{"id":"ASB-A-235601882", "published":"2022-11-01T00:00:00Z", "modified":"2026-05-01T15:24:27.653932157Z", "aliases":["CVE-2022-2209", "A-235601882"], "details":"In getSecurityLevel and setSecurityLevel of DrmPlugin.cpp, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.", "affected":[{"package":{"name":"platform/frameworks/av", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"10:0"}, {"fixed":"10:2022-11-01"}]}], "versions":["10"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/av/+/dab37c25e3337387809fd35c7cd46abf76088b83"], "severity":"High", "spl":"2022-11-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["206600570507894073295474146102703197710", "301966792304269357357044127234123894811", "98409775298683549229374608632735293169", "48833439968210638194588226046263100831", "16902199593063859955294065709048515752", "67660272170768565958046819950078030261", "176282012363886912556779996423863090481", "213672981350529598701488189847833251319"], "threshold":0.9}, "id":"ASB-A-235601882-20a8991b", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/av/+/dab37c25e3337387809fd35c7cd46abf76088b83", "target":{"file":"drm/mediadrm/plugins/clearkey/hidl/include/DrmPlugin.h"}}, {"deprecated":false, "digest":{"function_hash":"172008007703609653220403326307218805886", "length":742}, "id":"ASB-A-235601882-43fe296c", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/av/+/dab37c25e3337387809fd35c7cd46abf76088b83", "target":{"file":"drm/mediadrm/plugins/clearkey/hidl/DrmPlugin.cpp", "function":"DrmPlugin::getSecurityLevel"}}, {"deprecated":false, "digest":{"function_hash":"233893227726131803643634104514031723930", "length":847}, "id":"ASB-A-235601882-63ba17bf", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/av/+/dab37c25e3337387809fd35c7cd46abf76088b83", "target":{"file":"drm/mediadrm/plugins/clearkey/hidl/DrmPlugin.cpp", "function":"DrmPlugin::setSecurityLevel"}}, {"deprecated":false, "digest":{"line_hashes":["314820229105040400079662583446177036582", "297080935891690787293348788050211519934", "137688396380030244563965040015487994622", "183541518758328601432741666417049390870", "309426352547273010318657878085619773160", "297535137879567466290138098861291579926"], "threshold":0.9}, "id":"ASB-A-235601882-72beb77e", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/av/+/dab37c25e3337387809fd35c7cd46abf76088b83", "target":{"file":"drm/mediadrm/plugins/clearkey/hidl/DrmPlugin.cpp"}}]}}, {"package":{"name":"platform/frameworks/av", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"11:0"}, {"fixed":"11:2022-11-01"}]}], "versions":["11"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/av/+/d37b69272aa68a92357baa95d0eb87012666a90b"], "severity":"High", "spl":"2022-11-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"172008007703609653220403326307218805886", "length":742}, "id":"ASB-A-235601882-2b284b60", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/av/+/d37b69272aa68a92357baa95d0eb87012666a90b", "target":{"file":"drm/mediadrm/plugins/clearkey/hidl/DrmPlugin.cpp", "function":"DrmPlugin::getSecurityLevel"}}, {"deprecated":false, "digest":{"line_hashes":["206600570507894073295474146102703197710", "301966792304269357357044127234123894811", "98409775298683549229374608632735293169", "48833439968210638194588226046263100831", "336505106272266033407192897248095407303", "61630820434863502233362681377103359044", "177419212568401062821358697581796607386", "56371828768409685143275251701015511120"], "threshold":0.9}, "id":"ASB-A-235601882-8831cc97", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/av/+/d37b69272aa68a92357baa95d0eb87012666a90b", "target":{"file":"drm/mediadrm/plugins/clearkey/hidl/include/DrmPlugin.h"}}, {"deprecated":false, "digest":{"line_hashes":["314820