{"id":"ASB-A-221852424", "published":"2022-06-01T00:00:00Z", "modified":"2026-04-30T15:48:46.890647439Z", "aliases":["CVE-2022-20123", "A-221852424"], "details":"In phNciNfc_RecvMfResp of phNxpExtns_MifareStd.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.", "affected":[{"package":{"name":"platform/packages/apps/Nfc", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"12L-next:0"}, {"fixed":"12L-next:2022-06-01"}]}], "versions":["12L-next"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/packages/apps/Nfc/+/f0d86f7fe23499cd4c6631348618463fbc496436"], "severity":"High", "spl":"2022-06-01", "types":["ID"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["159555514137919445434032378816236390660", "174337239655423082949578752981497984096", "190669972826829086405088936959482205251", "307801019510177132270168501610818944110", "45413916434977617795625152899021052948", "46086813645053834170023077085154877522", "1590089099470827660378532576980093240", "85032058919928455148965488244500075658", "239888728968958753812700430276007255620", "287923624644596738915943999155196622680", "57943969788907317137593645399278642357", "290677723592315933430757741397500946644", "57246271555596982046074495356939034374", "338093987376195018555343742786138605749", "317459948680520933143657412874174758581", "140475788734332228052672216448922540781", "307594541794616511254982764921686476901", "101199897576020158624850021586041117714", "111910739030057069785563436650019812008", "122324430794582591371791886729791407918"], "threshold":0.9}, "id":"ASB-A-221852424-acbcc21b", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/apps/Nfc/+/f0d86f7fe23499cd4c6631348618463fbc496436", "target":{"file":"nci/jni/extns/pn54x/src/mifare/phNxpExtns_MifareStd.cpp"}}, {"deprecated":false, "digest":{"function_hash":"232458924269275137896506429622176142069", "length":2516}, "id":"ASB-A-221852424-e3737e53", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/apps/Nfc/+/f0d86f7fe23499cd4c6631348618463fbc496436", "target":{"file":"nci/jni/extns/pn54x/src/mifare/phNxpExtns_MifareStd.cpp", "function":"phNciNfc_RecvMfResp"}}]}}, {"package":{"name":"platform/packages/apps/Nfc", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"10:0"}, {"fixed":"10:2022-06-01"}]}], "versions":["10"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/packages/apps/Nfc/+/f0d86f7fe23499cd4c6631348618463fbc496436"], "severity":"High", "spl":"2022-06-01", "types":["ID"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"232458924269275137896506429622176142069", "length":2516}, "id":"ASB-A-221852424-3de6d412", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/apps/Nfc/+/f0d86f7fe23499cd4c6631348618463fbc496436", "target":{"file":"nci/jni/extns/pn54x/src/mifare/phNxpExtns_MifareStd.cpp", "function":"phNciNfc_RecvMfResp"}}, {"deprecated":false, "digest":{"line_hashes":["159555514137919445434032378816236390660", "174337239655423082949578752981497984096", "190669972826829086405088936959482205251", "307801019510177132270168501610818944110", "45413916434977617795625152899021052948", "46086813645053834170023077085154877522", "1590089099470827660378532576980093240", "85032058919928455148965488244500075658", "239888728968958753812700430276007255620", "287923624644596738915943999155196622680", "57943969788907317137593645399278642357", "290677723592315933430757741397500946644", "57246271555596982046074495356939034374", "338093987376195018555343742786138605749", "317459948680520933143657412874174758581", "140475788734332228052672216448922540781", "307594541794616511254982764921686476901", "101199897576020158624850021586041117714", "111910739030057069785563436650019812008", "122324430794582591371791886729791407918"], "threshold":0.9}, "id":"ASB-A-221852424-f899791c", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/apps/Nfc/+/f0d86f7fe23499cd4c6631348618463fbc496436", "target":{"file":"nci/jni/extns/pn54x/src/mifare/phNxpExtns_MifareStd.cpp"}}]}}, {"package":{"name":"platform/packages/apps/Nfc", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"11:0"}, {"fixed":"11:2022-06-01"}]}], "versions":["11"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/packages/apps/Nfc/+/f0d86f7fe23499cd4c6631348618463fbc496436"], "severity":"High", "spl":"2022-06-01", "types":["ID"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["159555514137919445434032378816236390660", "174337239655423082949578752981497984096", "190669972826829086405088936959482205251", "307801019510177132270168501610818944110", "45413916434977617795625152899021052948", "46086813645053834170023077085154877522", "1590089099470827660378532576980093240", "85032058919928455148965488244500075658", "239888728968958753812700430276007255620", "287923624644596738915943999155196622680", "57943969788907317137593645399278642357", "290677723592315933430757741397500946