ASB-A-237540956

See a problem?

Import Source

https://storage.googleapis.com/android-osv-test/ASB-A-237540956.json

JSON Data

https://api.test.osv.dev/v1/vulns/ASB-A-237540956

Aliases

A-237540956
CVE-2022-20422

Published

2022-10-01T00:00:00Z

Modified

2025-08-06T16:29:06.385449Z

Summary

[none]

Details

In emulationprochandler of armv8_deprecated.c, there is a possible way to corrupt memory due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

References

Affected packages

Android / :linux_kernel:

Package

Name: :linux_kernel:

Affected ranges

Type: ECOSYSTEM
Events: Introduced

:0

Fixed

:2022-10-05

Affected versions

Other

Kernel

Ecosystem specific

{
    "spl": "2022-10-05",
    "severity": "High",
    "types": [
        "EoP"
    ],
    "vanir_signatures": [
        {
            "id": "ASB-A-237540956-2b776679",
            "deprecated": false,
            "signature_version": "v1",
            "signature_type": "Line",
            "target": {
                "file": "arch/arm64/kernel/armv8_deprecated.c"
            },
            "digest": {
                "line_hashes": [
                    "1960440008552637471522873735239669356",
                    "71844346838708569953038098060445377091",
                    "106624606123905936178813100954168939776",
                    "188858779439744046596293998490388425982",
                    "7998542420089299705562643897603328374",
                    "79396103650214263694030792217223562231",
                    "328689374300287942133517738301719913541",
                    "35230617379854447449197200111902401572",
                    "97230348670262614986427894498271489776",
                    "44336810520464106678161697200492986320",
                    "229247971708747393122600108442160232851",
                    "322694686092827087889234089072531928242",
                    "16530959085057227706431841715011493790",
                    "20727372310159674985234954931761826626",
                    "325466685051034611159332988025943913907",
                    "192153659792134627944417308329088738987",
                    "214527160207516761093630398328987179082",
                    "107808490887006591694422837588088027843"
                ],
                "threshold": 0.9
            },
            "source": "https://android.googlesource.com/kernel/common/+/885349f53dd73"
        },
        {
            "id": "ASB-A-237540956-38dedc93",
            "deprecated": false,
            "signature_version": "v1",
            "signature_type": "Function",
            "target": {
                "file": "arch/arm64/kernel/armv8_deprecated.c",
                "function": "emulation_proc_handler"
            },
            "digest": {
                "function_hash": "208061974099580248824470922620832625234",
                "length": 506.0
            },
            "source": "https://android.googlesource.com/kernel/common/+/885349f53dd73"
        },
        {
            "id": "ASB-A-237540956-c6741cac",
            "deprecated": false,
            "signature_version": "v1",
            "signature_type": "Function",
            "target": {
                "file": "arch/arm64/kernel/armv8_deprecated.c",
                "function": "register_insn_emulation_sysctl"
            },
            "digest": {
                "function_hash": "34727716310740305401880678320967446606",
                "length": 630.0
            },
            "source": "https://android.googlesource.com/kernel/common/+/885349f53dd73"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/kernel/common/+/885349f53dd73"
    ]
}