PUB-A-196011539

See a problem?
Import Source
https://storage.googleapis.com/android-osv-test/PUB-A-196011539.json
JSON Data
https://api.osv.dev/v1/vulns/PUB-A-196011539
Aliases
Published
2022-06-01T00:00:00Z
Modified
2024-10-23T16:43:06.926828Z
Summary
[none]
Details

In checkstackwritefixedoff and related functions of verifier.c, there is a possible out of bounds read due to side channel information disclosure. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

References

Affected packages

Android / :linux_kernel:

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
:0
Fixed
:2022-06-05

Affected versions

Other

Kernel

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "305205531802512017341163242226428153734",
                    "2585488129044331379047924650191033827",
                    "148647100567595964458019309735188144803",
                    "11942775594437908850679622134388458838",
                    "97380285631030218893061090657490387607",
                    "26028520635434484714737686679692895826",
                    "333889995909599102164999837277302371302",
                    "38416344364069209752327229388128081599",
                    "207180574071642262579878751953174229429",
                    "1140989656416146924460359855437808578",
                    "113863379513992470071379891876391522505",
                    "307526790653733229708139941107497589454"
                ]
            },
            "id": "PUB-A-196011539-0d1072bc",
            "source": "https://android.googlesource.com/kernel/common/+/e80c3533c354e",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "kernel/bpf/disasm.c"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "173660151941257730778813155425447364132",
                    "27772917760678754337489395758997074697",
                    "4263981723230181936059574982541179791"
                ]
            },
            "id": "PUB-A-196011539-0d943206",
            "source": "https://android.googlesource.com/kernel/common/+/e80c3533c354e",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "arch/s390/net/bpf_jit_comp.c"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "182488854690131797179066901887341540660",
                    "271173009328449815751821293458703451261",
                    "310174186534106498378868599311591280734",
                    "306542011294882954839953280146778342247",
                    "132529824464294092347516084025771305298",
                    "42774686486507674610697058585972372360",
                    "260359734910341384759439501628321889120",
                    "224655504302895966056038885098724495313",
                    "172586013935325408217766215477921052400",
                    "88663099339171433394887398805668896698",
                    "239399788995562905542893076457609826425",
                    "221401223387386154951881283578996855299",
                    "229377854323876157569224497146028075509",
                    "247847762457780231745944532620142726450",
                    "271328050391475722204129399657126311439",
                    "46513734829533060784782346837014843387",
                    "165171486799336320298270476480255857068",
                    "166428563734035799488706642278942050893",
                    "127938973500247587070161880066109034458",
                    "245735939258177471603765104448108917404",
                    "250481030738615036249574667283386740143",
                    "275375053391720368827897309270554922894",
                    "159527063965145643335309017096916471174",
                    "138932296751521324227780776623230154682",
                    "31338249366753241842434874153940092616",
                    "96558649734884107384889423090309872093",
                    "190700710210124230146937663722868917568",
                    "152517857441149867716972459265497063870",
                    "22886338686594838692324868792114923327",
                    "89608777941249804165992409815226845501",
                    "164160132678214999393523747541543861094",
                    "147573548943209720119237727655722207220",
                    "136636566013627829656115230913044548909",
                    "160917965473231298632224284240755582354",
                    "338410234862485064619864446859203040752",
                    "164752595107537758429194428834466207833",
                    "54924373031309107042229081057119906850",
                    "198529728826417249931535274056088378069",
                    "197127656020610365676307850299446752520",
                    "35399565883064119000548458521882442670",
                    "76475207340392274811600610366507367866",
                    "149371392150700186795644515949988392287",
                    "98795928228412693057733707089629424777",
                    "9965775337711935670052853055366478745",
                    "91780692971781325790009085792317569474",
                    "265152040855936153257612278913824457872",
                    "35609477671410479413244585492377728830",
                    "92054791574216593935447256905368484040",
                    "132559283577510594087545133429006974830",
                    "219118816130789100484258016385301035294",
                    "296214834374187139324085624602185753726",
                    "227964857960370696191335950781380443044",
                    "240765184995665736112152564590072645065",
