PUB-A-190228658
See a problem?- Import Source
- https://storage.googleapis.com/android-osv-test/PUB-A-190228658.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/PUB-A-190228658
- Aliases
-
- A-190228658
- CVE-2020-25668
- Published
- 2021-12-01T00:00:00Z
- Modified
- 2025-08-06T16:29:06.385449Z
- Summary
- [none]
- Details
-
In vtdisallocate and related functions of vtioctl.c, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
- References
Affected packages
Android / :linux_kernel:
Package
- Name
- :linux_kernel:
Ecosystem specific
{
"fixes": [
"https://android.googlesource.com/kernel/common/+/90bfdeef83f1d6c696039b6a917190dcbbad3220"
],
"vanir_signatures": [
{
"id": "PUB-A-190228658-016fa123",
"source": "https://android.googlesource.com/kernel/common/+/90bfdeef83f1d6c696039b6a917190dcbbad3220",
"digest": {
"function_hash": "320524514287153616664612375516415842603",
"length": 350.0
},
"deprecated": false,
"signature_type": "Function",
"target": {
"function": "vt_io_fontreset",
"file": "drivers/tty/vt/vt_ioctl.c"
},
"signature_version": "v1"
},
{
"id": "PUB-A-190228658-1c8719c3",
"source": "https://android.googlesource.com/kernel/common/+/90bfdeef83f1d6c696039b6a917190dcbbad3220",
"digest": {
"function_hash": "123379609194559407213349497570049690536",
"length": 1420.0
},
"deprecated": false,
"signature_type": "Function",
"target": {
"function": "vt_io_ioctl",
"file": "drivers/tty/vt/vt_ioctl.c"
},
"signature_version": "v1"
},
{
"id": "PUB-A-190228658-92a578a9",
"source": "https://android.googlesource.com/kernel/common/+/90bfdeef83f1d6c696039b6a917190dcbbad3220",
"digest": {
"function_hash": "21673407689687884799699283846099975468",
"length": 981.0
},
"deprecated": false,
"signature_type": "Function",
"target": {
"function": "vt_compat_ioctl",
"file": "drivers/tty/vt/vt_ioctl.c"
},
"signature_version": "v1"
},
{
"id": "PUB-A-190228658-bb952784",
"source": "https://android.googlesource.com/kernel/common/+/90bfdeef83f1d6c696039b6a917190dcbbad3220",
"digest": {
"line_hashes": [
"339318955935566238894797154670352448141",
"52473511985278061307118909538197820511",
"14241356784787676403380073642511860867",
"4840435229461463805135614009109279981",
"193251870028668531143654907883630318680",
"76671241567989619843012225013715374788",
"36227994611078500768531564382436145467",
"17663988733732760316303670167847957639",
"334368919244210623440243307908880319048",
"97461829736666685860691754017211782552",
"283672804061310620485000355904474368641",
"209154792166409727085931354551200899330",
"221605191078709178005291809373297750338",
"41652880990043750245063982717695049634",
"329746549475812398531662313491889082449",
"44293113810174502407274222737010675938",
"159386606834179171458643018365065513066",
"91200151630416972775377919419751362641",
"186252686675887537604302782765257731690",
"256645544509915613900271085352827267251",
"325373102407970744956133835909309031518",
"130892587925190200089015442646354230328",
"53510262037820686127299913191542504537",
"200781363180425492197760186504321312356",
"220402906669558717969931235484055812836",
"188106044884831820922210477570225486008",
"102693788235384447728725686878242650882",
"282858371804787400131193688494927173591",
"202947038146959579408650081105149474883",
"319527320083573028380537427564122220942",
"67974500844413565824343035624398598797",
"329123168778719218660304018634612854998",
"319622724463286856257180369436838015200",
"94642231781883791479847394401293752342",
"45757198703673773617379750191028008574",
"79739477850492317997523536532889058516",
"155502695325061490118846311716247781023",
"94474551175898975745648982654613025473",
"71220907524210199308756354906632726429",
"141757713669372678346264787834221009276",
"290724741279069592794193113354952234680",
"233495515326924098346787705063477447340",
"26513164058354690104627936292620767390",
"276145860660228416456071072470635641934",
"193990475142698296596040731161381947782",
"227524204023472100369279916894754172465",
"49393411096494687886251550689300655751",
"150478141626188525357095467802486487709",
"139647094379519956955060532432999923177",
"127253321143764917761205060463092772221",
"336716673708444832873152717964862760234",
"225024513400030738774311875925666318973",
"192921137829268178244579430861911863933",
"126057527193692498022004877645552446004",
"201173808609202219366200805379713068071",
"158626861132342953584340741510583921645",
"217116196911247519479749740586419750777",
"63957189953770948392814349251734472439",
"115317807447071128516106744625119102257",
"283514182505692854108507286645933699763",
"44293113810174502407274222737010675938",
"66269928344842405050727123257223602656",
"154825112293599695489202423679013747278",
"147691884752377195513097120138840038419",
"40261203041819225195009035203128960179"
],
"threshold": 0.9
},
"deprecated": false,
"signature_type": "Line",
"target": {
"file": "drivers/tty/vt/vt_ioctl.c"
},
"signature_version": "v1"
},
{
"id": "PUB-A-190228658-ce8d82a3",
"source": "https://android.googlesource.com/kernel/common/+/90bfdeef83f1d6c696039b6a917190dcbbad3220",
"digest": {
"function_hash": "265661849656946814830300185156494280730",
"length": 1015.0
},
"deprecated": false,
"signature_type": "Function",
"target": {
"function": "compat_fontx_ioctl",
"file": "drivers/tty/vt/vt_ioctl.c"
},
"signature_version": "v1"
},
{
"id": "PUB-A-190228658-f17dc376",
"source": "https://android.googlesource.com/kernel/common/+/90bfdeef83f1d6c696039b6a917190dcbbad3220",
"digest": {
"function_hash": "210088323691146164844005191935771770202",
"length": 947.0
},
"deprecated": false,
"signature_type": "Function",
"target": {
"function": "do_fontx_ioctl",
"file": "drivers/tty/vt/vt_ioctl.c"
},
"signature_version": "v1"
}
],
"severity": "Moderate",
"types": [
"EoP"
],
"spl": "2021-12-05"
}