{"id":"ASB-A-213850092", "published":"2022-07-01T00:00:00Z", "modified":"2026-05-01T15:24:27.653932157Z", "aliases":["CVE-2022-20228", "A-213850092"], "details":"In various functions of C2DmaBufAllocator.cpp, there is a possible memory corruption due to a use after free. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.", "affected":[{"package":{"name":"platform/frameworks/av", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"12:0"}, {"fixed":"12:2022-07-01"}]}], "versions":["12"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/av/+/5cbca291a6d288fa6d471c0dc223537ca12700d3"], "severity":"High", "spl":"2022-07-01", "types":["ID"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["192227934232514726557426748198738623410", "317255628712816926328077450866894228452", "311631332125272066488853762979160572930", "200969091410336481141966200584404115575", "51559047303558521212122549833089270220", "74221046007737194667233700832096575063", "228252480631705538231742767406619682407", "22492156979977295798095182627872838035", "231399710022428264346164184280306177067", "211655241687773405580550050359533509495", "194651649701829123340808045550149298755", "88287981816864687367563400153199024117", "21133483344499622561215568506296204047", "44914622061145209070180209937845868801", "194300837437827142635570084323525444759", "21270117293079764063673154557878170952", "235620155372164143951842304285161307163", "310040829824071364552459800808268420305", "320746817924010270769999961346433377402", "181590233791588607348333510668637482539", "37077830568388809013384498335522893334", "287683952838851208945788423954754367332", "314318985694173977636984479840306674552", "123801798367134975462997417348237060122", "314686063585001825113132334808958923677", "195903363165327730377140988313203592017", "316461725082244718898528055752115183257", "66275611729325449737339854251446508253", "274283264904369067223163265774635421682", "154925317047249732204408814864411678525", "93064771771212267697144890968037783838", "54456604817051958429238255474257769216", "4415980063983488735625236013337988711", "121665763636476463751885739650815948483", "39325296754708017965824161051703363402", "239240393691106160585830857877140432688", "239670772907459229346688508752068172892", "332859814753134252708024752127214576688", "90661642236740509347713288329185464032", "134868697679941322428296847329038362219", "59162336919209653723894857708251608234", "295312956171829762994738736568944178687", "268734471588714994898013031994459612349", "103233899701424350933302057997214161275", "242604353954162070547450642583046068316", "59287285465733016241748955774357058775", "141394885991717466741112758253931869448", "27028203555431716372373482172836092522", "332407439834065522916652423857843263185", "18370254986684097256761458897809386866", "324916189533104502194359447110009875807", "119736582797376422820720639432704534758", "10138077624400305967329662390503689073", "168087749518512853078711943852155356037", "34445881603422342436620705275987892025"], "threshold":0.9}, "id":"ASB-A-213850092-15618e38", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/av/+/5cbca291a6d288fa6d471c0dc223537ca12700d3", "target":{"file":"media/codec2/vndk/C2AllocatorIon.cpp"}}, {"deprecated":false, "digest":{"function_hash":"167525502730782928918426667957436792503", "length":784}, "id":"ASB-A-213850092-3de18407", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/av/+/5cbca291a6d288fa6d471c0dc223537ca12700d3", "target":{"file":"media/codec2/vndk/C2DmaBufAllocator.cpp", "function":"C2DmaBufAllocation::unmap"}}, {"deprecated":false, "digest":{"function_hash":"84751803150063703769184018163581837046", "length":308}, "id":"ASB-A-213850092-ae3bd88b", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/av/+/5cbca291a6d288fa6d471c0dc223537ca12700d3", "target":{"file":"media/codec2/vndk/C2DmaBufAllocator.cpp", "function":"C2DmaBufAllocation::~C2DmaBufAllocation"}}, {"deprecated":false, "digest":{"function_hash":"81310799912256614906691639230053021652", "length":718}, "id":"ASB-A-213850092-b4f4e2cc", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/av/+/5cbca291a6d288fa6d471c0dc223537ca12700d3", "target":{"file":"media/codec2/vndk/C2DmaBufAllocator.cpp", "function":"C2DmaBufAllocation::map"}}, {"deprecated":false, "digest":{"line_hashes":["189398025276921510662259629929679625504", "190124384050380137500313740546362094636", "318442528087732575042734206245950164334", "200969091410336481141966200584404115575", "324916189533104502194359447110009875807", "138764542055880364928204930256352419840", "146103464064372951264048699517613775573", "6270207401994686947099272090192686013", "30164083190354049957389761680047008013", "74221046007737194667233700832096575063", "228252480631705538231742767406619682407", "22492156979977295798095182627872838035", "31133979089634078623668486667043461080", "60589161606239541530292977430291225801", "79833116189996246325763992945216508705", "21133483344499622561215568506296204047", "268245298036413543952179369188266135625", "88782410469043552503251570297246250434", "268910806458056956348636141379258945740", "53357948951561565206560574069236934778", "310040829824071364552459800808268420305", "122504346484478287434413399803169473137", "282596664588746285551602688336961958615", "304059659473115756915233644411737299832", "123801798367134975462997417348237060122", "121665763636476463751885739650815948483", "63908884897072704198123042693509587337", "19985124781375086165144574996702862129", "136847701873993135194624429221300571733", "290727991407667733996424948630674831692", "268767516241136795539513431389130295542", "122684162537915230232268244634080548700", "232241272674342874416045558473089824839", "333103102776945917657126086317281240904", "312083599223791841006018271297194341200"], "threshold":0.9}, "id":"ASB-A-213850092-dd690a7b", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/av/+/5cbca291a6d288fa6d471c0dc223537ca12700d3", "target":