{"id":"ASB-A-230794395", "published":"2022-10-01T00:00:00Z", "modified":"2026-05-01T15:24:27.653932157Z", "aliases":["CVE-2022-20412", "A-230794395"], "details":"In fdt_next_tag of fdt.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.", "affected":[{"package":{"name":"platform/external/dtc", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"10:0"}, {"fixed":"10:2022-10-01"}]}], "versions":["10"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/external/dtc/+/35c4c2b27acf66c217865451eeecf09bc82dae66"], "severity":"High", "spl":"2022-10-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"312355044490999311680138983836808689671", "length":410}, "id":"ASB-A-230794395-5fcba0ce", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/dtc/+/35c4c2b27acf66c217865451eeecf09bc82dae66", "target":{"file":"libfdt/fdt.c", "function":"fdt_offset_ptr"}}, {"deprecated":false, "digest":{"line_hashes":["266984877797973412143116920294650544922", "49462694035804154044927557974214420795", "158942918778413130283053747784504606418", "243870923220564217571919509773863672366", "130621858275109693522054482746780176119", "206352014911434540644001762793645924506", "334548850389752236119074724450549448316", "188340313234924781031762851821461742140", "241626587593000428123672662300855153316", "126004864080576951781972268306649988873"], "threshold":0.9}, "id":"ASB-A-230794395-7bb40bcd", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/dtc/+/35c4c2b27acf66c217865451eeecf09bc82dae66", "target":{"file":"libfdt/fdt.c"}}]}}, {"package":{"name":"platform/external/dtc", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"11:0"}, {"fixed":"11:2022-10-01"}]}], "versions":["11"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/external/dtc/+/35c4c2b27acf66c217865451eeecf09bc82dae66"], "severity":"High", "spl":"2022-10-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"312355044490999311680138983836808689671", "length":410}, "id":"ASB-A-230794395-cb5a3d9b", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/dtc/+/35c4c2b27acf66c217865451eeecf09bc82dae66", "target":{"file":"libfdt/fdt.c", "function":"fdt_offset_ptr"}}, {"deprecated":false, "digest":{"line_hashes":["266984877797973412143116920294650544922", "49462694035804154044927557974214420795", "158942918778413130283053747784504606418", "243870923220564217571919509773863672366", "130621858275109693522054482746780176119", "206352014911434540644001762793645924506", "334548850389752236119074724450549448316", "188340313234924781031762851821461742140", "241626587593000428123672662300855153316", "126004864080576951781972268306649988873"], "threshold":0.9}, "id":"ASB-A-230794395-ea253a77", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/dtc/+/35c4c2b27acf66c217865451eeecf09bc82dae66", "target":{"file":"libfdt/fdt.c"}}]}}, {"package":{"name":"platform/external/dtc", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"12:0"}, {"fixed":"12:2022-10-01"}]}], "versions":["12"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/external/dtc/+/6f0fef2b2adce7f643c0c05b3df0c24840b29b54"], "severity":"High", "spl":"2022-10-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"102411366170663226074525800423424698319", "length":467}, "id":"ASB-A-230794395-0a825b35", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/dtc/+/6f0fef2b2adce7f643c0c05b3df0c24840b29b54", "target":{"file":"libfdt/fdt.c", "function":"fdt_offset_ptr"}}, {"deprecated":false, "digest":{"line_hashes":["266984877797973412143116920294650544922", "192948583744952671966769211555992898726", "120700501835552485563373450803012591791", "234690462464257875745063909761627790554", "114317319769253858983561566982460505858", "130621858275109693522054482746780176119", "242317702679378832154437837661829467161", "259899953768705374365081909042002072569", "277075291535447467809203283151276493486", "197748537186705866800293744911917983208", "240467384858530781791779611225249070979"], "threshold":0.9}, "id":"ASB-A-230794395-0d0b9b94", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/dtc/+/6f0fef2b2adce7f643c0c05b3df0c24840b29b54", "target":{"file":"libfdt/fdt.c"}}]}}, {"package":{"name":"platform/external/dtc", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"12L:0"}, {"fixed":"12L:2022-10-01"}]}], "versions":["12L"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/external/dtc/+/7d9d85931fc20d0f80b4b82aed1d99d5edd65cde"], "severity":"High", "spl":"2022-10-01", "types":["EoP"]}}, {"package":{"name":"platform/external/dtc", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"13:0"}, {"fixed":"13:2022-10-01"}]}], "versions":["13"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/external/dtc/+/7992e4aeb93afc9d36f7b18fdfa688227d1a9c20"], "severity":"High", "spl":"2022-10-01", "types":["EoP"]}}], "references":[{"type":"ADVISORY", "url":"https://source.android.com/security/bulletin/2022-10-01"}, {"type":"FIX", "url":"https://android.googlesource.com/platform/external/dtc/+/fba4a44c6f978793fe42ae32434aee1e92f0be7c"}]}