PUB-A-233075473
See a problem?- Import Source
- https://storage.googleapis.com/android-osv-test/PUB-A-233075473.json
- JSON Data
- https://api.osv.dev/v1/vulns/PUB-A-233075473
- Aliases
-
- A-233075473
- CVE-2022-29581
- Published
- 2022-08-01T00:00:00Z
- Modified
- 2024-09-19T16:42:08.189638Z
- Summary
- Android Security - [EMBARGO 5/24] UAF in Linux kernel that can lead to LPE
- Details
-
In u32destroykey and related functions of cls_u32.c, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
- References
Affected packages
Android / :linux_kernel:
Package
- Name
- :linux_kernel:
Ecosystem specific
{
"vanir_signatures": [
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"12017464697272376360987189896020453373",
"165231272990745208968986246096614300069",
"87650411860073721519959697817878930347",
"88694137705524582580283107960433414973",
"224285556317071150239673333363294070043",
"144235103204564871651266205177890851851",
"157244778432830356029186041127852239806",
"21813636616839787135585863339382516964",
"252670340304475351347883320302141467185",
"192365946415484217726774929876015375710",
"47800162176297341138108122538091553217",
"47724439811176151872579890481740506838",
"239874854340968674947247384111587784877",
"130392416201730244011379719188200507134",
"46946862416912281296113593460524542671",
"166078287458666762714164497717527077339",
"202849110814589256742921006678392152027",
"42661982679347269166491627993939027840",
"117989092257963302905714203891891025712",
"140618196356520074686234444381927648505",
"285311416879944560634137249576817089678",
"243143923999761648029549941851657588765",
"42661982679347269166491627993939027840",
"2767581338422267267398979711530137858"
]
},
"id": "PUB-A-233075473-29f81379",
"source": "https://android.googlesource.com/kernel/common/+/b5a54d8de219f9affbd98e94ccdbaa7781e7a555",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "net/sched/cls_u32.c"
},
"signature_type": "Line"
},
{
"digest": {
"length": 5780.0,
"function_hash": "54577984981276901081971127704180670658"
},
"id": "PUB-A-233075473-9da0c358",
"source": "https://android.googlesource.com/kernel/common/+/b5a54d8de219f9affbd98e94ccdbaa7781e7a555",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "net/sched/cls_u32.c",
"function": "u32_change"
},
"signature_type": "Function"
},
{
"digest": {
"length": 414.0,
"function_hash": "199640517961603568396860261614330980616"
},
"id": "PUB-A-233075473-b238edc2",
"source": "https://android.googlesource.com/kernel/common/+/b5a54d8de219f9affbd98e94ccdbaa7781e7a555",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "net/sched/cls_u32.c",
"function": "u32_destroy_key"
},
"signature_type": "Function"
}
],
"fixes": [
"https://android.googlesource.com/kernel/common/+/b5a54d8de219f9affbd98e94ccdbaa7781e7a555"
],
"spl": "2022-08-05",
"severity": "Moderate",
"types": [
"EoP"
]
}