ASB-A-174737879
See a problem?- Import Source
- https://storage.googleapis.com/android-osv-test/ASB-A-174737879.json
- JSON Data
- https://api.osv.dev/v1/vulns/ASB-A-174737879
- Aliases
-
- A-174737879
- CVE-2020-29374
- Published
- 2023-08-01T00:00:00Z
- Modified
- 2024-09-19T16:27:48.387854Z
- Summary
- Android Vomit Report
- Details
-
In multiple locations, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
- References
-
- https://source.android.com/security/bulletin/2023-08-01
- https://android.googlesource.com/kernel/common/+/a308c71bf1e6e
- https://android.googlesource.com/kernel/common/+/52d1e606ee733
- https://android.googlesource.com/kernel/common/+/1a0cf26323c8
- https://android.googlesource.com/kernel/common/+/09854ba94c6a
- https://android.googlesource.com/kernel/common/+/be068f2903
- https://android.googlesource.com/kernel/common/+/17839856fd588
Affected packages
Android / :linux_kernel:
Package
- Name
- :linux_kernel:
Ecosystem specific
{
"vanir_signatures": [
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"174976490296946991246910277352102408256",
"244294158023364689983675256562614999810",
"80615053076251239769930300325208135444",
"57170684908740387172301021707914018345",
"257952295658745104923910458787775428265",
"278846859602014634913390169143373603383",
"179533537749381961794230495007146899963",
"328378694140903536589676389307498063010",
"274432487139958405702893068273075187953",
"214438643548237675683311928681715806787",
"315417227101848360375116881730912800699",
"48047593146948675454976647461453380853",
"238598341512853016882059856721470122842",
"43009068416818630533983324242782178614",
"51115585563120211361192828290020388836",
"229775904767502691676820898904917182855",
"245788646849712757263769463415113672550",
"209791104305673750527845675522338646552",
"223176870461756529715843356909920811256",
"243854175057511934298961746738395030129",
"126230026502210687560287269242217299514",
"84249344745785425501883823569362456573",
"23819077534910201360806390356119395020",
"306757330430440958120434920063734815454",
"55032739140385669917955147191959873036",
"75903480179494580751448343434303954466",
"130995343249546601802277297481267068961",
"330476163437731284196900105753432037423",
"246081370125594904255358430383917657177",
"50203913314268303740113016615302880666",
"182867908146161411378661934773928993991"
]
},
"id": "ASB-A-174737879-0ebdc20f",
"source": "https://android.googlesource.com/kernel/common/+/17839856fd588",
"deprecated": true,
"signature_version": "v1",
"target": {
"file": "mm/gup.c"
},
"signature_type": "Line"
},
{
"digest": {
"length": 518.0,
"function_hash": "165122426279389289516098823215678261052"
},
"id": "ASB-A-174737879-0f28963b",
"source": "https://android.googlesource.com/kernel/common/+/1a0cf26323c8",
"deprecated": true,
"signature_version": "v1",
"target": {
"file": "mm/ksm.c",
"function": "reuse_ksm_page"
},
"signature_type": "Function"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"174976490296946991246910277352102408256",
"244294158023364689983675256562614999810",
"137771701589545585043351121653046784847",
"174348524300207821401677743342059851850",
"280702731116474624743187805277461456288",
"36599420256826756919944024829358843795",
"310037769683798400580837388012461494428",
"313845624048492157049644664436683358941",
"164241916334492394385139744372759634671",
"172105033351547033760169799795738413652",
"125060709238994796972341301262544687225",
"276116495034323647448512934867009880418",
"209442462803615263366040373913893391966",
"21299388732874036035710342143940524615",
"8247046247795230267681230054384992867",
"84993823628080464295592226947328907389",
"124072554733851780902345229763983763249",
"141288612289926815556263348836752864566",
"66512587270165169797863309843590890843",
"263761405045480318080394786788271234649",
"167755950829608680858706554221180965967",
"309425645261592962779398889432909979380",
"249949125103362902640650267451688705161",
"222720488376086064972002449873183566770",
"68918823534360708421940998788217771887",
"280760165048494398070913212822491198245",
"102004136927528652425618276180922367276",
"237892524384331407207797886562062384108",
"191950222979812338623477360875483994117",
"82858775054124511986204673659073605785"
]
},
"id": "ASB-A-174737879-26637640",
"source": "https://android.googlesource.com/kernel/common/+/a308c71bf1e6e",
"deprecated": true,
"signature_version": "v1",
"target": {
"file": "mm/gup.c"
},
"signature_type": "Line"
},
{
"digest": {
"length": 104.0,
