{"id":"ASB-A-213172319", "published":"2022-05-01T00:00:00Z", "modified":"2026-05-01T15:24:27.653932157Z", "aliases":["CVE-2022-20009", "A-213172319"], "details":"In various functions of the USB gadget subsystem, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.", "affected":[{"package":{"name":":linux_kernel:", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":":0"}, {"fixed":":2022-05-05"}]}], "versions":["Kernel"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/kernel/common/+/528615555b59cbd659186d44b3c6db69c30414eb", "https://android.googlesource.com/kernel/common/+/823fc2b264f1ec12678564271c5fa34e3250cf83"], "severity":"High", "spl":"2022-05-05", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"15411130885992590080241792335577292221", "length":8670}, "id":"ASB-A-213172319-3423edf2", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/kernel/common/+/823fc2b264f1ec12678564271c5fa34e3250cf83", "target":{"file":"drivers/usb/gadget/composite.c", "function":"composite_setup", "truncated_path_level":1}}, {"deprecated":false, "digest":{"line_hashes":["282852417431766263490676553128712597531", "110705312730213592619630503319076438808", "94219566278308689484813984906675955552", "36491830421415711599610514669873140861", "30790627971595482618317624871770110268", "288531739672159843520527013539581497894", "39603869017474101200293526634541239352", "45180091331208902342353969121843865020", "143434519509247879588825429509241155734"], "threshold":0.9}, "id":"ASB-A-213172319-476cf60f", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/kernel/common/+/528615555b59cbd659186d44b3c6db69c30414eb", "target":{"file":"drivers/usb/gadget/function/rndis.c"}}, {"deprecated":false, "digest":{"line_hashes":["8228047372824403445809389804182550337", "215290394054290689799362561037584581376", "50834800687003401478418564196561689514", "157624948906676408928048125434499571554"], "threshold":0.9}, "id":"ASB-A-213172319-c780d7df", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/kernel/common/+/823fc2b264f1ec12678564271c5fa34e3250cf83", "target":{"file":"drivers/usb/gadget/composite.c", "truncated_path_level":1}}, {"deprecated":false, "digest":{"function_hash":"221946459094492974610708965816765957224", "length":1018}, "id":"ASB-A-213172319-da487bd0", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/kernel/common/+/528615555b59cbd659186d44b3c6db69c30414eb", "target":{"file":"drivers/usb/gadget/function/rndis.c", "function":"rndis_set_response"}}]}}], "references":[{"type":"ADVISORY", "url":"https://source.android.com/security/bulletin/2022-05-01"}, {"type":"FIX", "url":"https://android.googlesource.com/kernel/common/+/528615555b59cbd659186d44b3c6db69c30414eb"}, {"type":"FIX", "url":"https://android.googlesource.com/kernel/common/+/823fc2b264f1ec12678564271c5fa34e3250cf83"}]}