025276921510662259629929679625504",
                    "190124384050380137500313740546362094636",
                    "318442528087732575042734206245950164334",
                    "200969091410336481141966200584404115575",
                    "324916189533104502194359447110009875807",
                    "138764542055880364928204930256352419840",
                    "146103464064372951264048699517613775573",
                    "6270207401994686947099272090192686013",
                    "30164083190354049957389761680047008013",
                    "74221046007737194667233700832096575063",
                    "228252480631705538231742767406619682407",
                    "22492156979977295798095182627872838035",
                    "31133979089634078623668486667043461080",
                    "60589161606239541530292977430291225801",
                    "79833116189996246325763992945216508705",
                    "21133483344499622561215568506296204047",
                    "268245298036413543952179369188266135625",
                    "88782410469043552503251570297246250434",
                    "268910806458056956348636141379258945740",
                    "53357948951561565206560574069236934778",
                    "310040829824071364552459800808268420305",
                    "122504346484478287434413399803169473137",
                    "282596664588746285551602688336961958615",
                    "304059659473115756915233644411737299832",
                    "123801798367134975462997417348237060122",
                    "121665763636476463751885739650815948483",
                    "63908884897072704198123042693509587337",
                    "19985124781375086165144574996702862129",
                    "136847701873993135194624429221300571733",
                    "290727991407667733996424948630674831692",
                    "268767516241136795539513431389130295542",
                    "122684162537915230232268244634080548700",
                    "232241272674342874416045558473089824839",
                    "333103102776945917657126086317281240904",
                    "312083599223791841006018271297194341200"
                ]
            },
            "id": "ASB-A-213850092-dd690a7b",
            "source": "https://android.googlesource.com/platform/frameworks/av/+/5cbca291a6d288fa6d471c0dc223537ca12700d3",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "media/codec2/vndk/C2DmaBufAllocator.cpp"
            },
            "signature_type": "Line"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/av/+/5cbca291a6d288fa6d471c0dc223537ca12700d3"
    ],
    "spl": "2022-07-01",
    "severity": "High",
    "types": [
        "ID"
    ]
}