229105040400079662583446177036582", "297080935891690787293348788050211519934", "137688396380030244563965040015487994622", "183541518758328601432741666417049390870", "309426352547273010318657878085619773160", "297535137879567466290138098861291579926"], "threshold":0.9}, "id":"ASB-A-235601882-e637783c", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/av/+/d37b69272aa68a92357baa95d0eb87012666a90b", "target":{"file":"drm/mediadrm/plugins/clearkey/hidl/DrmPlugin.cpp"}}, {"deprecated":false, "digest":{"function_hash":"233893227726131803643634104514031723930", "length":847}, "id":"ASB-A-235601882-f771dff5", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/av/+/d37b69272aa68a92357baa95d0eb87012666a90b", "target":{"file":"drm/mediadrm/plugins/clearkey/hidl/DrmPlugin.cpp", "function":"DrmPlugin::setSecurityLevel"}}]}}, {"package":{"name":"platform/frameworks/av", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"12:0"}, {"fixed":"12:2022-11-01"}]}], "versions":["12"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/av/+/9bfc2fbcc4be68bc8939a10dd7942845dc724f75"], "severity":"High", "spl":"2022-11-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"172008007703609653220403326307218805886", "length":742}, "id":"ASB-A-235601882-50e3391a", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/av/+/9bfc2fbcc4be68bc8939a10dd7942845dc724f75", "target":{"file":"drm/mediadrm/plugins/clearkey/hidl/DrmPlugin.cpp", "function":"DrmPlugin::getSecurityLevel"}}, {"deprecated":false, "digest":{"function_hash":"233893227726131803643634104514031723930", "length":847}, "id":"ASB-A-235601882-8f1e1397", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/av/+/9bfc2fbcc4be68bc8939a10dd7942845dc724f75", "target":{"file":"drm/mediadrm/plugins/clearkey/hidl/DrmPlugin.cpp", "function":"DrmPlugin::setSecurityLevel"}}, {"deprecated":false, "digest":{"line_hashes":["314820229105040400079662583446177036582", "297080935891690787293348788050211519934", "137688396380030244563965040015487994622", "183541518758328601432741666417049390870", "309426352547273010318657878085619773160", "297535137879567466290138098861291579926"], "threshold":0.9}, "id":"ASB-A-235601882-c977a9d1", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/av/+/9bfc2fbcc4be68bc8939a10dd7942845dc724f75", "target":{"file":"drm/mediadrm/plugins/clearkey/hidl/DrmPlugin.cpp"}}, {"deprecated":false, "digest":{"line_hashes":["339121784093313502615647951625042949295", "280233560995947677736001774997186362359", "208406105197990708023176398213145631936", "48833439968210638194588226046263100831", "336505106272266033407192897248095407303", "61630820434863502233362681377103359044", "177419212568401062821358697581796607386", "56371828768409685143275251701015511120"], "threshold":0.9}, "id":"ASB-A-235601882-e50df494", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/av/+/9bfc2fbcc4be68bc8939a10dd7942845dc724f75", "target":{"file":"drm/mediadrm/plugins/clearkey/hidl/include/DrmPlugin.h"}}]}}, {"package":{"name":"platform/frameworks/av", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"12L:0"}, {"fixed":"12L:2022-11-01"}]}], "versions":["12L"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/av/+/9bfc2fbcc4be68bc8939a10dd7942845dc724f75"], "severity":"High", "spl":"2022-11-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"233893227726131803643634104514031723930", "length":847}, "id":"ASB-A-235601882-1cb2cdd5", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/av/+/9bfc2fbcc4be68bc8939a10dd7942845dc724f75", "target":{"file":"drm/mediadrm/plugins/clearkey/hidl/DrmPlugin.cpp", "function":"DrmPlugin::setSecurityLevel"}}, {"deprecated":false, "digest":{"function_hash":"172008007703609653220403326307218805886", "length":742}, "id":"ASB-A-235601