ASB-A-245869446

See a problem?
Import Source
https://storage.googleapis.com/android-osv-test/ASB-A-245869446.json
JSON Data
https://api.osv.dev/v1/vulns/ASB-A-245869446
Aliases
Published
2023-02-01T00:00:00Z
Modified
2024-10-23T16:43:06.926828Z
Summary
[none]
Details

In multiple functions of many files, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

References

Affected packages

Android / :linux_kernel:

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
:0
Fixed
:2023-02-05

Affected versions

Other

Kernel

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 755.0,
                "function_hash": "38604489406231837717793669152131606938"
            },
            "id": "ASB-A-245869446-1b08df49",
            "source": "https://android.googlesource.com/kernel/common/+/0be362f248a062b0c57b24bd16250e48aca1258b",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "arch/x86/kvm/x86.c",
                "function": "kvm_steal_time_set_preempted"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "59692480275264766853165137104156426228",
                    "214353513911615457213562912492860417937",
                    "273877541879068920260347504933113745277",
                    "15798145667535997922991764239401250078"
                ]
            },
            "id": "ASB-A-245869446-4e113419",
            "source": "https://android.googlesource.com/kernel/common/+/0be362f248a062b0c57b24bd16250e48aca1258b",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "arch/x86/kvm/vmx/vmx.c"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 333.0,
                "function_hash": "165481017018219247378593075874815406330"
            },
            "id": "ASB-A-245869446-5374c6e8",
            "source": "https://android.googlesource.com/kernel/common/+/0be362f248a062b0c57b24bd16250e48aca1258b",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "arch/x86/kvm/vmx/vmx.c",
                "function": "handle_external_interrupt_irqoff"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "77013427174380958763618251436307309217",
                    "260912490785269495300238009067040999760",
                    "27048756297649844329325457963885708573",
                    "214724014562384713343912824674964654335",
                    "305645830347182943102607156739301999758",
                    "195355178703760701337862641816984625414",
                    "302809168331074603663963560945904877504",
                    "221736838959360489411131341271589814399",
                    "137936098070211798298446521327929481847",
                    "280460129927042103704893367658740007798",
                    "195828335554372007478403600861262374234"
                ]
            },
            "id": "ASB-A-245869446-bb6c2651",
            "source": "https://android.googlesource.com/kernel/common/+/0be362f248a062b0c57b24bd16250e48aca1258b",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "arch/x86/kvm/x86.c"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 799.0,
                "function_hash": "33828916803657510720769090657283268307"
            },
            "id": "ASB-A-245869446-c5347606",
            "source": "https://android.googlesource.com/kernel/common/+/0be362f248a062b0c57b24bd16250e48aca1258b",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "arch/x86/kvm/x86.c",
                "function": "vcpu_run"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "27455215021659110276612552094316477814",
                    "32679905025671916597419488091600971837",
                    "261160318527586754838829020256618233405",
                    "163987717602089840069875587587559850486",
                    "337327902055208212947137973516695178292",
                    "250204395601394085695912527180843271660",
                    "177798265508470921274907416937320593741",
                    "146010721565448674377621111995655250043"
                ]
            },
            "id": "ASB-A-245869446-e2250a01",
            "source": "https://android.googlesource.com/kernel/common/+/0be362f248a062b0c57b24bd16250e48aca1258b",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "arch/x86/include/asm/kvm_host.h"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "319180214301471377585150049024309308330",
                    "50373122713968120405096298349158498297",
                    "262696856476674390061976107357942042546",
                    "335269534060379695117872965537878128774"
                ]
            },
            "id": "ASB-A-245869446-f6ae6194",
            "source": "https://android.googlesource.com/kernel/common/+/0be362f248a062b0c57b24bd16250e48aca1258b",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "arch/x86/kvm/svm/svm.c"
            },
            "signature_type": "Line"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/kernel/common/+/0be362f248a062b0c57b24bd16250e48aca1258b"
    ],
    "spl": "2023-02-05",
    "severity": "High",
    "types": [
        "EoP"
    ]
}