Android / platform/frameworks/av

Affected ranges

Type
ECOSYSTEM
Events
Introduced
12L:0
Fixed
12L:2022-07-01

Affected versions

Other

12L

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "192227934232514726557426748198738623410",
                    "317255628712816926328077450866894228452",
                    "311631332125272066488853762979160572930",
                    "200969091410336481141966200584404115575",
                    "51559047303558521212122549833089270220",
                    "74221046007737194667233700832096575063",
                    "228252480631705538231742767406619682407",
                    "22492156979977295798095182627872838035",
                    "231399710022428264346164184280306177067",
                    "211655241687773405580550050359533509495",
                    "194651649701829123340808045550149298755",
                    "88287981816864687367563400153199024117",
                    "21133483344499622561215568506296204047",
                    "44914622061145209070180209937845868801",
                    "194300837437827142635570084323525444759",
                    "21270117293079764063673154557878170952",
                    "235620155372164143951842304285161307163",
                    "310040829824071364552459800808268420305",
                    "320746817924010270769999961346433377402",
                    "181590233791588607348333510668637482539",
                    "37077830568388809013384498335522893334",
                    "287683952838851208945788423954754367332",
                    "314318985694173977636984479840306674552",
                    "123801798367134975462997417348237060122",
                    "314686063585001825113132334808958923677",
                    "195903363165327730377140988313203592017",
                    "316461725082244718898528055752115183257",
                    "66275611729325449737339854251446508253",
                    "274283264904369067223163265774635421682",
                    "154925317047249732204408814864411678525",
                    "93064771771212267697144890968037783838",
                    "54456604817051958429238255474257769216",
                    "4415980063983488735625236013337988711",
                    "121665763636476463751885739650815948483",
                    "39325296754708017965824161051703363402",
                    "239240393691106160585830857877140432688",
                    "239670772907459229346688508752068172892",
                    "332859814753134252708024752127214576688",
                    "90661642236740509347713288329185464032",
                    "134868697679941322428296847329038362219",
                    "59162336919209653723894857708251608234",
                    "295312956171829762994738736568944178687",
                    "268734471588714994898013031994459612349",
                    "103233899701424350933302057997214161275",
                    "242604353954162070547450642583046068316",
                    "59287285465733016241748955774357058775",
                    "141394885991717466741112758253931869448",
                    "27028203555431716372373482172836092522",
                    "332407439834065522916652423857843263185",
                    "18370254986684097256761458897809386866",
                    "324916189533104502194359447110009875807",
                    "119736582797376422820720639432704534758",
                    "10138077624400305967329662390503689073",
                    "168087749518512853078711943852155356037",
                    "34445881603422342436620705275987892025"
                ]
            },
            "id": "ASB-A-213850092-00e274be",
            "source": "https://android.googlesource.com/platform/frameworks/av/+/5cbca291a6d288fa6d471c0dc223537ca12700d3",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "media/codec2/vndk/C2AllocatorIon.cpp"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "189398025276921510662259629929679625504",
                    "190124384050380137500313740546362094636",
                    "318442528087732575042734206245950164334",
                    "200969091410336481141966200584404115575",
                    "324916189533104502194359447110009875807",
                    "138764542055880364928204930256352419840",
                    "146103464064372951264048699517613775573",
                    "6270207401994686947099272090192686013",
                    "30164083190354049957389761680047008013",
                    "74221046007737194667233700832096575063",
                    "228252480631705538231742767406619682407",
                    "22492156979977295798095182627872838035",
                    "31133979089634078623668486667043461080",
                    "60589161606239541530292977430291225801",
                    "79833116189996246325763992945216508705",
                    "21133483344499622561215568506296204047",
                    "268245298036413543952179369188266135625",
                    "88782410469043552503251570297246250434",
                    "268910806458056956348636141379258945740",
                    "53357948951561565206560574069236934778",
                    "310040829824071364552459800808268420305",
                    "122504346484478287434413399803169473137",
                    "282596664588746285551602688336961958615",
                    "304059659473115756915233644411737299832",
                    "123801798367134975462997417348237060122",
                    "121665763636476463751885739650815948483",
                    "63908884897072704198123042693509587337",
                    "19985124781375086165144574996702862129",
                    "136847701873993135194624429221300571733",
                    "290727991407667733996424948630674831692",
                    "268767516241136795539513431389130295542",
                    "122684162537915230232268244634080548700",
                    "232241272674342874416045558473089824839",
                    "333103102776945917657126086317281240904",
                    "312083599223791841006018271297194341200"
                ]
            },
            "id": "ASB-A-213850092-0609e4bd",
            "source": "https://android.googlesource.com/platform/frameworks/av/+/5cbca291a6d288fa6d471c0dc223537ca12700d3",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "media/codec2/vndk/C2DmaBufAllocator.cpp"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 308.0,
                "function_hash": "84751803150063703769184018163581837046"
            },
            "id": "ASB-A-213850092-58f7ed62",
            "source": "https://android.googlesource.com/platform/frameworks/av/+/5cbca291a6d288fa6d471c0dc223537ca12700d3",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "media/codec2/vndk/C2DmaBufAllocator.cpp",
                "function": "C2DmaBufAllocation::~C2DmaBufAllocation"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 784.0,
                "function_hash": "167525502730782928918426667957436792503"
            },
            "id": "ASB-A-213850092-8c6acba6",
            "source": "https://android.googlesource.com/platform/frameworks/av/+/5cbca291a6d288fa6d471c0dc223537ca12700d3",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "media/codec2/vndk/C2DmaBufAllocator.cpp",
                "function": "C2DmaBufAllocation::unmap"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 718.0,
                "function_hash": "81310799912256614906691639230053021652"
            },
            "id": "ASB-A-213850092-d009792b",
            "source": "https://android.googlesource.com/platform/frameworks/av/+/5cbca291a6d288fa6d471c0dc223537ca12700d3",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "media/codec2/vndk/C2DmaBufAllocator.cpp",
                "function": "C2DmaBufAllocation::map"
            },
            "signature_type": "Function"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/av/+/5cbca291a6d288fa6d471c0dc223537ca12700d3"
    ],
    "spl": "2022-07-01",
    "severity": "High",
    "types": [
        "ID"
    ]
}