882-805b7597", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/av/+/9bfc2fbcc4be68bc8939a10dd7942845dc724f75", "target":{"file":"drm/mediadrm/plugins/clearkey/hidl/DrmPlugin.cpp", "function":"DrmPlugin::getSecurityLevel"}}, {"deprecated":false, "digest":{"line_hashes":["339121784093313502615647951625042949295", "280233560995947677736001774997186362359", "208406105197990708023176398213145631936", "48833439968210638194588226046263100831", "336505106272266033407192897248095407303", "61630820434863502233362681377103359044", "177419212568401062821358697581796607386", "56371828768409685143275251701015511120"], "threshold":0.9}, "id":"ASB-A-235601882-d7cb7764", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/av/+/9bfc2fbcc4be68bc8939a10dd7942845dc724f75", "target":{"file":"drm/mediadrm/plugins/clearkey/hidl/include/DrmPlugin.h"}}, {"deprecated":false, "digest":{"line_hashes":["314820229105040400079662583446177036582", "297080935891690787293348788050211519934", "137688396380030244563965040015487994622", "183541518758328601432741666417049390870", "309426352547273010318657878085619773160", "297535137879567466290138098861291579926"], "threshold":0.9}, "id":"ASB-A-235601882-e76be90a", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/av/+/9bfc2fbcc4be68bc8939a10dd7942845dc724f75", "target":{"file":"drm/mediadrm/plugins/clearkey/hidl/DrmPlugin.cpp"}}]}}, {"package":{"name":"platform/frameworks/av", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"13:0"}, {"fixed":"13:2022-11-01"}]}], "versions":["13"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/av/+/9bfc2fbcc4be68bc8939a10dd7942845dc724f75"], "severity":"High", "spl":"2022-11-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["314820229105040400079662583446177036582", "297080935891690787293348788050211519934", "137688396380030244563965040015487994622", "183541518758328601432741666417049390870", "309426352547273010318657878085619773160", "297535137879567466290138098861291579926"], "threshold":0.9}, "id":"ASB-A-235601882-6494ce29", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/av/+/9bfc2fbcc4be68bc8939a10dd7942845dc724f75", "target":{"file":"drm/mediadrm/plugins/clearkey/hidl/DrmPlugin.cpp"}}, {"deprecated":false, "digest":{"line_hashes":["339121784093313502615647951625042949295", "280233560995947677736001774997186362359", "208406105197990708023176398213145631936", "48833439968210638194588226046263100831", "336505106272266033407192897248095407303", "61630820434863502233362681377103359044", "177419212568401062821358697581796607386", "56371828768409685143275251701015511120"], "threshold":0.9}, "id":"ASB-A-235601882-85673659", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/av/+/9bfc2fbcc4be68bc8939a10dd7942845dc724f75", "target":{"file":"drm/mediadrm/plugins/clearkey/hidl/include/DrmPlugin.h"}}, {"deprecated":false, "digest":{"function_hash":"172008007703609653220403326307218805886", "length":742}, "id":"ASB-A-235601882-a5552b57", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/av/+/9bfc2fbcc4be68bc8939a10dd7942845dc724f75", "target":{"file":"drm/mediadrm/plugins/clearkey/hidl/DrmPlugin.cpp", "function":"DrmPlugin::getSecurityLevel"}}, {"deprecated":false, "digest":{"function_hash":"233893227726131803643634104514031723930", "length":847}, "id":"ASB-A-235601882-cf610d6b", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/av/+/9bfc2fbcc4be68bc8939a10dd7942845dc724f75", "target":{"file":"drm/mediadrm/plugins/clearkey/hidl/DrmPlugin.cpp", "function":"DrmPlugin::setSecurityLevel"}}]}}], "references":[{"type":"ADVISORY", "url":"https://source.android.com/security/bulletin/2022-11-01"}, {"type":"FIX", "url":"https://android.googlesource.com/platform/frameworks/av/+/0a9d181281753f911524291ffa6d1b677e36b589"}]}