ASB-A-221862119

See a problem?
Import Source
https://storage.googleapis.com/android-osv/ASB-A-221862119.json
JSON Data
https://api.osv.dev/v1/vulns/ASB-A-221862119
Aliases
  • A-221862119
  • CVE-2022-20127
Published
2022-06-01T00:00:00Z
Modified
2024-08-07T19:29:40.693103Z
Summary
[Double Free in ce_t4t_data_cback Function in ce_t4t.cc in nfc]
Details

In cet4tdatacback of cet4t.cc, there is a possible out of bounds write due to a double free. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

References

Affected packages

Android / platform/system/nfc

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
12L-next:0
Fixed
12L-next:2022-06-01

Affected versions

Other

12L-next

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 5507.0,
                "function_hash": "104878374239606386092160028817565736155"
            },
            "id": "ASB-A-221862119-61ece92b",
            "source": "https://android.googlesource.com/platform/system/nfc/+/2fcf7d677bcebae5a00db43938460bcce267149e",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/nfc/tags/ce_t4t.cc",
                "function": "ce_t4t_data_cback"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "288755587739503399973484087706792439868",
                    "235957353039854732531163373805571340181",
                    "178676705441890409717555889950227732401",
                    "126937206315459210288597319086747904932"
                ]
            },
            "id": "ASB-A-221862119-736012b3",
            "source": "https://android.googlesource.com/platform/system/nfc/+/2fcf7d677bcebae5a00db43938460bcce267149e",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/nfc/tags/ce_t4t.cc"
            },
            "signature_type": "Line"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/system/nfc/+/2fcf7d677bcebae5a00db43938460bcce267149e"
    ],
    "spl": "2022-06-01",
    "severity": "Critical",
    "types": [
        "RCE"
    ]
}

Android / platform/system/nfc

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
10:0
Fixed
10:2022-06-01

Affected versions

Other

10

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "288755587739503399973484087706792439868",
                    "235957353039854732531163373805571340181",
                    "178676705441890409717555889950227732401",
                    "126937206315459210288597319086747904932"
                ]
            },
            "id": "ASB-A-221862119-343dd870",
            "source": "https://android.googlesource.com/platform/system/nfc/+/2fcf7d677bcebae5a00db43938460bcce267149e",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/nfc/tags/ce_t4t.cc"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 5507.0,
                "function_hash": "104878374239606386092160028817565736155"
            },
            "id": "ASB-A-221862119-aa044d21",
            "source": "https://android.googlesource.com/platform/system/nfc/+/2fcf7d677bcebae5a00db43938460bcce267149e",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/nfc/tags/ce_t4t.cc",
                "function": "ce_t4t_data_cback"
            },
            "signature_type": "Function"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/system/nfc/+/2fcf7d677bcebae5a00db43938460bcce267149e"
    ],
    "spl": "2022-06-01",
    "severity": "Critical",
    "types": [
        "RCE"
    ]
}

Android / platform/system/nfc

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
11:0
Fixed
11:2022-06-01

Affected versions

Other

11

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "288755587739503399973484087706792439868",
                    "235957353039854732531163373805571340181",
                    "178676705441890409717555889950227732401",
                    "126937206315459210288597319086747904932"
                ]
            },
            "id": "ASB-A-221862119-5b367f01",
            "source": "https://android.googlesource.com/platform/system/nfc/+/2fcf7d677bcebae5a00db43938460bcce267149e",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/nfc/tags/ce_t4t.cc"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 5507.0,
                "function_hash": "104878374239606386092160028817565736155"
            },
            "id": "ASB-A-221862119-91204f54",
            "source": "https://android.googlesource.com/platform/system/nfc/+/2fcf7d677bcebae5a00db43938460bcce267149e",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/nfc/tags/ce_t4t.cc",
                "function": "ce_t4t_data_cback"
            },
            "signature_type": "Function"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/system/nfc/+/2fcf7d677bcebae5a00db43938460bcce267149e"
    ],
    "spl": "2022-06-01",
    "severity": "Critical",
    "types": [
        "RCE"
    ]
}

Android / platform/system/nfc

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
12:0
Fixed
12:2022-06-01

Affected versions

Other

12

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "288755587739503399973484087706792439868",
                    "235957353039854732531163373805571340181",
                    "178676705441890409717555889950227732401",
                    "126937206315459210288597319086747904932"
                ]
            },
            "id": "ASB-A-221862119-5008a5a6",
            "source": "https://android.googlesource.com/platform/system/nfc/+/2fcf7d677bcebae5a00db43938460bcce267149e",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/nfc/tags/ce_t4t.cc"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 5507.0,
                "function_hash": "104878374239606386092160028817565736155"
            },
            "id": "ASB-A-221862119-bb145cbc",
            "source": "https://android.googlesource.com/platform/system/nfc/+/2fcf7d677bcebae5a00db43938460bcce267149e",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/nfc/tags/ce_t4t.cc",
                "function": "ce_t4t_data_cback"
            },
            "signature_type": "Function"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/system/nfc/+/2fcf7d677bcebae5a00db43938460bcce267149e"
    ],
    "spl": "2022-06-01",
    "severity": "Critical",
    "types": [
        "RCE"
    ]
}

Android / platform/system/nfc

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
12L:0
Fixed
12L:2022-06-01

Affected versions

Other

12L

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "288755587739503399973484087706792439868",
                    "235957353039854732531163373805571340181",
                    "178676705441890409717555889950227732401",
                    "126937206315459210288597319086747904932"
                ]
            },
            "id": "ASB-A-221862119-4be8c439",
            "source": "https://android.googlesource.com/platform/system/nfc/+/2fcf7d677bcebae5a00db43938460bcce267149e",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/nfc/tags/ce_t4t.cc"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 5507.0,
                "function_hash": "104878374239606386092160028817565736155"
            },
            "id": "ASB-A-221862119-ace169cf",
            "source": "https://android.googlesource.com/platform/system/nfc/+/2fcf7d677bcebae5a00db43938460bcce267149e",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/nfc/tags/ce_t4t.cc",
                "function": "ce_t4t_data_cback"
            },
            "signature_type": "Function"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/system/nfc/+/2fcf7d677bcebae5a00db43938460bcce267149e"
    ],
    "spl": "2022-06-01",
    "severity": "Critical",
    "types": [
        "RCE"
    ]
}