PUB-A-190228658

See a problem?
Import Source
https://storage.googleapis.com/android-osv-test/PUB-A-190228658.json
JSON Data
https://api.osv.dev/v1/vulns/PUB-A-190228658
Aliases
Published
2021-12-01T00:00:00Z
Modified
2024-10-23T16:43:06.926828Z
Summary
[none]
Details

In vtdisallocate and related functions of vtioctl.c, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

References

Affected packages

Android / :linux_kernel:

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
:0
Fixed
:2021-12-05

Affected versions

Other

Kernel

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 350.0,
                "function_hash": "320524514287153616664612375516415842603"
            },
            "id": "PUB-A-190228658-016fa123",
            "source": "https://android.googlesource.com/kernel/common/+/90bfdeef83f1d6c696039b6a917190dcbbad3220",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "drivers/tty/vt/vt_ioctl.c",
                "function": "vt_io_fontreset"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 1420.0,
                "function_hash": "123379609194559407213349497570049690536"
            },
            "id": "PUB-A-190228658-1c8719c3",
            "source": "https://android.googlesource.com/kernel/common/+/90bfdeef83f1d6c696039b6a917190dcbbad3220",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "drivers/tty/vt/vt_ioctl.c",
                "function": "vt_io_ioctl"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 981.0,
                "function_hash": "21673407689687884799699283846099975468"
            },
            "id": "PUB-A-190228658-92a578a9",
            "source": "https://android.googlesource.com/kernel/common/+/90bfdeef83f1d6c696039b6a917190dcbbad3220",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "drivers/tty/vt/vt_ioctl.c",
                "function": "vt_compat_ioctl"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "339318955935566238894797154670352448141",
                    "52473511985278061307118909538197820511",
                    "14241356784787676403380073642511860867",
                    "4840435229461463805135614009109279981",
                    "193251870028668531143654907883630318680",
                    "76671241567989619843012225013715374788",
                    "36227994611078500768531564382436145467",
                    "17663988733732760316303670167847957639",
                    "334368919244210623440243307908880319048",
                    "97461829736666685860691754017211782552",
                    "283672804061310620485000355904474368641",
                    "209154792166409727085931354551200899330",
                    "221605191078709178005291809373297750338",
                    "41652880990043750245063982717695049634",
                    "329746549475812398531662313491889082449",
                    "44293113810174502407274222737010675938",
                    "159386606834179171458643018365065513066",
                    "91200151630416972775377919419751362641",
                    "186252686675887537604302782765257731690",
                    "256645544509915613900271085352827267251",
                    "325373102407970744956133835909309031518",
                    "130892587925190200089015442646354230328",
                    "53510262037820686127299913191542504537",
                    "200781363180425492197760186504321312356",
                    "220402906669558717969931235484055812836",
                    "188106044884831820922210477570225486008",
                    "102693788235384447728725686878242650882",
                    "282858371804787400131193688494927173591",
                    "202947038146959579408650081105149474883",
                    "319527320083573028380537427564122220942",
                    "67974500844413565824343035624398598797",
                    "329123168778719218660304018634612854998",
                    "319622724463286856257180369436838015200",
                    "94642231781883791479847394401293752342",
                    "45757198703673773617379750191028008574",
                    "79739477850492317997523536532889058516",
                    "155502695325061490118846311716247781023",
                    "94474551175898975745648982654613025473",
                    "71220907524210199308756354906632726429",
                    "141757713669372678346264787834221009276",
                    "290724741279069592794193113354952234680",
                    "233495515326924098346787705063477447340",
                    "26513164058354690104627936292620767390",
                    "276145860660228416456071072470635641934",
                    "193990475142698296596040731161381947782",
                    "227524204023472100369279916894754172465",
                    "49393411096494687886251550689300655751",
                    "150478141626188525357095467802486487709",
                    "139647094379519956955060532432999923177",
                    "127253321143764917761205060463092772221",
                    "336716673708444832873152717964862760234",
                    "225024513400030738774311875925666318973",
                    "192921137829268178244579430861911863933",
                    "126057527193692498022004877645552446004",
                    "201173808609202219366200805379713068071",
                    "158626861132342953584340741510583921645",
                    "217116196911247519479749740586419750777",
                    "63957189953770948392814349251734472439",
                    "115317807447071128516106744625119102257",
                    "283514182505692854108507286645933699763",
                    "44293113810174502407274222737010675938",
                    "66269928344842405050727123257223602656",
                    "154825112293599695489202423679013747278",
                    "147691884752377195513097120138840038419",
                    "40261203041819225195009035203128960179"
                ]
            },
            "id": "PUB-A-190228658-bb952784",
            "source": "https://android.googlesource.com/kernel/common/+/90bfdeef83f1d6c696039b6a917190dcbbad3220",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "drivers/tty/vt/vt_ioctl.c"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 1015.0,
                "function_hash": "265661849656946814830300185156494280730"
            },
            "id": "PUB-A-190228658-ce8d82a3",
            "source": "https://android.googlesource.com/kernel/common/+/90bfdeef83f1d6c696039b6a917190dcbbad3220",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "drivers/tty/vt/vt_ioctl.c",
                "function": "compat_fontx_ioctl"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 947.0,
                "function_hash": "210088323691146164844005191935771770202"
            },
            "id": "PUB-A-190228658-f17dc376",
            "source": "https://android.googlesource.com/kernel/common/+/90bfdeef83f1d6c696039b6a917190dcbbad3220",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "drivers/tty/vt/vt_ioctl.c",
                "function": "do_fontx_ioctl"
            },
            "signature_type": "Function"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/kernel/common/+/90bfdeef83f1d6c696039b6a917190dcbbad3220"
    ],
    "spl": "2021-12-05",
    "severity": "Moderate",
    "types": [
        "EoP"
    ]
}