                    "135165977311923425541691055636753176656",
                    "187046352186973719914360432949319324966",
                    "107335059204794406756503351502439680243",
                    "331485834681216573380197613344709310821",
                    "304931068564504553758104497457885925574",
                    "19041751437076259009393232264029286152"
                ]
            },
            "id": "PUB-A-196011539-1c594aa7",
            "source": "https://android.googlesource.com/kernel/common/+/f5893af2704eb",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "kernel/bpf/verifier.c"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 20577.0,
                "function_hash": "147097370526842176586445499829872231395"
            },
            "id": "PUB-A-196011539-22eb820e",
            "source": "https://android.googlesource.com/kernel/common/+/e80c3533c354e",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "arch/riscv/net/bpf_jit_comp.c",
                "function": "emit_insn"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "11827588269367780017347289816531254555",
                    "220082853007074704731493766471270654569",
                    "126240876126904056082089562739253149368",
                    "289413636288731032902716552852739685287",
                    "336432879129980519975502918492542684776"
                ]
            },
            "id": "PUB-A-196011539-309489b1",
            "source": "https://android.googlesource.com/kernel/common/+/f5893af2704eb",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "include/linux/bpf_verifier.h"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 15297.0,
                "function_hash": "294174256643244717990544565580314159508"
            },
            "id": "PUB-A-196011539-351f901c",
            "source": "https://android.googlesource.com/kernel/common/+/e80c3533c354e",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "arch/powerpc/net/bpf_jit_comp64.c",
                "function": "bpf_jit_build_body"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "72534822758079915980677350792303826845",
                    "312355728147259808235924515605054701913",
                    "41883834944338936064645645634184576215",
                    "203971995369681977278253899268290694588"
                ]
            },
            "id": "PUB-A-196011539-484e41fc",
            "source": "https://android.googlesource.com/kernel/common/+/e80c3533c354e",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "arch/x86/net/bpf_jit_comp32.c"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "336469752589275220962874764838447015688",
                    "115775195130646679520828912797132990136",
                    "203260536078357932351193061581570506613",
                    "42433511099458747828196898234257018505"
                ]
            },
            "id": "PUB-A-196011539-4ed7f0db",
            "source": "https://android.googlesource.com/kernel/common/+/e80c3533c354e",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "arch/sparc/net/bpf_jit_comp_64.c"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 4912.0,
                "function_hash": "174406747325980166482342059940882943639"
            },
            "id": "PUB-A-196011539-56a6a0f2",
            "source": "https://android.googlesource.com/kernel/common/+/e80c3533c354e",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "kernel/bpf/core.c",
                "function": "___bpf_prog_run"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "334425439011962791381592573281576298580",
                    "278598289266191292183677601258691859591",
                    "107464823516679137706415161502274837150",
                    "313114587670471334334109005906838448214",
                    "291268397393893035706117144421732631702",
                    "78310186429295441904679599038208174377",
                    "62494668812812288361536101247448134900",
                    "22754680778273445770346211853086263252",
                    "165251615613666145827868125428450880499",
                    "132761906266490723107362312355046312489"
                ]
            },
            "id": "PUB-A-196011539-5c28def9",
            "source": "https://android.googlesource.com/kernel/common/+/e80c3533c354e",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "kernel/bpf/core.c"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 4923.0,
                "function_hash": "17901772029901263384751066157435205010"
            },
            "id": "PUB-A-196011539-6b2a2c45",
            "source": "https://android.googlesource.com/kernel/common/+/e80c3533c354e",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "kernel/bpf/disasm.c",
                "function": "print_bpf_insn"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "210430695689933423595888837903362155935",
                    "77043016451871767575502101027888169017",
                    "192158866918440344333095817543020214860",
                    "317590910850770164377588802317992428603"
                ]
            },
            "id": "PUB-A-196011539-8fa7aa27",
            "source": "https://android.googlesource.com/kernel/common/+/e80c3533c354e",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "arch/arm/net/bpf_jit_32.c"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 14228.0,
                "function_hash": "208112688175208328229765726249175109175"
            },
