{"id":"PUB-A-182815710", "published":"2022-08-01T00:00:00Z", "modified":"2026-07-09T15:25:53.339171538Z", "aliases":["CVE-2022-20158", "A-182815710"], "details":"In bdi_put and bdi_unregister of backing-dev.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.", "affected":[{"package":{"name":":linux_kernel:", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":":0"}, {"fixed":":2022-08-05"}]}], "versions":["Kernel"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/kernel/common/+/69e8f03c5ced3e4e6fb4181f4dac185104e3420b", "https://android.googlesource.com/kernel/common/+/80d91b86a199798ee2321a0ab0f09e6e12764678"], "severity":"Moderate", "spl":"2022-08-05", "types":["EoP"], "vanir_signatures":[{"deprecated":true, "digest":{"line_hashes":["113215513242572373501115177095692480700", "146376740562450085479430119081051201234", "167845098314143482835205259979813114407", "236196975693995146280669780473702745176", "179713941776304459402223690009765683179", "207534210488843669084278475330134141879", "320215819632338481320743497810732588942", "128075904718979113341398525991717430481", "147126970876245669418538450732936814785", "241440682663761525252903724063500113711"], "threshold":0.9}, "id":"PUB-A-182815710-0b9a609f", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/kernel/common/+/69e8f03c5ced3e4e6fb4181f4dac185104e3420b", "target":{"file":"mm/backing-dev.c"}}, {"deprecated":true, "digest":{"function_hash":"119294102589541230230989006184100759164", "length":422}, "id":"PUB-A-182815710-49e1c804", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/kernel/common/+/80d91b86a199798ee2321a0ab0f09e6e12764678", "target":{"file":"fs/super.c", "function":"super_setup_bdi_name"}}, {"deprecated":true, "digest":{"function_hash":"198982860961498878349235759223809766837", "length":813}, "id":"PUB-A-182815710-502e390a", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/kernel/common/+/80d91b86a199798ee2321a0ab0f09e6e12764678", "target":{"file":"fs/super.c", "function":"generic_shutdown_super"}}, {"deprecated":true, "digest":{"function_hash":"191935921694015649765081903418196938719", "length":333}, "id":"PUB-A-182815710-65fe396e", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/kernel/common/+/69e8f03c5ced3e4e6fb4181f4dac185104e3420b", "target":{"file":"mm/backing-dev.c", "function":"bdi_unregister"}}, {"deprecated":true, "digest":{"line_hashes":["245186888783296841206310521981694865194", "52605353847176674651244620841010243214", "92369602758052413382318932991536994237", "8012670222047561370461500628183984996", "127057961633548355314666410211495682467", "3068827643211051924240955389725174270", "292492477069466682508650815827596805901", "133487563510134085865046698037949369604"], "threshold":0.9}, "id":"PUB-A-182815710-66e60689", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/kernel/common/+/80d91b86a199798ee2321a0ab0f09e6e12764678", "target":{"file":"fs/super.c"}}, {"deprecated":true, "digest":{"function_hash":"104154573921309456992889799016996082195", "length":517}, "id":"PUB-A-182815710-f6524f6e", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/kernel/common/+/69e8f03c5ced3e4e6fb4181f4dac185104e3420b", "target":{"file":"mm/backing-dev.c", "function":"bdi_register_va"}}]}}], "references":[{"type":"ADVISORY", "url":"https://source.android.com/security/bulletin/2022-08-01"}, {"type":"FIX", "url":"https://android.googlesource.com/kernel/common/+/69e8f03c5ced3e4e6fb4181f4dac185104e3420b"}, {"type":"FIX", "url":"https://android.googlesource.com/kernel/common/+/80d91b86a199798ee2321a0ab0f09e6e12764678"}]}