ASB-A-237288416

See a problem?
Import Source
https://storage.googleapis.com/android-osv/ASB-A-237288416.json
JSON Data
https://api.osv.dev/v1/vulns/ASB-A-237288416
Aliases
  • A-237288416
  • CVE-2022-20417
Published
2022-10-01T00:00:00Z
Modified
2024-08-07T19:29:05.068427Z
Summary
[Out of Bounds Write in audioProfileToHal Function in HidlUtils.cpp in android.hardware.audio.common@7.0-util]
Details

In audioTransportsToHal of HidlUtils.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

References

Affected packages

Android / platform/hardware/interfaces

Affected ranges

Type
ECOSYSTEM
Events
Introduced
12:0
Fixed
12:2022-10-01

Affected versions

Other

12

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "269344792656577092001110833540011432940",
                    "24566917316876822633373775224199387841",
                    "326563767327415897676849247084034620501",
                    "296721903556534197228020912422928613838",
                    "98664012303234856457986909474349887885",
                    "242909748081190874474530485925527046198",
                    "337480627864806466889618801044925771695",
                    "32976967712788725498324097883947031232"
                ]
            },
            "id": "ASB-A-237288416-43d39542",
            "source": "https://android.googlesource.com/platform/hardware/interfaces/+/f16c6d3a5741768356159f099d04bfe2219c81fe",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "audio/common/all-versions/default/7.0/HidlUtils.cpp"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 1096.0,
                "function_hash": "127934060083940188991457240859462848395"
            },
            "id": "ASB-A-237288416-8447b692",
            "source": "https://android.googlesource.com/platform/hardware/interfaces/+/f16c6d3a5741768356159f099d04bfe2219c81fe",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "audio/common/all-versions/default/tests/hidlutils_tests.cpp",
                "function": "TEST"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 1770.0,
                "function_hash": "30693180149815436432511666337241282332"
            },
            "id": "ASB-A-237288416-8916973c",
            "source": "https://android.googlesource.com/platform/hardware/interfaces/+/f16c6d3a5741768356159f099d04bfe2219c81fe",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "audio/common/all-versions/default/7.0/HidlUtils.cpp",
                "function": "HidlUtils::audioTransportsToHal"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 978.0,
                "function_hash": "168160430229648601525038002173658487200"
            },
            "id": "ASB-A-237288416-969a65de",
            "source": "https://android.googlesource.com/platform/hardware/interfaces/+/f16c6d3a5741768356159f099d04bfe2219c81fe",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "audio/common/all-versions/default/tests/hidlutils_tests.cpp",
                "function": "TEST"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "172186339874870091662576372895279208413",
                    "227349891284322899533340354059474595611",
                    "186519563238785187792249710978779741919",
                    "110617716582878860557393456367871608803",
                    "43366630099968855310673323885673129606",
                    "131451768960244202058325825301537495331",
                    "78935328830424581718176604854654660458",
                    "306341795472413105250127479060524261756",
                    "16834518065203268661284590998142718197",
                    "299064499527370160859152552006985321520",
                    "180805790256931266346711168313089126423",
                    "170095354208668041088633580278233745834",
                    "33521963547965584930512648087844251698",
                    "114610901870909908359583640191322919081",
                    "212452195949018653488913703488818546503",
                    "153444376759287560523706886364648112712",
                    "29528458756198696541044575576555735593",
                    "48063698236143321999460836226503716002",
                    "172446838531745295337624745295579102534",
                    "183608570636346057331731099513885835857"
                ]
            },
            "id": "ASB-A-237288416-cc0a349a",
            "source": "https://android.googlesource.com/platform/hardware/interfaces/+/f16c6d3a5741768356159f099d04bfe2219c81fe",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "audio/common/all-versions/default/tests/hidlutils_tests.cpp"
            },
            "signature_type": "Line"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/hardware/interfaces/+/f16c6d3a5741768356159f099d04bfe2219c81fe"
    ],
    "spl": "2022-10-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}

