{"id":"ASB-A-237717857", "published":"2022-10-01T00:00:00Z", "modified":"2026-05-01T15:24:27.653932157Z", "aliases":["CVE-2022-20416", "A-237717857"], "details":"In audioTransportsToHal of HidlUtils.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.", "affected":[{"package":{"name":"platform/hardware/interfaces", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"12:0"}, {"fixed":"12:2022-10-01"}]}], "versions":["12"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/hardware/interfaces/+/f16c6d3a5741768356159f099d04bfe2219c81fe"], "severity":"High", "spl":"2022-10-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"30693180149815436432511666337241282332", "length":1770}, "id":"ASB-A-237717857-3347ba34", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/hardware/interfaces/+/f16c6d3a5741768356159f099d04bfe2219c81fe", "target":{"file":"audio/common/all-versions/default/7.0/HidlUtils.cpp", "function":"HidlUtils::audioTransportsToHal"}}, {"deprecated":false, "digest":{"line_hashes":["269344792656577092001110833540011432940", "24566917316876822633373775224199387841", "326563767327415897676849247084034620501", "296721903556534197228020912422928613838", "98664012303234856457986909474349887885", "242909748081190874474530485925527046198", "337480627864806466889618801044925771695", "32976967712788725498324097883947031232"], "threshold":0.9}, "id":"ASB-A-237717857-6345877f", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/hardware/interfaces/+/f16c6d3a5741768356159f099d04bfe2219c81fe", "target":{"file":"audio/common/all-versions/default/7.0/HidlUtils.cpp"}}, {"deprecated":false, "digest":{"line_hashes":["172186339874870091662576372895279208413", "227349891284322899533340354059474595611", "186519563238785187792249710978779741919", "110617716582878860557393456367871608803", "43366630099968855310673323885673129606", "131451768960244202058325825301537495331", "78935328830424581718176604854654660458", "306341795472413105250127479060524261756", "16834518065203268661284590998142718197", "299064499527370160859152552006985321520", "180805790256931266346711168313089126423", "170095354208668041088633580278233745834", "33521963547965584930512648087844251698", "114610901870909908359583640191322919081", "212452195949018653488913703488818546503", "153444376759287560523706886364648112712", "29528458756198696541044575576555735593", "48063698236143321999460836226503716002", "172446838531745295337624745295579102534", "183608570636346057331731099513885835857"], "threshold":0.9}, "id":"ASB-A-237717857-a6f3adea", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/hardware/interfaces/+/f16c6d3a5741768356159f099d04bfe2219c81fe", "target":{"file":"audio/common/all-versions/default/tests/hidlutils_tests.cpp"}}, {"deprecated":false, "digest":{"function_hash":"127934060083940188991457240859462848395", "length":1096}, "id":"ASB-A-237717857-e11f7680", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/hardware/interfaces/+/f16c6d3a5741768356159f099d04bfe2219c81fe", "target":{"file":"audio/common/all-versions/default/tests/hidlutils_tests.cpp", "function":"TEST"}}, {"deprecated":false, "digest":{"function_hash":"168160430229648601525038002173658487200", "length":978}, "id":"ASB-A-237717857-e5a04e11", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/hardware/interfaces/+/f16c6d3a5741768356159f099d04bfe2219c81fe", "target":{"file":"audio/common/all-versions/default/tests/hidlutils_tests.cpp", "function":"TEST"}}]}}, {"package":{"name":"platform/hardware/interfaces", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"12L:0"}, {"fixed":"12L:2022-10-01"}]}], "versions":["12L"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/hardware/interfaces/+/f16c6d3a5741768356159f099d04bfe2219c81fe"], "severity":"High", "spl":"2022-10-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"127934060083940188991457240859462848395", "length":1096}, "id":"ASB-A-237717857-082faaa8", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/hardware/interfaces/+/f16c6d3a5741768356159f099d04bfe2219c81fe", "target":{"file":"audio/common/all-versions/default/tests/hidlutils_tests.cpp", "function":"TEST"}}, {"deprecated":false, "digest":{"line_hashes":["269344792656577092001110833540011432940", "24566917316876822633373775224199387841", "326563767327415897676849247084034620501", "296721903556534197228020912422928613838", "98664012303234856457986909474349887885", "242909748081190874474530485925527046198", "337480627864806466889618801044925771695", "32976967712788725498324097883947031232"], "threshold":0.9}, "id":"ASB-A-237717857-4ea9c451", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/hardware/interfaces/+/f16c6d3a5741768356159f099d04bfe2219c81fe", "target":{"file":"audio/common/all-versions/default/7.0/HidlUtils.cpp"}}, {"deprecated":false, "digest":{"line_hashes":["172186339874870091662576372895279208413", "227349891284322899533340354059474595611", "186519563238785187792249710978779741919", "110617716582878860557393456367871608803", "43366630099968855310673323885673129606", "131451768960