"function_hash": "147105879230278855026062240661502510606"
},
"id": "ASB-A-174737879-27f4dfe3",
"source": "https://android.googlesource.com/kernel/common/+/1a0cf26323c8",
"deprecated": true,
"signature_version": "v1",
"target": {
"file": "include/linux/ksm.h",
"function": "reuse_ksm_page"
},
"signature_type": "Function"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"1341810836145744661755952833369946095",
"272377735385636086768192331943203756015",
"288411679720168480403672340861990712118",
"3432159655120486330813595115207109163",
"132136690186477370671829489252972625995",
"137491150483024805947569371315972650732",
"37570274988032730521147012292760795577",
"330230847599576277279490341568027934703",
"154365528037446040311002767093917427182",
"220468342564594651933480443391101960688",
"337383943962948569211479032337662057310",
"77735294097327676817989043584862376467"
]
},
"id": "ASB-A-174737879-3712937e",
"source": "https://android.googlesource.com/kernel/common/+/52d1e606ee733",
"deprecated": true,
"signature_version": "v1",
"target": {
"file": "mm/memory.c"
},
"signature_type": "Line"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"129349296596538685714957343908531318991",
"237960060259730149600909533440410807404",
"237707147744413447061047142705619213354",
"172488912318125651845608753638689648510",
"71703894152171452744817867738910319369",
"14766279862144987663834380081429099604",
"64405655513103782727341669476966651083"
]
},
"id": "ASB-A-174737879-390e217d",
"source": "https://android.googlesource.com/kernel/common/+/17839856fd588",
"deprecated": true,
"signature_version": "v1",
"target": {
"file": "mm/huge_memory.c"
},
"signature_type": "Line"
},
{
"digest": {
"length": 2038.0,
"function_hash": "91203271834135273316609377118534290573"
},
"id": "ASB-A-174737879-7a94fb48",
"source": "https://android.googlesource.com/kernel/common/+/17839856fd588",
"deprecated": true,
"signature_version": "v1",
"target": {
"file": "mm/gup.c",
"function": "__get_user_pages"
},
"signature_type": "Function"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"98359811195614673096869388462222202566",
"136388917462111906150865725933513945475",
"244883787530501208970786915564587383401",
"217331004437116009160171953324521745594",
"313206545821722164926026240225659556960",
"111021653398054559829552377737188904357"
]
},
"id": "ASB-A-174737879-8553bce8",
"source": "https://android.googlesource.com/kernel/common/+/a308c71bf1e6e",
"deprecated": true,
"signature_version": "v1",
"target": {
"file": "mm/huge_memory.c"
},
"signature_type": "Line"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"64419711302526469673989123908215026328",
"32789090576443936259677802324966338992",
"229966377351428861441075782914684140611",
"920990623390383008220412118765896697",
"11690520068892337738304490947564850848",
"245256259509543804775392393734089460146",
"13795596398159029969443267890473480333",
"82254201038756258343541576683801683728",
"169319765403158201278768658634121799421",
"65032410222957490126543560456217207818",
"162830504149508124922875253406961148585",
"101978416667528536869270811011906204597",
"43997859360892852227046094158040078181",
"329333710222096653681142458018831487997",
"270774914660295096993396927489524995664",
"22916259750833737716932604998552642691",
"148544152647817918317727768542917799239",
"333273360572396453945342686645143123531",
"137491150483024805947569371315972650732",
"200642297831873786687871165037756448602",
"80171294739351691178409722252896560879",
"200041455058468839585709518727923797861",
"283860014710244718770901395833191221781",
"180499324711100753875487181671096498318",
"73296977650294761246324485845586872280",
"129315676442819813886647123576307427752",
"106896783604123247795279251602359878292",
"94121373049761358433746246179270211791",
"307136710259526163663060639605167387443",
"99563852047202403394425297813689925926",
"154365528037446040311002767093917427182",
"73590382965723586233790927145725276558",
"199051573382509999059118251761349011451",
"228322360299194754193697442719501597016",
"310906665366737981080348256999758751238",
"154726477153806126395007969691188577685",
"67860512080645903657204147911279165376",
"122665158935133803976306018903829459805",
"132675606326671015457234653064677364744",
"231996733897213974757450321203364846387"
]
},
"id": "ASB-A-174737879-8ef3821d",
"source": "https://android.googlesource.com/kernel/common/+/09854ba94c6a",
"deprecated": true,
"signature_version": "v1",
"target": {
"file": "mm/memory.c"
},
