{"id":"ASB-A-242096164", "published":"2022-11-01T00:00:00Z", "modified":"2026-05-01T15:24:27.653932157Z", "aliases":["CVE-2022-20454", "A-242096164"], "details":"In fdt_next_tag of fdt.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.", "affected":[{"package":{"name":"platform/external/dtc", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"10:0"}, {"fixed":"10:2022-11-01"}]}], "versions":["10"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/external/dtc/+/61e10c9c53b170ff8a5612ba4ec79e51d58e5eb3"], "severity":"High", "spl":"2022-11-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"48155499511233603468743082440558327132", "length":868}, "id":"ASB-A-242096164-72981459", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/dtc/+/61e10c9c53b170ff8a5612ba4ec79e51d58e5eb3", "target":{"file":"libfdt/fdt.c", "function":"fdt_next_tag"}}, {"deprecated":false, "digest":{"line_hashes":["309739067641002084097361440152695524008", "291156366120625323191698924957040365850", "94871565527139618704143000422685786411", "263913712226550338005318720709474483675", "215879935486278698129105530739150608650", "53422207073116415397177492878834415029", "253305878879964867255926377589465692270", "204786516121377371741346635871681687151", "186720150446016306502542934040182032270"], "threshold":0.9}, "id":"ASB-A-242096164-d60429c7", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/dtc/+/61e10c9c53b170ff8a5612ba4ec79e51d58e5eb3", "target":{"file":"libfdt/fdt.c"}}]}}, {"package":{"name":"platform/external/dtc", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"11:0"}, {"fixed":"11:2022-11-01"}]}], "versions":["11"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/external/dtc/+/d3f1c0562390ea9153d86ded1158436741669b59"], "severity":"High", "spl":"2022-11-01", "types":["EoP"]}}, {"package":{"name":"platform/external/dtc", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"12:0"}, {"fixed":"12:2022-11-01"}]}], "versions":["12"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/external/dtc/+/2b597691efba9251c47d14a6d9dfc5568abd98e7"], "severity":"High", "spl":"2022-11-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["241084989191143711222821133113772133513", "225693625221088512506126213521745643014", "298308984007314378771845219538921406682", "2226405392376155895598714930614935904", "313343107482493312486101327311761746297", "314877662952931323275007588452111010203", "4145266700988403605904709748972308037", "102415554197559027539351105493185035050", "53422207073116415397177492878834415029", "253305878879964867255926377589465692270", "204786516121377371741346635871681687151", "186720150446016306502542934040182032270"], "threshold":0.9}, "id":"ASB-A-242096164-48049d98", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/dtc/+/2b597691efba9251c47d14a6d9dfc5568abd98e7", "target":{"file":"libfdt/fdt.c"}}, {"deprecated":false, "digest":{"function_hash":"7842000788661298478680035696604098379", "length":1093}, "id":"ASB-A-242096164-5e12775b", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/dtc/+/2b597691efba9251c47d14a6d9dfc5568abd98e7", "target":{"file":"libfdt/fdt.c", "function":"fdt_next_tag"}}]}}, {"package":{"name":"platform/external/dtc", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"12L:0"}, {"fixed":"12L:2022-11-01"}]}], "versions":["12L"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/external/dtc/+/75c07bb2f68e0eddc1b37612a7de8b388e1a4181"], "severity":"High", "spl":"2022-11-01", "types":["EoP"]}}, {"package":{"name":"platform/external/dtc", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"13:0"}, {"fixed":"13:2022-11-01"}]}], "versions":["13"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/external/dtc/+/8ef746c547044b107da65c054daedf33075027b6"], "severity":"High", "spl":"2022-11-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["241084989191143711222821133113772133513", "225693625221088512506126213521745643014", "298308984007314378771845219538921406682", "2226405392376155895598714930614935904", "313343107482493312486101327311761746297", "314877662952931323275007588452111010203", "4145266700988403605904709748972308037", "102415554197559027539351105493185035050", "53422207073116415397177492878834415029", "253305878879964867255926377589465692270", "204786516121377371741346635871681687151", "186720150446016306502542934040182032270"], "threshold":0.9}, "id":"ASB-A-242096164-0d76dbd5", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/dtc/+/8ef746c547044b107da65c054daedf33075027b6", "target":{"file":"libfdt/fdt.c"}}, {"deprecated":false, "digest":{"function_hash":"7842000788661298478680035696604098379", "length":1093}, "id":"ASB-A-242096164-b14eecf8", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/external/dtc/+/8ef746c547044b107da65c054daedf33075027b6", "target":{"file":"libfdt/fdt.c", "function":"fdt_next_tag"}}]}}], "references":[{"type":"ADVISORY", "url":"https://source.android.com/security/bulletin/2022-11-01"}, {"type":"FIX", "url":"https://android.googlesource.com/platform/external/dtc/+/922334f6fb875169d64f9c33cba62d0dafc9faa2"}]}