ASB-A-233078742
See a problem?- Import Source
- https://storage.googleapis.com/android-osv-test/ASB-A-233078742.json
- JSON Data
- https://api.osv.dev/v1/vulns/ASB-A-233078742
- Aliases
-
- A-230867044
- A-233078742
- ASB-A-230867044
- CVE-2022-1786
- Published
- 2022-08-01T00:00:00Z
- Modified
- 2024-09-19T16:28:27.422616Z
- Summary
- Android Security - [EMBARGO 5/24] invalid-free in io_uring that can lead to LPE
- Details
-
In ioreqinit_async there is a potential use after free due to a race condition. This could lead to local escalation of privileges with User execution privileges needed. User interaction is not needed for exploitation.
- References
Affected packages
Android / :linux_kernel:
Package
- Name
- :linux_kernel:
Ecosystem specific
{
"vanir_signatures": [
{
"digest": {
"length": 305.0,
"function_hash": "227273210715688725373639114611586646087"
},
"id": "ASB-A-233078742-7bc130dc",
"source": "https://android.googlesource.com/kernel/common/+/812805ff3b0c7069dc94d4a031960b4e2c80beac",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "fs/io_uring.c",
"function": "io_req_init_async"
},
"signature_type": "Function"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"272162681072718761223832810924314861088",
"282435767030736005459484303915207870642",
"77554876585778307774017004807339822970",
"222188109909390957259112931253691907692"
]
},
"id": "ASB-A-233078742-d30eb709",
"source": "https://android.googlesource.com/kernel/common/+/812805ff3b0c7069dc94d4a031960b4e2c80beac",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "fs/io_uring.c"
},
"signature_type": "Line"
}
],
"fixes": [
"https://android.googlesource.com/kernel/common/+/812805ff3b0c7069dc94d4a031960b4e2c80beac"
],
"spl": "2022-08-05",
"severity": "High",
"types": [
"EoP"
]
}