{"id":"PUB-A-228222508", "published":"2022-12-01T00:00:00Z", "modified":"2026-04-30T15:48:46.890647439Z", "aliases":["CVE-2022-20523", "A-228222508"], "details":"In IncFs_GetFilledRangesStartingFrom of incfs.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.", "affected":[{"package":{"name":"platform/system/incremental_delivery", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"13:0"}, {"fixed":"13:2022-12-01"}]}], "versions":["13"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/system/incremental_delivery/+/c82569e37a745665549df5a77159a0584b45e7d5"], "severity":"Moderate", "spl":"2022-12-01", "types":["ID"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"322534710492198498728088746048309453296", "length":1146}, "id":"PUB-A-228222508-07984fc6", "match_only_versions":["13"], "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/incremental_delivery/+/c82569e37a745665549df5a77159a0584b45e7d5", "target":{"file":"incfs/include/incfs_inline.h", "function":"getFilledRanges"}}, {"deprecated":false, "digest":{"line_hashes":["184364086387266558529663117564781717520", "1708441484464638935869197195031073747", "167739443198112843784811602581043168550", "133655956200243983785996285177499922601"], "threshold":0.9}, "id":"PUB-A-228222508-18361eb2", "match_only_versions":["13"], "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/incremental_delivery/+/c82569e37a745665549df5a77159a0584b45e7d5", "target":{"file":"incfs/MountRegistry.cpp"}}, {"deprecated":false, "digest":{"line_hashes":["189146588532364475518475748611899951557", "318274370219494165893301932891080614561", "194738581224048273677595064053585412736", "271238737763556895637649963852183009123", "125887374729500005821548624635044493481", "253693479788318455550222078098532172605", "265807105934826127264094243111029798418"], "threshold":0.9}, "id":"PUB-A-228222508-27671ce0", "match_only_versions":["13"], "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/incremental_delivery/+/c82569e37a745665549df5a77159a0584b45e7d5", "target":{"file":"incfs/include/incfs_inline.h"}}, {"deprecated":false, "digest":{"function_hash":"29010597758195177999908771608877230602", "length":3211}, "id":"PUB-A-228222508-81bb781c", "match_only_versions":["13"], "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/incremental_delivery/+/c82569e37a745665549df5a77159a0584b45e7d5", "target":{"file":"incfs/MountRegistry.cpp", "function":"MountRegistry::Mounts::loadFrom"}}]}}], "references":[{"type":"ADVISORY", "url":"https://source.android.com/security/bulletin/2022-12-01"}, {"type":"FIX", "url":"https://android.googlesource.com/platform/system/incremental_delivery/+/c82569e37a745665549df5a77159a0584b45e7d5"}]}