{"file":"media/codec2/vndk/C2DmaBufAllocator.cpp"}}]}}, {"package":{"name":"platform/frameworks/av", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"12L:0"}, {"fixed":"12L:2022-07-01"}]}], "versions":["12L"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/av/+/5cbca291a6d288fa6d471c0dc223537ca12700d3"], "severity":"High", "spl":"2022-07-01", "types":["ID"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["192227934232514726557426748198738623410", "317255628712816926328077450866894228452", "311631332125272066488853762979160572930", "200969091410336481141966200584404115575", "51559047303558521212122549833089270220", "74221046007737194667233700832096575063", "228252480631705538231742767406619682407", "22492156979977295798095182627872838035", "231399710022428264346164184280306177067", "211655241687773405580550050359533509495", "194651649701829123340808045550149298755", "88287981816864687367563400153199024117", "21133483344499622561215568506296204047", "44914622061145209070180209937845868801", "194300837437827142635570084323525444759", "21270117293079764063673154557878170952", "235620155372164143951842304285161307163", "310040829824071364552459800808268420305", "320746817924010270769999961346433377402", "181590233791588607348333510668637482539", "37077830568388809013384498335522893334", "287683952838851208945788423954754367332", "314318985694173977636984479840306674552", "123801798367134975462997417348237060122", "314686063585001825113132334808958923677", "195903363165327730377140988313203592017", "316461725082244718898528055752115183257", "66275611729325449737339854251446508253", "274283264904369067223163265774635421682", "154925317047249732204408814864411678525", "93064771771212267697144890968037783838", "54456604817051958429238255474257769216", "4415980063983488735625236013337988711", "121665763636476463751885739650815948483", "39325296754708017965824161051703363402", "239240393691106160585830857877140432688", "239670772907459229346688508752068172892", "332859814753134252708024752127214576688", "90661642236740509347713288329185464032", "134868697679941322428296847329038362219", "59162336919209653723894857708251608234", "295312956171829762994738736568944178687", "268734471588714994898013031994459612349", "103233899701424350933302057997214161275", "242604353954162070547450642583046068316", "59287285465733016241748955774357058775", "141394885991717466741112758253931869448", "27028203555431716372373482172836092522", "332407439834065522916652423857843263185", "18370254986684097256761458897809386866", "324916189533104502194359447110009875807", "119736582797376422820720639432704534758", "10138077624400305967329662390503689073", "168087749518512853078711943852155356037", "34445881603422342436620705275987892025"], "threshold":0.9}, "id":"ASB-A-213850092-00e274be", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/av/+/5cbca291a6d288fa6d471c0dc223537ca12700d3", "target":{"file":"media/codec2/vndk/C2AllocatorIon.cpp"}}, {"deprecated":false, "digest":{"line_hashes":["189398025276921510662259629929679625504", "190124384050380137500313740546362094636", "318442528087732575042734206245950164334", "200969091410336481141966200584404115575", "324916189533104502194359447110009875807", "138764542055880364928204930256352419840", "146103464064372951264048699517613775573", "6270207401994686947099272090192686013", "30164083190354049957389761680047008013", "74221046007737194667233700832096575063", "228252480631705538231742767406619682407", "22492156979977295798095182627872838035", "31133979089634078623668486667043461080", "60589161606239541530292977430291225801", "79833116189996246325763992945216508705", "21133483344499622561215568506296204047", "268245298036413543952179369188266135625", "88782410469043552503251570297246250434", "268910806458056956348636141379258945740", "53357948951561565206560574069236934778", "310040829824071364552459800808268420305", "122504346484478287434413399803169473137", "282596664588746285551602688336961958615", "304059659473115756915233644411737299832", "123801798367134975462997417348237060122", "121665763636476463751885739650815948483", "63908884897072704198123042693509587337", "19985124781375086165144574996702862129", "136847701873993135194624429221300571733", "290727991407667733996424948630674831692", "268767516241136795539513431389130295542", "122684162537915230232268244634080548700", "232241272674342874416045558473089824839", "333103102776945917657126086317281240904", "312083599223791841006018271297194341200"], "threshold":0.9}, "id":"ASB-A-213850092-0609e4bd", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/av/+/5cbca291a6d288fa6d471c0dc223537ca12700d3", "target":{"file":"media/codec2/vndk/C2DmaBufAllocator.cpp"}}, {"deprecated":false, "digest":{"function_hash":"84751803150063703769184018163581837046", "length":308}, "id":"ASB-A-213850092-58f7ed62", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/av/+/5cbca291a6d288fa6d471c0dc223537ca12700d3", "target":{"file":"media/codec2/vndk/C2DmaBufAllocator.cpp", "function":"C2DmaBufAllocation::~C2DmaBufAllocation"}}, {"deprecated":false, "digest":{"function_hash":"167525502730782928918426667957436792503", "length":784}, "id":"ASB-A-213850092-8c6acba6", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/av/+/5cbca291a6d288fa6d471c0dc223537ca12700d3", "target":{"file":"media/codec2/vndk/C2DmaBufAllocator.cpp", "function":"C2DmaBufAllocation::unmap"}}, {"deprecated":false, "digest":{"function_hash":"81310799912256614906691639230053021652", "length":718}, "id":"ASB-A-213850092-d009792b", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/av/+/5cbca291a6d288fa6d471c0dc223537ca12700d3", "target":{"file":"media/codec2/vndk/C2DmaBufAllocator.cpp", "function":"C2DmaBufAllocation::map"}}]}}], "references":[{"type":"ADVISORY", "url":"https://source.android.com/security/bulletin/2022-07-01"}, {"type":"FIX", "url":"https://android.googlesource.com/platform/frameworks/av/+/a12f8a065c081b7aa2d7aaa1df79498c282c53d2"}]}