ASB-A-253167854
See a problem?- Import Source
- https://storage.googleapis.com/android-osv-test/ASB-A-253167854.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/ASB-A-253167854
- Aliases
-
- A-253167854
- CVE-2022-42703
- Published
- 2023-07-01T00:00:00Z
- Modified
- 2025-08-06T16:29:06.385449Z
- Summary
- [none]
- Details
-
In multiple functions of rmap.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.
- References
Affected packages
Android / :linux_kernel:
Package
- Name
- :linux_kernel:
Ecosystem specific
{
"spl": "2023-07-05",
"types": [
"EoP"
],
"vanir_signatures": [
{
"id": "ASB-A-253167854-2c699e73",
"deprecated": false,
"digest": {
"length": 687.0,
"function_hash": "413876971249427366280981010431739294"
},
"target": {
"file": "mm/rmap.c",
"function": "anon_vma_fork"
},
"source": "https://android.googlesource.com/kernel/common/+/4158b1508f2b1",
"signature_type": "Function",
"signature_version": "v1"
},
{
"id": "ASB-A-253167854-31b68f72",
"deprecated": false,
"digest": {
"length": 235.0,
"function_hash": "294861604179330059374891161424076166122"
},
"target": {
"file": "mm/rmap.c",
"function": "anon_vma_alloc"
},
"source": "https://android.googlesource.com/kernel/common/+/4158b1508f2b1",
"signature_type": "Function",
"signature_version": "v1"
},
{
"id": "ASB-A-253167854-4acc8175",
"deprecated": false,
"digest": {
"line_hashes": [
"53962649639763233970948212694881421515",
"84884910008937723792924890095741653296",
"289867361511434814136123946885745888236",
"245903668714838938944946366142246911878",
"7504442450920536846254297967102986599",
"170665496767246331176487875624775263605",
"168699009635849469993220089260387118541",
"182287695170942524395419799087063004871",
"533866088722823609017455530673486983",
"313027068298794090365486964410309829326",
"336493157822611584327939368899964601960",
"296119125086239714642941165376460712027",
"266265758359309360185401581924675077206",
"36622159241989234324490422552343211678",
"114366509948682029070596655782548042949",
"193938668713863072987745587723473057740",
"42832006219450414687602044916665859861",
"147238279415313911581832328879523818383",
"42702638619284906314173202170468475595",
"186413678602772043095760350576427708437",
"173048368773596193194083044067328405448",
"158166927491439700286848852333255255347",
"301527743379964096980997933040507532404",
"71612227596357554682401515725270920600",
"299490904399019313452172412026378390492",
"71962879047266613195068785033495330736",
"308375586868443743926771849697112842787",
"5695837694089487521148948934220922801",
"11497727573043574341907238339817413282",
"287641481904851358730420512354555018348",
"112298026522885300470890549776052790709",
"314490892413925017290992948475146194491",
"78541310617131215065574220616429276473",
"222249550039722999987906512185799461883",
"267222439639796914251981434040591952207",
"187465436170710299502948888589123844046",
"85196756190627545801528378347478082423",
"271120847853824052285664116129678105206",
"293007435426808708732828541317132284138",
"195561005819661276361807507816859137686",
"301682403224686008359860802743155404003"
],
"threshold": 0.9
},
"target": {
"file": "mm/rmap.c"
},
"source": "https://android.googlesource.com/kernel/common/+/4158b1508f2b1",
"signature_type": "Line",
"signature_version": "v1"
},
{
"id": "ASB-A-253167854-630a7523",
"deprecated": false,
"digest": {
"length": 749.0,
"function_hash": "248798089287116874307980156262571407947"
},
"target": {
"file": "mm/rmap.c",
"function": "__anon_vma_prepare"
},
"source": "https://android.googlesource.com/kernel/common/+/4158b1508f2b1",
"signature_type": "Function",
"signature_version": "v1"
},
{
"id": "ASB-A-253167854-8e0402c8",
"deprecated": false,
"digest": {
"line_hashes": [
"28529880573164184256702864318383047754",
"13882231745604494488027443938890665830",
"16698794253301106328322973646249352856",
"339657138332194339729048279335610990480",
"22055166315496536466008059418266599137",
"118371139073832862477863072944397281468"
],
"threshold": 0.9
},
"target": {
"file": "include/linux/rmap.h"
},
"source": "https://android.googlesource.com/kernel/common/+/4158b1508f2b1",
"signature_type": "Line",
"signature_version": "v1"
},
{
"id": "ASB-A-253167854-8e3825c2",
"deprecated": false,
"digest": {
"length": 749.0,
"function_hash": "43011515890785096118418955014559653648"
},
"target": {
"file": "mm/rmap.c",
"function": "unlink_anon_vmas"
},
"source": "https://android.googlesource.com/kernel/common/+/4158b1508f2b1",
"signature_type": "Function",
"signature_version": "v1"
},
{
"id": "ASB-A-253167854-b162bc81",
"deprecated": false,
"digest": {
"length": 706.0,
"function_hash": "253495737710119128415430282118805701955"
},
"target": {
"file": "mm/rmap.c",
"function": "anon_vma_clone"
},
"source": "https://android.googlesource.com/kernel/common/+/4158b1508f2b1",
"signature_type": "Function",
"signature_version": "v1"
}
],
"severity": "High",
"fixes": [
"https://android.googlesource.com/kernel/common/+/4158b1508f2b1"
]
}