644", "57246271555596982046074495356939034374", "338093987376195018555343742786138605749", "317459948680520933143657412874174758581", "140475788734332228052672216448922540781", "307594541794616511254982764921686476901", "101199897576020158624850021586041117714", "111910739030057069785563436650019812008", "122324430794582591371791886729791407918"], "threshold":0.9}, "id":"ASB-A-221852424-0b69342b", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/apps/Nfc/+/f0d86f7fe23499cd4c6631348618463fbc496436", "target":{"file":"nci/jni/extns/pn54x/src/mifare/phNxpExtns_MifareStd.cpp"}}, {"deprecated":false, "digest":{"function_hash":"232458924269275137896506429622176142069", "length":2516}, "id":"ASB-A-221852424-ef2025ce", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/apps/Nfc/+/f0d86f7fe23499cd4c6631348618463fbc496436", "target":{"file":"nci/jni/extns/pn54x/src/mifare/phNxpExtns_MifareStd.cpp", "function":"phNciNfc_RecvMfResp"}}]}}, {"package":{"name":"platform/packages/apps/Nfc", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"12:0"}, {"fixed":"12:2022-06-01"}]}], "versions":["12"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/packages/apps/Nfc/+/f0d86f7fe23499cd4c6631348618463fbc496436"], "severity":"High", "spl":"2022-06-01", "types":["ID"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["159555514137919445434032378816236390660", "174337239655423082949578752981497984096", "190669972826829086405088936959482205251", "307801019510177132270168501610818944110", "45413916434977617795625152899021052948", "46086813645053834170023077085154877522", "1590089099470827660378532576980093240", "85032058919928455148965488244500075658", "239888728968958753812700430276007255620", "287923624644596738915943999155196622680", "57943969788907317137593645399278642357", "290677723592315933430757741397500946644", "57246271555596982046074495356939034374", "338093987376195018555343742786138605749", "317459948680520933143657412874174758581", "140475788734332228052672216448922540781", "307594541794616511254982764921686476901", "101199897576020158624850021586041117714", "111910739030057069785563436650019812008", "122324430794582591371791886729791407918"], "threshold":0.9}, "id":"ASB-A-221852424-1c720bd4", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/apps/Nfc/+/f0d86f7fe23499cd4c6631348618463fbc496436", "target":{"file":"nci/jni/extns/pn54x/src/mifare/phNxpExtns_MifareStd.cpp"}}, {"deprecated":false, "digest":{"function_hash":"232458924269275137896506429622176142069", "length":2516}, "id":"ASB-A-221852424-4ae3f58a", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/apps/Nfc/+/f0d86f7fe23499cd4c6631348618463fbc496436", "target":{"file":"nci/jni/extns/pn54x/src/mifare/phNxpExtns_MifareStd.cpp", "function":"phNciNfc_RecvMfResp"}}]}}, {"package":{"name":"platform/packages/apps/Nfc", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"12L:0"}, {"fixed":"12L:2022-06-01"}]}], "versions":["12L"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/packages/apps/Nfc/+/f0d86f7fe23499cd4c6631348618463fbc496436"], "severity":"High", "spl":"2022-06-01", "types":["ID"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"232458924269275137896506429622176142069", "length":2516}, "id":"ASB-A-221852424-8a5a321c", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/apps/Nfc/+/f0d86f7fe23499cd4c6631348618463fbc496436", "target":{"file":"nci/jni/extns/pn54x/src/mifare/phNxpExtns_MifareStd.cpp", "function":"phNciNfc_RecvMfResp"}}, {"deprecated":false, "digest":{"line_hashes":["159555514137919445434032378816236390660", "174337239655423082949578752981497984096", "190669972826829086405088936959482205251", "307801019510177132270168501610818944110", "45413916434977617795625152899021052948", "46086813645053834170023077085154877522", "1590089099470827660378532576980093240", "85032058919928455148965488244500075658", "239888728968958753812700430276007255620", "287923624644596738915943999155196622680", "57943969788907317137593645399278642357", "290677723592315933430757741397500946644", "57246271555596982046074495356939034374", "338093987376195018555343742786138605749", "317459948680520933143657412874174758581", "140475788734332228052672216448922540781", "307594541794616511254982764921686476901", "101199897576020158624850021586041117714", "111910739030057069785563436650019812008", "122324430794582591371791886729791407918"], "threshold":0.9}, "id":"ASB-A-221852424-ed443ac0", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/apps/Nfc/+/f0d86f7fe23499cd4c6631348618463fbc496436", "target":{"file":"nci/jni/extns/pn54x/src/mifare/phNxpExtns_MifareStd.cpp"}}]}}], "references":[{"type":"ADVISORY", "url":"https://source.android.com/security/bulletin/2022-06-01"}, {"type":"FIX", "url":"https://android.googlesource.com/platform/packages/apps/Nfc/+/f0d86f7fe23499cd4c6631348618463fbc496436"}]}