            "id": "PUB-A-196011539-902dc469",
            "source": "https://android.googlesource.com/kernel/common/+/e80c3533c354e",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "arch/x86/net/bpf_jit_comp.c",
                "function": "do_jit"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 2548.0,
                "function_hash": "260978440460247104333046083795496536256"
            },
            "id": "PUB-A-196011539-9c7fef19",
            "source": "https://android.googlesource.com/kernel/common/+/f5893af2704eb",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "kernel/bpf/verifier.c",
                "function": "check_stack_write"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 21931.0,
                "function_hash": "299076448839503224067133098884644342144"
            },
            "id": "PUB-A-196011539-9fb08292",
            "source": "https://android.googlesource.com/kernel/common/+/e80c3533c354e",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "arch/mips/net/ebpf_jit.c",
                "function": "build_one_insn"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "1646315126352610310457325096472724998",
                    "135755401831858035681234605402382006889",
                    "110161445262095099042502702061791132824"
                ]
            },
            "id": "PUB-A-196011539-bbc92709",
            "source": "https://android.googlesource.com/kernel/common/+/e80c3533c354e",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "arch/mips/net/ebpf_jit.c"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 14758.0,
                "function_hash": "109494238402991963395103761251491891155"
            },
            "id": "PUB-A-196011539-c3c9701a",
            "source": "https://android.googlesource.com/kernel/common/+/e80c3533c354e",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "arch/s390/net/bpf_jit_comp.c",
                "function": "bpf_jit_insn"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "173660151941257730778813155425447364132",
                    "252665618640681091725949245853377867368",
                    "76245782363213252508968248274802784227"
                ]
            },
            "id": "PUB-A-196011539-d5becb1d",
            "source": "https://android.googlesource.com/kernel/common/+/e80c3533c354e",
            "deprecated": true,
            "signature_version": "v1",
            "target": {
                "file": "arch/powerpc/net/bpf_jit_comp64.c"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "167134435101084351807236780687715055186",
                    "160423127365116280587457800023300818300",
                    "121038820279835434383138199264553771259"
                ]
            },
            "id": "PUB-A-196011539-d7c666c8",
            "source": "https://android.googlesource.com/kernel/common/+/e80c3533c354e",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "arch/x86/net/bpf_jit_comp.c"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "159990288689827447531468667024654920213",
                    "273959493138064794292009507429715246206",
                    "305538873591662001874145354440068119470"
                ]
            },
            "id": "PUB-A-196011539-f3dceb8b",
            "source": "https://android.googlesource.com/kernel/common/+/e80c3533c354e",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "arch/riscv/net/bpf_jit_comp.c"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 13050.0,
                "function_hash": "214414488703278193114809950214223350654"
            },
            "id": "PUB-A-196011539-f4b2a4d8",
            "source": "https://android.googlesource.com/kernel/common/+/e80c3533c354e",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "arch/sparc/net/bpf_jit_comp_64.c",
                "function": "build_insn"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 3547.0,
                "function_hash": "216580944146069769674694690094967279470"
            },
            "id": "PUB-A-196011539-f4ddc77e",
            "source": "https://android.googlesource.com/kernel/common/+/f5893af2704eb",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "kernel/bpf/verifier.c",
                "function": "convert_ctx_accesses"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 18377.0,
                "function_hash": "182897166988313984679366921934437898836"
            },
            "id": "PUB-A-196011539-f685a7ff",
            "source": "https://android.googlesource.com/kernel/common/+/e80c3533c354e",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "arch/x86/net/bpf_jit_comp32.c",
                "function": "do_jit"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "339514062178109867062255709368080292924",
                    "63626503530458387618262136138259433317",
                    "317590910850770164377588802317992428603"
                ]
            },
            "id": "PUB-A-196011539-f7e33015",
            "source": "https://android.googlesource.com/kernel/common/+/e80c3533c354e",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "arch/arm64/net/bpf_jit_comp.c"
            },
            "signature_type": "Line"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/kernel/common/+/dbb65264ffd6b",
        "https://android.googlesource.com/kernel/common/+/f5893af2704eb",
        "https://android.googlesource.com/kernel/common/+/e80c3533c354e"
    ],
    "spl": "2022-06-05",
    "severity": "Moderate",
    "types": [
        "EoP"
    ]
}