Android / platform/hardware/interfaces

Affected ranges

Type
ECOSYSTEM
Events
Introduced
12L:0
Fixed
12L:2022-10-01

Affected versions

Other

12L

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 1096.0,
                "function_hash": "127934060083940188991457240859462848395"
            },
            "id": "ASB-A-237288416-624746e3",
            "source": "https://android.googlesource.com/platform/hardware/interfaces/+/f16c6d3a5741768356159f099d04bfe2219c81fe",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "audio/common/all-versions/default/tests/hidlutils_tests.cpp",
                "function": "TEST"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "269344792656577092001110833540011432940",
                    "24566917316876822633373775224199387841",
                    "326563767327415897676849247084034620501",
                    "296721903556534197228020912422928613838",
                    "98664012303234856457986909474349887885",
                    "242909748081190874474530485925527046198",
                    "337480627864806466889618801044925771695",
                    "32976967712788725498324097883947031232"
                ]
            },
            "id": "ASB-A-237288416-793669b5",
            "source": "https://android.googlesource.com/platform/hardware/interfaces/+/f16c6d3a5741768356159f099d04bfe2219c81fe",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "audio/common/all-versions/default/7.0/HidlUtils.cpp"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "172186339874870091662576372895279208413",
                    "227349891284322899533340354059474595611",
                    "186519563238785187792249710978779741919",
                    "110617716582878860557393456367871608803",
                    "43366630099968855310673323885673129606",
                    "131451768960244202058325825301537495331",
                    "78935328830424581718176604854654660458",
                    "306341795472413105250127479060524261756",
                    "16834518065203268661284590998142718197",
                    "299064499527370160859152552006985321520",
                    "180805790256931266346711168313089126423",
                    "170095354208668041088633580278233745834",
                    "33521963547965584930512648087844251698",
                    "114610901870909908359583640191322919081",
                    "212452195949018653488913703488818546503",
                    "153444376759287560523706886364648112712",
                    "29528458756198696541044575576555735593",
                    "48063698236143321999460836226503716002",
                    "172446838531745295337624745295579102534",
                    "183608570636346057331731099513885835857"
                ]
            },
            "id": "ASB-A-237288416-adc2b4d4",
            "source": "https://android.googlesource.com/platform/hardware/interfaces/+/f16c6d3a5741768356159f099d04bfe2219c81fe",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "audio/common/all-versions/default/tests/hidlutils_tests.cpp"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 1770.0,
                "function_hash": "30693180149815436432511666337241282332"
            },
            "id": "ASB-A-237288416-afdf4864",
            "source": "https://android.googlesource.com/platform/hardware/interfaces/+/f16c6d3a5741768356159f099d04bfe2219c81fe",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "audio/common/all-versions/default/7.0/HidlUtils.cpp",
                "function": "HidlUtils::audioTransportsToHal"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 978.0,
                "function_hash": "168160430229648601525038002173658487200"
            },
            "id": "ASB-A-237288416-f7a4863c",
            "source": "https://android.googlesource.com/platform/hardware/interfaces/+/f16c6d3a5741768356159f099d04bfe2219c81fe",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "audio/common/all-versions/default/tests/hidlutils_tests.cpp",
                "function": "TEST"
            },
            "signature_type": "Function"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/hardware/interfaces/+/f16c6d3a5741768356159f099d04bfe2219c81fe"
    ],
    "spl": "2022-10-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}

Android / platform/hardware/interfaces

Affected ranges

Type
ECOSYSTEM
Events
Introduced
13:0
Fixed
13:2022-10-01

Affected versions

Other

13

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 1770.0,
                "function_hash": "30693180149815436432511666337241282332"
            },
            "id": "ASB-A-237288416-4f25a94a",
            "source": "https://android.googlesource.com/platform/hardware/interfaces/+/f16c6d3a5741768356159f099d04bfe2219c81fe",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "audio/common/all-versions/default/7.0/HidlUtils.cpp",
                "function": "HidlUtils::audioTransportsToHal"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 978.0,
                "function_hash": "168160430229648601525038002173658487200"
            },
            "id": "ASB-A-237288416-a573497b",
            "source": "https://android.googlesource.com/platform/hardware/interfaces/+/f16c6d3a5741768356159f099d04bfe2219c81fe",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "audio/common/all-versions/default/tests/hidlutils_tests.cpp",
                "function": "TEST"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "172186339874870091662576372895279208413",
                    "227349891284322899533340354059474595611",
                    "186519563238785187792249710978779741919",
                    "110617716582878860557393456367871608803",
                    "43366630099968855310673323885673129606",
                    "131451768960244202058325825301537495331",
                    "78935328830424581718176604854654660458",
                    "306341795472413105250127479060524261756",
                    "16834518065203268661284590998142718197",
                    "299064499527370160859152552006985321520",
                    "180805790256931266346711168313089126423",
                    "170095354208668041088633580278233745834",
                    "33521963547965584930512648087844251698",
                    "114610901870909908359583640191322919081",
                    "212452195949018653488913703488818546503",
                    "153444376759287560523706886364648112712",
                    "29528458756198696541044575576555735593",
                    "48063698236143321999460836226503716002",
                    "172446838531745295337624745295579102534",
                    "183608570636346057331731099513885835857"
                ]
            },
            "id": "ASB-A-237288416-e993c7ca",
            "source": "https://android.googlesource.com/platform/hardware/interfaces/+/f16c6d3a5741768356159f099d04bfe2219c81fe",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "audio/common/all-versions/default/tests/hidlutils_tests.cpp"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "269344792656577092001110833540011432940",
                    "24566917316876822633373775224199387841",
                    "326563767327415897676849247084034620501",
                    "296721903556534197228020912422928613838",
                    "98664012303234856457986909474349887885",
                    "242909748081190874474530485925527046198",
                    "337480627864806466889618801044925771695",
                    "32976967712788725498324097883947031232"
                ]
            },
            "id": "ASB-A-237288416-eb8aed6d",
            "source": "https://android.googlesource.com/platform/hardware/interfaces/+/f16c6d3a5741768356159f099d04bfe2219c81fe",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "audio/common/all-versions/default/7.0/HidlUtils.cpp"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 1096.0,
                "function_hash": "127934060083940188991457240859462848395"
            },
            "id": "ASB-A-237288416-f3da1b2f",
            "source": "https://android.googlesource.com/platform/hardware/interfaces/+/f16c6d3a5741768356159f099d04bfe2219c81fe",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "audio/common/all-versions/default/tests/hidlutils_tests.cpp",
                "function": "TEST"
            },
            "signature_type": "Function"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/hardware/interfaces/+/f16c6d3a5741768356159f099d04bfe2219c81fe"
    ],
    "spl": "2022-10-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}