[ASB-A-210292376] Linux USB Gadget Buffer overflows

Severity High

Affected Packages 1

Fixed Packages 1

CVEs 1

In various setup methods of the USB gadget subsystem, there is a possible out of bounds write due to an incorrect flag check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Package	Affected Version
pkg:generic/android#linux_kernel	>= :0, < :2022-03-05

Package	Fixed Version
pkg:generic/android#linux_kernel	= :2022-03-05

ID

ASB-A-210292376

Severity

high

URL

https://source.android.com/security/bulletin/2022-03-01

Published

2022-03-01T00:00:00
(2 years ago)

Modified

2024-07-31T14:51:05
(7 weeks ago)

Rights

Android Security Team

Other Advisories

Source	# ID	Name	URL
Advisory			https://source.android.com/security/bulletin/2022-03-01
Fix			https://android.googlesource.com/kernel/common/+/b4604acd52a691c2fd33ad0a0fafb7cc19dee5de
Fix			https://android.googlesource.com/kernel/common/+/53afb231f54a69d827b882fa282b30bb10cb08a5
Fix			https://android.googlesource.com/kernel/common/+/d3c17d5e271ab688cb117330ec85e125ebf24d88

Type	Package URL	Namespace	Name / Product	Version	Distribution / Platform	Arch	Patch / Fix
Fixed	pkg:generic/android#linux_kernel		android	= :2022-03-05
Affected	pkg:generic/android#linux_kernel		android	>= :0 < :2022-03-05

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date