ASB-A-196448784

See a problem?
Import Source
https://storage.googleapis.com/android-osv-test/ASB-A-196448784.json
JSON Data
https://api.osv.dev/v1/vulns/ASB-A-196448784
Aliases
Published
2021-12-01T00:00:00Z
Modified
2024-10-23T16:43:06.926828Z
Summary
[none]
Details

In max3421setaddress and related functions of max3421-hcd.c, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with physical/USB access to the device, with no additional execution privileges needed. User interaction is not needed for exploitation.

References

Affected packages

Android / :linux_kernel:

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
:0
Fixed
:2021-12-05

Affected versions

Other

Kernel

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 401.0,
                "function_hash": "114411121097348635169488012574900996249"
            },
            "id": "ASB-A-196448784-5c2e3411",
            "source": "https://android.googlesource.com/kernel/common/+/b5fdf5c6e6bee35837e160c00ac89327bdad031b",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "drivers/usb/host/max3421-hcd.c",
                "function": "max3421_urb_done"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 893.0,
                "function_hash": "36900667996422782109496001098642058012"
            },
            "id": "ASB-A-196448784-c7111446",
            "source": "https://android.googlesource.com/kernel/common/+/b5fdf5c6e6bee35837e160c00ac89327bdad031b",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "drivers/usb/host/max3421-hcd.c",
                "function": "max3421_set_address"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 2215.0,
                "function_hash": "64309037052600120945694966861271288216"
            },
            "id": "ASB-A-196448784-d0233dff",
            "source": "https://android.googlesource.com/kernel/common/+/b5fdf5c6e6bee35837e160c00ac89327bdad031b",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "drivers/usb/host/max3421-hcd.c",
                "function": "max3421_select_and_start_urb"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "217085677999074949967023240509088052827",
                    "267070474681255426226336156066915815681",
                    "247638210012680436681925789642344388999",
                    "323439050083045957597514513019004760774",
                    "19714191408932208688933475887725575079",
                    "80850209362406854949169289949518500982",
                    "238319687540554548756729728957882544807",
                    "6009865541210146582337213705480937830",
                    "71987485712092709738919220794944038305",
                    "246404490862450216377284442084799590042",
                    "177185598900389805519537889872634455009",
                    "264301175222455367406418739817979949301",
                    "141699761805301459004505873168546689662",
                    "93214835461404964939380543240277123247",
                    "323481325855936124008947922652036821257",
                    "4575637413114662533593661854764793926",
                    "113845655550542381585437872435458539727",
                    "296941405993135199915998642683725239185",
                    "130912919024420358269298835358386812104",
                    "92364551687888270474971244273696831199",
                    "49766921211887790234709128238128796058",
                    "23127750430260992975226639547193832216",
                    "88966962640856888737963041647137679680",
                    "23575355931654493532856924609045315487",
                    "87858171188376745946676982404521903065",
                    "167817762002649501306137492414057048796",
                    "5029770692267873571628326179582674362",
                    "243951472786481816204656947105879107204",
                    "75234107150510858329176934041064047462",
                    "312567499238085387111893771359709555593",
                    "285198156976856712371493300303413744646",
                    "53572902875219940341652118431372894144",
                    "27697003892428952708742279988974915512",
                    "193280473394203394697649421895341232807",
                    "201862213893393080509507739449933336735",
                    "202111789771329712345832963506321507255",
                    "161536903437130066470589710120166509031",
                    "184180490673423527804915006302931152688",
                    "46807478707353286158759274132488496959",
                    "123672301182933022114852792103623983635",
                    "125253756722107140194563631106854333091",
                    "179480731804470337592579654772213662887",
                    "66585436237447385564749429054826772598",
                    "74422244821713860996366827983399252894",
                    "256956360484758211414993578869014679315",
                    "255985039385644161078981532937525714951",
                    "23654271464513644146272010710961527779",
                    "143812015098717469209486421735066819378",
                    "102289577992029739768353054757910560060",
                    "336779252396222004312419420617397036775"
                ]
            },
            "id": "ASB-A-196448784-faf6585e",
            "source": "https://android.googlesource.com/kernel/common/+/b5fdf5c6e6bee35837e160c00ac89327bdad031b",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "drivers/usb/host/max3421-hcd.c"
            },
            "signature_type": "Line"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/kernel/common/+/b5fdf5c6e6bee35837e160c00ac89327bdad031b"
    ],
    "spl": "2021-12-05",
    "severity": "High",
    "types": [
        "EoP"
    ]
}