ASB-A-240019719

See a problem?
Import Source
https://storage.googleapis.com/android-osv-test/ASB-A-240019719.json
JSON Data
https://api.osv.dev/v1/vulns/ASB-A-240019719
Aliases
Published
2023-03-01T00:00:00Z
Modified
2024-10-23T16:43:06.926828Z
Summary
[none]
Details

In fbconsetfont() of fbcon.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

References

Affected packages

Android / :linux_kernel:

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
:0
Fixed
:2023-03-05

Affected versions

Other

Kernel

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 2230.0,
                "function_hash": "260368242011700339528141153546759620060"
            },
            "id": "ASB-A-240019719-0d9eea6c",
            "source": "https://android.googlesource.com/kernel/common/+/52833e8fafb2ada5329f89b4e03a838ace0644bd",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "drivers/video/fbdev/core/fbmem.c",
                "function": "fb_set_var"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "220704080036185236950158588689116762957",
                    "146819525641386820595486975508173557986",
                    "152494364300023753278409797644414637462"
                ]
            },
            "id": "ASB-A-240019719-2d935707",
            "source": "https://android.googlesource.com/kernel/common/+/52833e8fafb2ada5329f89b4e03a838ace0644bd",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "drivers/video/fbdev/core/fbmem.c"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "145214828066865294559026777866206346704",
                    "74273726301264452381742795473067020242",
                    "98584942807167272420032876425097977336"
                ]
            },
            "id": "ASB-A-240019719-602e4306",
            "source": "https://android.googlesource.com/kernel/common/+/b54f2a0d7bc35bec294c796e5b779a2c960b1145",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "drivers/video/fbdev/core/fbcon.c"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 2120.0,
                "function_hash": "237877605262909335765337413501427008668"
            },
            "id": "ASB-A-240019719-8c716c97",
            "source": "https://android.googlesource.com/kernel/common/+/e8a2596dec19b4ed1d9a3b3a0dcc428b0468074a",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "drivers/video/fbdev/core/fbmem.c",
                "function": "do_fb_ioctl"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 1635.0,
                "function_hash": "32680718910003695153068326154783534040"
            },
            "id": "ASB-A-240019719-ba2e9a01",
            "source": "https://android.googlesource.com/kernel/common/+/b54f2a0d7bc35bec294c796e5b779a2c960b1145",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "drivers/video/fbdev/core/fbcon.c",
                "function": "fbcon_set_font"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "139595783800889817610535237357284472539",
                    "286891797931192681199206635193469849391",
                    "189615521132268010970490211699267266912",
                    "220804743819273572867304279509796439362",
                    "213164206842185859280247276716851666100",
                    "15621184755067764871661004093351894155",
                    "12003470756970607673472171164672216868",
                    "46292734064832699823715455874387192271"
                ]
            },
            "id": "ASB-A-240019719-c650b1fb",
            "source": "https://android.googlesource.com/kernel/common/+/e8a2596dec19b4ed1d9a3b3a0dcc428b0468074a",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "include/linux/fbcon.h"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "4805974244079610571020223133689330202",
                    "220829309033984216009626881265785601298",
                    "78949393936684919963760381278998600401",
                    "304463444265663019437793569792849990614"
                ]
            },
            "id": "ASB-A-240019719-f542543f",
            "source": "https://android.googlesource.com/kernel/common/+/e8a2596dec19b4ed1d9a3b3a0dcc428b0468074a",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "drivers/video/fbdev/core/fbmem.c"
            },
            "signature_type": "Line"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/kernel/common/+/52833e8fafb2ada5329f89b4e03a838ace0644bd",
        "https://android.googlesource.com/kernel/common/+/e8a2596dec19b4ed1d9a3b3a0dcc428b0468074a",
        "https://android.googlesource.com/kernel/common/+/b54f2a0d7bc35bec294c796e5b779a2c960b1145"
    ],
    "spl": "2023-03-05",
    "severity": "High",
    "types": [
        "EoP"
    ]
}