PUB-A-233075473

See a problem?
Import Source
https://storage.googleapis.com/android-osv-test/PUB-A-233075473.json
JSON Data
https://api.osv.dev/v1/vulns/PUB-A-233075473
Aliases
Published
2022-08-01T00:00:00Z
Modified
2024-10-23T16:43:06.926828Z
Summary
[none]
Details

In u32destroykey and related functions of cls_u32.c, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

References

Affected packages

Android / :linux_kernel:

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
:0
Fixed
:2022-08-05

Affected versions

Other

Kernel

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "12017464697272376360987189896020453373",
                    "165231272990745208968986246096614300069",
                    "87650411860073721519959697817878930347",
                    "88694137705524582580283107960433414973",
                    "224285556317071150239673333363294070043",
                    "144235103204564871651266205177890851851",
                    "157244778432830356029186041127852239806",
                    "21813636616839787135585863339382516964",
                    "252670340304475351347883320302141467185",
                    "192365946415484217726774929876015375710",
                    "47800162176297341138108122538091553217",
                    "47724439811176151872579890481740506838",
                    "239874854340968674947247384111587784877",
                    "130392416201730244011379719188200507134",
                    "46946862416912281296113593460524542671",
                    "166078287458666762714164497717527077339",
                    "202849110814589256742921006678392152027",
                    "42661982679347269166491627993939027840",
                    "117989092257963302905714203891891025712",
                    "140618196356520074686234444381927648505",
                    "285311416879944560634137249576817089678",
                    "243143923999761648029549941851657588765",
                    "42661982679347269166491627993939027840",
                    "2767581338422267267398979711530137858"
                ]
            },
            "id": "PUB-A-233075473-29f81379",
            "source": "https://android.googlesource.com/kernel/common/+/b5a54d8de219f9affbd98e94ccdbaa7781e7a555",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "net/sched/cls_u32.c"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 5780.0,
                "function_hash": "54577984981276901081971127704180670658"
            },
            "id": "PUB-A-233075473-9da0c358",
            "source": "https://android.googlesource.com/kernel/common/+/b5a54d8de219f9affbd98e94ccdbaa7781e7a555",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "net/sched/cls_u32.c",
                "function": "u32_change"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 414.0,
                "function_hash": "199640517961603568396860261614330980616"
            },
            "id": "PUB-A-233075473-b238edc2",
            "source": "https://android.googlesource.com/kernel/common/+/b5a54d8de219f9affbd98e94ccdbaa7781e7a555",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "net/sched/cls_u32.c",
                "function": "u32_destroy_key"
            },
            "signature_type": "Function"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/kernel/common/+/b5a54d8de219f9affbd98e94ccdbaa7781e7a555"
    ],
    "spl": "2022-08-05",
    "severity": "Moderate",
    "types": [
        "EoP"
    ]
}