{"id":"PUB-A-237291425", "published":"2022-12-01T00:00:00Z", "modified":"2026-04-30T15:48:46.890647439Z", "aliases":["CVE-2022-20539", "A-237291425"], "details":"In parameterToHal of Effect.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege in the audio server with System execution privileges needed. User interaction is not needed for exploitation.", "affected":[{"package":{"name":"platform/hardware/interfaces", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"13:0"}, {"fixed":"13:2022-12-01"}]}], "versions":["13"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/hardware/interfaces/+/4f110343d667159f85df5c2b787a9e9a5349bcbe"], "severity":"Moderate", "spl":"2022-12-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"317495746485922110331306168398437462706", "length":555}, "id":"PUB-A-237291425-431ce068", "match_only_versions":["13"], "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/hardware/interfaces/+/4f110343d667159f85df5c2b787a9e9a5349bcbe", "target":{"file":"audio/effect/all-versions/default/Effect.cpp", "function":"Effect::getParameterImpl"}}, {"deprecated":false, "digest":{"function_hash":"30123266802065356885115692504846696672", "length":535}, "id":"PUB-A-237291425-5ff1da6d", "match_only_versions":["13"], "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/hardware/interfaces/+/4f110343d667159f85df5c2b787a9e9a5349bcbe", "target":{"file":"audio/effect/all-versions/default/Effect.cpp", "function":"Effect::parameterToHal"}}, {"deprecated":false, "digest":{"function_hash":"29579660006996074852613495412883982288", "length":257}, "id":"PUB-A-237291425-69d37c7b", "match_only_versions":["13"], "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/hardware/interfaces/+/4f110343d667159f85df5c2b787a9e9a5349bcbe", "target":{"file":"audio/effect/all-versions/default/Effect.cpp", "function":"Effect::setParameterImpl"}}, {"deprecated":false, "digest":{"line_hashes":["241345803428274514914173750033235143439", "298917489403951161474252177580383745491", "204918743027436695181852476445492936696", "248059365483983222598316756158843715662", "66822891934574946509925347350274344198"], "threshold":0.9}, "id":"PUB-A-237291425-bd5ae7c4", "match_only_versions":["13"], "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/hardware/interfaces/+/4f110343d667159f85df5c2b787a9e9a5349bcbe", "target":{"file":"audio/effect/all-versions/default/Effect.h"}}, {"deprecated":false, "digest":{"line_hashes":["313059225383503440477440576076796639768", "227621403652004929095362390026884299138", "318529299587967281414003747786286545567", "24771999819195088072931779467914237968", "266160911258182898482401649488858568793", "63132663513363580818699841070826610106", "148207872206608168082714377543143285242", "142613355609468974098312976183629596872", "99312486785625554246400588369878169704", "318637139589062211065762957205511152412", "75009748631100807500709188096213170068", "78691052645781660711009870316563570461", "280549801420680188423824461990705934769", "88997130257885229649108908344598353686", "152243725183288471995187783439429214751", "328470510571465043752673378022626710887", "229506037448769977422689472174879608986", "118651229590935032251534793302388468773", "184127610439288084211946895359479852215", "252561610820495140261623815577275630659", "27478599967662449078636264537078252088", "26180971022269590998001646870428867891", "170585366046268702959843789117970440253", "226573480289599342413102365773257030364", "272465068728968602953041888046671296023", "327956488084163979081976006159521689607"], "threshold":0.9}, "id":"PUB-A-237291425-dab24b9e", "match_only_versions":["13"], "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/hardware/interfaces/+/4f110343d667159f85df5c2b787a9e9a5349bcbe", "target":{"file":"audio/effect/all-versions/default/Effect.cpp"}}, {"deprecated":false, "digest":{"line_hashes":["42200179381301016134820353144508083862", "263620422702024950336934368050914565764", "233494592712189971446162782491874540621"], "threshold":0.9}, "id":"PUB-A-237291425-e7638dd9", "match_only_versions":["13"], "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/hardware/interfaces/+/4f110343d667159f85df5c2b787a9e9a5349bcbe", "target":{"file":"audio/effect/all-versions/vts/functional/VtsHalAudioEffectTargetTest.cpp"}}]}}], "references":[{"type":"ADVISORY", "url":"https://source.android.com/security/bulletin/2022-12-01"}, {"type":"FIX", "url":"https://android.googlesource.com/platform/hardware/interfaces/+/4f110343d667159f85df5c2b787a9e9a5349bcbe"}]}