244202058325825301537495331", "78935328830424581718176604854654660458", "306341795472413105250127479060524261756", "16834518065203268661284590998142718197", "299064499527370160859152552006985321520", "180805790256931266346711168313089126423", "170095354208668041088633580278233745834", "33521963547965584930512648087844251698", "114610901870909908359583640191322919081", "212452195949018653488913703488818546503", "153444376759287560523706886364648112712", "29528458756198696541044575576555735593", "48063698236143321999460836226503716002", "172446838531745295337624745295579102534", "183608570636346057331731099513885835857"], "threshold":0.9}, "id":"ASB-A-237717857-5e18add7", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/hardware/interfaces/+/f16c6d3a5741768356159f099d04bfe2219c81fe", "target":{"file":"audio/common/all-versions/default/tests/hidlutils_tests.cpp"}}, {"deprecated":false, "digest":{"function_hash":"30693180149815436432511666337241282332", "length":1770}, "id":"ASB-A-237717857-90647a9e", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/hardware/interfaces/+/f16c6d3a5741768356159f099d04bfe2219c81fe", "target":{"file":"audio/common/all-versions/default/7.0/HidlUtils.cpp", "function":"HidlUtils::audioTransportsToHal"}}, {"deprecated":false, "digest":{"function_hash":"168160430229648601525038002173658487200", "length":978}, "id":"ASB-A-237717857-fc41aa42", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/hardware/interfaces/+/f16c6d3a5741768356159f099d04bfe2219c81fe", "target":{"file":"audio/common/all-versions/default/tests/hidlutils_tests.cpp", "function":"TEST"}}]}}, {"package":{"name":"platform/hardware/interfaces", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"13:0"}, {"fixed":"13:2022-10-01"}]}], "versions":["13"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/hardware/interfaces/+/f16c6d3a5741768356159f099d04bfe2219c81fe"], "severity":"High", "spl":"2022-10-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"168160430229648601525038002173658487200", "length":978}, "id":"ASB-A-237717857-2498d497", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/hardware/interfaces/+/f16c6d3a5741768356159f099d04bfe2219c81fe", "target":{"file":"audio/common/all-versions/default/tests/hidlutils_tests.cpp", "function":"TEST"}}, {"deprecated":false, "digest":{"function_hash":"127934060083940188991457240859462848395", "length":1096}, "id":"ASB-A-237717857-4cbcee65", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/hardware/interfaces/+/f16c6d3a5741768356159f099d04bfe2219c81fe", "target":{"file":"audio/common/all-versions/default/tests/hidlutils_tests.cpp", "function":"TEST"}}, {"deprecated":false, "digest":{"function_hash":"30693180149815436432511666337241282332", "length":1770}, "id":"ASB-A-237717857-62c23548", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/hardware/interfaces/+/f16c6d3a5741768356159f099d04bfe2219c81fe", "target":{"file":"audio/common/all-versions/default/7.0/HidlUtils.cpp", "function":"HidlUtils::audioTransportsToHal"}}, {"deprecated":false, "digest":{"line_hashes":["172186339874870091662576372895279208413", "227349891284322899533340354059474595611", "186519563238785187792249710978779741919", "110617716582878860557393456367871608803", "43366630099968855310673323885673129606", "131451768960244202058325825301537495331", "78935328830424581718176604854654660458", "306341795472413105250127479060524261756", "16834518065203268661284590998142718197", "299064499527370160859152552006985321520", "180805790256931266346711168313089126423", "170095354208668041088633580278233745834", "33521963547965584930512648087844251698", "114610901870909908359583640191322919081", "212452195949018653488913703488818546503", "153444376759287560523706886364648112712", "29528458756198696541044575576555735593", "48063698236143321999460836226503716002", "172446838531745295337624745295579102534", "183608570636346057331731099513885835857"], "threshold":0.9}, "id":"ASB-A-237717857-7c5aa959", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/hardware/interfaces/+/f16c6d3a5741768356159f099d04bfe2219c81fe", "target":{"file":"audio/common/all-versions/default/tests/hidlutils_tests.cpp"}}, {"deprecated":false, "digest":{"line_hashes":["269344792656577092001110833540011432940", "24566917316876822633373775224199387841", "326563767327415897676849247084034620501", "296721903556534197228020912422928613838", "98664012303234856457986909474349887885", "242909748081190874474530485925527046198", "337480627864806466889618801044925771695", "32976967712788725498324097883947031232"], "threshold":0.9}, "id":"ASB-A-237717857-acd99333", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/hardware/interfaces/+/f16c6d3a5741768356159f099d04bfe2219c81fe", "target":{"file":"audio/common/all-versions/default/7.0/HidlUtils.cpp"}}]}}], "references":[{"type":"ADVISORY", "url":"https://source.android.com/security/bulletin/2022-10-01"}, {"type":"FIX", "url":"https://android.googlesource.com/platform/hardware/interfaces/+/bbf8f4e9987295b655704332c8c0a4f7475c00af"}]}