PUB-A-186777253
See a problem?- Import Source
- https://storage.googleapis.com/android-osv-test/PUB-A-186777253.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/PUB-A-186777253
- Aliases
-
- A-186777253
- CVE-2022-20567
- Published
- 2022-12-01T00:00:00Z
- Modified
- 2025-08-06T16:29:06.385449Z
- Summary
- [none]
- Details
-
In pppol2tpcreate of l2tpppp.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
- References
Affected packages
Android / :linux_kernel:
Package
- Name
- :linux_kernel:
Ecosystem specific
{
"vanir_signatures": [
{
"source": "https://android.googlesource.com/kernel/common/+/d02ba2a6110c5",
"deprecated": true,
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "293984007239053792393002895464783282289",
"length": 708.0
},
"target": {
"file": "net/l2tp/l2tp_ppp.c",
"function": "pppol2tp_release"
},
"id": "PUB-A-186777253-041ee520"
},
{
"source": "https://android.googlesource.com/kernel/common/+/d02ba2a6110c5",
"deprecated": true,
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "294323057906760878418382000322794272363",
"length": 43.0
},
"target": {
"file": "net/l2tp/l2tp_ppp.c",
"function": "pppol2tp_session_close"
},
"id": "PUB-A-186777253-2e567b5b"
},
{
"source": "https://android.googlesource.com/kernel/common/+/d02ba2a6110c5",
"deprecated": true,
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "179991157583453353224773042644488684840",
"length": 3544.0
},
"target": {
"file": "net/l2tp/l2tp_ppp.c",
"function": "pppol2tp_connect"
},
"id": "PUB-A-186777253-a6479973"
},
{
"source": "https://android.googlesource.com/kernel/common/+/d02ba2a6110c5",
"deprecated": true,
"signature_version": "v1",
"signature_type": "Line",
"digest": {
"threshold": 0.9,
"line_hashes": [
"182575051683400380894931960465293460270",
"178685753806527130145939611568819884419",
"1850072516964299076477752515431673895",
"332746003126512090385663152750660538099",
"206715486598414753925392972716920301690",
"71400679277680896932837079796425395426",
"52746169369468941750131996301860850276",
"47713611854444832082430249605267926768",
"312358480221979996624868449781133313041",
"116484125823057526067427707721472790146",
"36066541622731380503384552113773384435",
"140185265788267237192731343539310953229",
"34664956656419341483458889974431153939",
"295647392400199681034677004623530328573",
"242692838826234447879834060495856024542",
"309854533319731977087622714040827150998",
"260525937409788536081871254994411721615",
"325981076631152990338264140109668736596",
"280884623113486045427139145984924434869",
"20950005889287422430746244900880981558",
"199177039509902887901200996447003166286",
"87982770161656980593901281082091981266",
"290949446441369329208060232601829821831",
"57367772676137029855556717275743339173",
"340156842807021020085066718868762490465",
"101687731321824427313606518344132316024",
"22980883861224778956930368535141501497",
"115447318389753219609202532772862615552",
"155719772197767006418480617187557229696",
"39807439234609645250469819326420967718",
"300382491838275244404742426395349211203",
"77406491546908208741540789261563928343"
]
},
"target": {
"file": "net/l2tp/l2tp_ppp.c"
},
"id": "PUB-A-186777253-cfc1c5c7"
}
],
"types": [
"EoP"
],
"fixes": [
"https://android.googlesource.com/kernel/common/+/d02ba2a6110c5"
],
"spl": "2022-12-05",
"severity": "Moderate"
}