PUB-A-174846563
See a problem?- Import Source
- https://storage.googleapis.com/android-osv-test/PUB-A-174846563.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/PUB-A-174846563
- Aliases
-
- A-174846563
- CVE-2022-20154
- Published
- 2022-06-01T00:00:00Z
- Modified
- 2025-08-06T16:29:06.385449Z
- Summary
- [none]
- Details
-
In locksocknested of sock.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
- References
Affected packages
Android / :linux_kernel:
Package
- Name
- :linux_kernel:
Ecosystem specific
{
"severity": "Moderate",
"types": [
"EoP"
],
"vanir_signatures": [
{
"id": "PUB-A-174846563-106ccc13",
"signature_version": "v1",
"target": {
"file": "net/sctp/diag.c"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"23347061211291941481806857906102284911",
"177002230662709273784008017188721606951",
"48376934442674723451773150477588234907",
"182299074923096271849129184776724678993",
"338676634134201886380325063000256267269",
"291290793429430997008888280029755099487",
"144172288641749097597953834940837677490",
"336369842191703597786746992019606580619",
"71065391040256152326279089265785663849",
"323652614636588655306470968658792666077",
"85746989684007224125230686831696881199",
"59410769388531461730540176810929051063",
"217131076971137137259778968319834908859",
"158810023086232955152764885098882485330",
"338676634134201886380325063000256267269",
"135099952024222933799081601528028364426",
"97021692627629513048798716597852309642",
"86193371296286845210734849710227024821",
"297085228972537975585287790301781137066",
"266439521223484594231214930226963099212",
"271182323383272205431929266079022407078"
]
},
"deprecated": false,
"source": "https://android.googlesource.com/kernel/common/+/769d14abd35e0",
"signature_type": "Line"
},
{
"id": "PUB-A-174846563-143af40f",
"signature_version": "v1",
"target": {
"function": "sctp_endpoint_hold",
"file": "net/sctp/endpointola.c"
},
"digest": {
"length": 76.0,
"function_hash": "289627938984407819320593096123563229491"
},
"deprecated": false,
"source": "https://android.googlesource.com/kernel/common/+/769d14abd35e0",
"signature_type": "Function"
},
{
"id": "PUB-A-174846563-1541fde2",
"signature_version": "v1",
"target": {
"file": "include/net/sctp/structs.h"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"309383236726669950585157689903458752515",
"88260067284349508674870075420060564826",
"155292910023572277903270872531702950838",
"134290720386689805509421112861744409388",
"137027131051176327367587178198067611650",
"105526423192713990914016495304444566670",
"6131714833563070702088356873832316837",
"270597856673008406909092052482272803316"
]
},
"deprecated": false,
"source": "https://android.googlesource.com/kernel/common/+/769d14abd35e0",
"signature_type": "Line"
},
{
"id": "PUB-A-174846563-1630c632",
"signature_version": "v1",
"target": {
"function": "sctp_for_each_transport",
"file": "net/sctp/socket.c"
},
"digest": {
"length": 607.0,
"function_hash": "163259973829971906389599524297629906217"
},
"deprecated": false,
"source": "https://android.googlesource.com/kernel/common/+/769d14abd35e0",
"signature_type": "Function"
},
{
"id": "PUB-A-174846563-22e1eacf",
"signature_version": "v1",
"target": {
"function": "sctp_sock_dump",
"file": "net/sctp/diag.c"
},
"digest": {
"length": 1260.0,
"function_hash": "126825142230646115460025181308384348397"
},
"deprecated": false,
"source": "https://android.googlesource.com/kernel/common/+/769d14abd35e0",
"signature_type": "Function"
},
{
"id": "PUB-A-174846563-7f204eef",
"signature_version": "v1",
"target": {
"file": "include/net/sctp/sctp.h"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"21029744086309906970192052545801022644",
"106626585854412762394079991574934827856",
"50472161052762845031951012452900617485",
"161416688380122876796813718749523477740",
"201400781867629564491302620713910763644",
"135879850248734875220118336854112733897",
"237041325697964225834429682552458975556",
"41173980032348538667588302154121489846",
"113562329963194921225501512825865264236"
]
},
"deprecated": false,
"source": "https://android.googlesource.com/kernel/common/+/769d14abd35e0",
"signature_type": "Line"
},
{
"id": "PUB-A-174846563-8b402d12",
"signature_version": "v1",
"target": {
"file": "net/sctp/socket.c"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"77193003971849626018765633387649046973",
"82115348930108064197334200024154074498",
"269294668493860627699164151471595859596",
"43650239782021040008766962902246222476",
"163270045153988776586878691775726133960",
"315911071379310057430653051766749740245",
"186201964194282393744418514394443606371",
"296980782533405293265090397253198875652",
"270293343885687206722616696434647117664",
"121785418128703810881838935323955722146",
"52695996913667367082078284090442762055",
"36214710859350875217012576783547298531",
"165385393037156771776296065381759236306",
"340103536046995691884541934066684729201",
"267199293733246693683458233170125595373",
"46958561471194245189831729508447736562",
"44096646829538136613692942564487221239",
"69887669591234300476500013493416067482",
"287433118589882673733146831615774929913",
"207011356434488265614941819158240886511",
"25771891663138874142886022233768142948",
"101958866392095468117239515781232537850",
"2021272789740270285622707479131571873",
"112722235892719158983243476694290259423",
"9146097746976765165105370416997648494",
"322296279780217818017213369637734780454",
"233689922645175987651037017009216159089",
"115220128488945262303025556472777370136",
"91704628221969302552468011035767942819"
]
},
"deprecated": false,
"source": "https://android.googlesource.com/kernel/common/+/769d14abd35e0",
"signature_type": "Line"
},
{
"id": "PUB-A-174846563-a0e935f9",
"signature_version": "v1",
"target": {
"file": "net/sctp/endpointola.c"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"136705704668287840838098663425903034513",
"209011007118665923910912207593411207834",
"195304914403678243150676024956944031826",
"234261603079972679903775017704876541856",
"160982432776247276356533607157783564410",
"231748902300842946121468390622158524838",
"105702593457023692281795196419238299983",
"166824963132324437765813543408167983364",
"251960731091318363314892629619975711501",
"208190353853242567467607915468660235125",
"102563894740154053488831973439967749797",
"219675865577385818886984314696480683657",
"27342335990728957538735726433258772481",
"328276165476366546641643445894555965025"
]
},
"deprecated": false,
"source": "https://android.googlesource.com/kernel/common/+/769d14abd35e0",
"signature_type": "Line"
},
{
"id": "PUB-A-174846563-c6208bdd",
"signature_version": "v1",
"target": {
"function": "sctp_endpoint_destroy",
"file": "net/sctp/endpointola.c"
},
"digest": {
"length": 618.0,
"function_hash": "95825773360939100849072090054173255776"
},
"deprecated": false,
"source": "https://android.googlesource.com/kernel/common/+/769d14abd35e0",
"signature_type": "Function"
},
{
"id": "PUB-A-174846563-cf1e5d11",
"signature_version": "v1",
"target": {
"function": "sctp_sock_filter",
"file": "net/sctp/diag.c"
},
"digest": {
"length": 436.0,
"function_hash": "219892017511828597570517694760514253467"
},
"deprecated": false,
"source": "https://android.googlesource.com/kernel/common/+/769d14abd35e0",
"signature_type": "Function"
}
],
"fixes": [
"https://android.googlesource.com/kernel/common/+/769d14abd35e0"
],
"spl": "2022-06-05"
}