{"id":"ASB-A-240140929", "published":"2023-03-01T00:00:00Z", "modified":"2026-05-01T15:24:27.653932157Z", "aliases":["CVE-2023-20956", "A-240140929"], "details":"In Import of C2SurfaceSyncObj.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.", "affected":[{"package":{"name":"platform/frameworks/av", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"13-next:0"}, {"fixed":"13-next:2023-03-01"}]}], "versions":["13-next"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/av/+/9b4f38105ad66615e811483f4927942b231c84b7"], "severity":"High", "spl":"2023-03-01", "types":["ID"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"264911485199584872904152870241901263757", "length":531}, "id":"ASB-A-240140929-3eb0086d", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/av/+/9b4f38105ad66615e811483f4927942b231c84b7", "target":{"file":"media/codec2/vndk/platform/C2SurfaceSyncObj.cpp", "function":"C2SurfaceSyncMemory::Import"}}, {"deprecated":false, "digest":{"line_hashes":["31765467849570847017508962957376924589", "147670170250532669734861363521258715869", "81303207179804990717236435807687710773", "280413656575870453371965795855325740204"], "threshold":0.9}, "id":"ASB-A-240140929-5a1e5f4a", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/av/+/9b4f38105ad66615e811483f4927942b231c84b7", "target":{"file":"media/codec2/vndk/platform/C2SurfaceSyncObj.cpp"}}]}}, {"package":{"name":"platform/frameworks/av", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"12:0"}, {"fixed":"12:2023-03-01"}]}], "versions":["12"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/av/+/e3958886dbdd65ac8020a4554c9e567f95a6d813"], "severity":"High", "spl":"2023-03-01", "types":["ID"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["31765467849570847017508962957376924589", "147670170250532669734861363521258715869", "81303207179804990717236435807687710773", "280413656575870453371965795855325740204"], "threshold":0.9}, "id":"ASB-A-240140929-9178909c", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/av/+/e3958886dbdd65ac8020a4554c9e567f95a6d813", "target":{"file":"media/codec2/vndk/platform/C2SurfaceSyncObj.cpp"}}, {"deprecated":false, "digest":{"function_hash":"264911485199584872904152870241901263757", "length":531}, "id":"ASB-A-240140929-95820b80", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/av/+/e3958886dbdd65ac8020a4554c9e567f95a6d813", "target":{"file":"media/codec2/vndk/platform/C2SurfaceSyncObj.cpp", "function":"C2SurfaceSyncMemory::Import"}}]}}, {"package":{"name":"platform/frameworks/av", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"12L:0"}, {"fixed":"12L:2023-03-01"}]}], "versions":["12L"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/av/+/9c80c519481cc5e655c43b03c117a5aeced11bd1"], "severity":"High", "spl":"2023-03-01", "types":["ID"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"264911485199584872904152870241901263757", "length":531}, "id":"ASB-A-240140929-4d4bdccf", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/av/+/9c80c519481cc5e655c43b03c117a5aeced11bd1", "target":{"file":"media/codec2/vndk/platform/C2SurfaceSyncObj.cpp", "function":"C2SurfaceSyncMemory::Import"}}, {"deprecated":false, "digest":{"line_hashes":["31765467849570847017508962957376924589", "147670170250532669734861363521258715869", "81303207179804990717236435807687710773", "280413656575870453371965795855325740204"], "threshold":0.9}, "id":"ASB-A-240140929-d2206ab2", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/av/+/9c80c519481cc5e655c43b03c117a5aeced11bd1", "target":{"file":"media/codec2/vndk/platform/C2SurfaceSyncObj.cpp"}}]}}, {"package":{"name":"platform/frameworks/av", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"13:0"}, {"fixed":"13:2023-03-01"}]}], "versions":["13"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/av/+/7470a6a17a61f2ea732325a910fd49a67dd2f9c8"], "severity":"High", "spl":"2023-03-01", "types":["ID"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"264911485199584872904152870241901263757", "length":531}, "id":"ASB-A-240140929-77752672", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/av/+/7470a6a17a61f2ea732325a910fd49a67dd2f9c8", "target":{"file":"media/codec2/vndk/platform/C2SurfaceSyncObj.cpp", "function":"C2SurfaceSyncMemory::Import"}}, {"deprecated":false, "digest":{"line_hashes":["31765467849570847017508962957376924589", "147670170250532669734861363521258715869", "81303207179804990717236435807687710773", "280413656575870453371965795855325740204"], "threshold":0.9}, "id":"ASB-A-240140929-be0908ea", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/av/+/7470a6a17a61f2ea732325a910fd49a67dd2f9c8", "target":{"file":"media/codec2/vndk/platform/C2SurfaceSyncObj.cpp"}}]}}], "references":[{"type":"ADVISORY", "url":"https://source.android.com/security/bulletin/2023-03-01"}, {"type":"FIX", "url":"https://android.googlesource.com/platform/frameworks/av/+/ce7a476857997b615745b13adaa5465cf4bc6cfe"}]}