"signature_type": "Line"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"34213730763470594905319790042400300566",
"24939990561786555628528356557435280034",
"295806191884377514984718239744986515114",
"319204252635888156365636615141460727802",
"301018447438553440096139391408572705799",
"321367729713405711701750549393399482169",
"97268653007249169494149896286918448445",
"136995645386365369627017945514213363656",
"161838577797733452552071742823844657003",
"87580385223969999722626569914778320610",
"216794799615401461784449441292961518465",
"86872286692413478813566943595163177627",
"301204181458009309134461757188587524940"
]
},
"id": "ASB-A-174737879-92c14c01",
"source": "https://android.googlesource.com/kernel/common/+/1a0cf26323c8",
"deprecated": true,
"signature_version": "v1",
"target": {
"file": "include/linux/ksm.h"
},
"signature_type": "Line"
},
{
"digest": {
"length": 175.0,
"function_hash": "22854469281736808529659055724496481259"
},
"id": "ASB-A-174737879-b9b000a4",
"source": "https://android.googlesource.com/kernel/common/+/17839856fd588",
"deprecated": true,
"signature_version": "v1",
"target": {
"file": "mm/huge_memory.c",
"function": "can_follow_write_pmd"
},
"signature_type": "Function"
},
{
"digest": {
"length": 175.0,
"function_hash": "22854469281736808529659055724496481259"
},
"id": "ASB-A-174737879-dd022688",
"source": "https://android.googlesource.com/kernel/common/+/17839856fd588",
"deprecated": true,
"signature_version": "v1",
"target": {
"file": "mm/gup.c",
"function": "can_follow_write_pte"
},
"signature_type": "Function"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"230083326202969499465142333602964524973",
"209835816913677301785509423196406124921",
"33784349707776369126222223352316959637",
"119533238642935801652150179229774700831",
"204863402520167833281194430296853039385",
"80332358398008451686044832919069373897",
"240904853957340680067700732494220894732",
"100598809069711325214321974695373925728",
"171822875912680660461450593816065570586",
"59257380323871221354302725760668232925",
"57669427517010108229229838524514888521",
"146418624083933942169754191030393924469",
"314134575042663837152088535115934846432",
"8084814078674768785265994412853434575",
"275194606090569011859231864195619960374",
"4685358256957327795019767287848346126",
"242979598670170952446462895589576480327",
"174712294673038214310234387024510677272",
"325112122044462167434093186992492241501",
"314447575435600288303701791096109509286",
"140543348408481604796782639015909863765",
"179056401961539405487702849291352268604",
"226913609569049317492954385400503927327",
"207956527656130265472873399865795585793"
]
},
"id": "ASB-A-174737879-e966987d",
"source": "https://android.googlesource.com/kernel/common/+/1a0cf26323c8",
"deprecated": true,
"signature_version": "v1",
"target": {
"file": "mm/ksm.c"
},
"signature_type": "Line"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"276027541805158184524907867335061450280",
"11205647824677375105175440433270504548",
"200894277652173598465388354679014413350",
"70188612788489940039827805000425761804",
"193932126308908940960189600451047769819"
]
},
"id": "ASB-A-174737879-eae4d906",
"source": "https://android.googlesource.com/kernel/common/+/be068f2903",
"deprecated": true,
"signature_version": "v1",
"target": {
"file": "mm/memory.c"
},
"signature_type": "Line"
},
{
"digest": {
"length": 873.0,
"function_hash": "323879688725331999498444677361153014233"
},
"id": "ASB-A-174737879-ed4f2e9a",
"source": "https://android.googlesource.com/kernel/common/+/17839856fd588",
"deprecated": true,
"signature_version": "v1",
"target": {
"file": "mm/gup.c",
"function": "internal_get_user_pages_fast"
},
"signature_type": "Function"
},
{
"digest": {
"length": 1114.0,
"function_hash": "217496649770382931120865219628184692309"
},
"id": "ASB-A-174737879-fffdd7b1",
"source": "https://android.googlesource.com/kernel/common/+/a308c71bf1e6e",
"deprecated": true,
"signature_version": "v1",
"target": {
"file": "mm/gup.c",
"function": "internal_get_user_pages_fast"
},
"signature_type": "Function"
}
],
"fixes": [
"https://android.googlesource.com/kernel/common/+/a308c71bf1e6e",
"https://android.googlesource.com/kernel/common/+/52d1e606ee733",
"https://android.googlesource.com/kernel/common/+/1a0cf26323c8",
"https://android.googlesource.com/kernel/common/+/09854ba94c6a",
"https://android.googlesource.com/kernel/common/+/be068f2903",
"https://android.googlesource.com/kernel/common/+/17839856fd588"
],
"spl": "2023-08-05",
"severity": "High",
"types": [
"EoP"
]
}