[ASB-A-220741611] Linux kernel bug allows writing to arbitrary files, bypassing file permissions, immutability, snapshots and read-only mounts

Severity High

Affected Packages 1

Fixed Packages 1

CVEs 1

In multiple functions of iov_iter.c, there is a possible out of bounds write due to uninitialized data. This could lead to local escalation of privilege in system libraries with no additional execution privileges needed. User interaction is not needed for exploitation.

Package	Affected Version
pkg:generic/android#linux_kernel	>= :0, < :2022-05-05

Package	Fixed Version
pkg:generic/android#linux_kernel	= :2022-05-05

ID

ASB-A-220741611

Severity

high

URL

https://source.android.com/security/bulletin/2022-05-01

Published

2022-05-01T00:00:00
(2 years ago)

Modified

2024-07-31T14:52:08
(7 weeks ago)

Rights

Android Security Team

Other Advisories

Source	# ID	Name	URL
Advisory			https://source.android.com/security/bulletin/2022-05-01
Fix			https://android.googlesource.com/kernel/common/+/b9b8fd203dba3
Fix			https://android.googlesource.com/kernel/common/+/b19ec7afa9297
Fix			https://android.googlesource.com/kernel/common/+/aa3e9c7480830f38390a61501386be4a03efb88d

Type	Package URL	Namespace	Name / Product	Version	Distribution / Platform	Arch	Patch / Fix
Fixed	pkg:generic/android#linux_kernel		android	= :2022-05-05
Affected	pkg:generic/android#linux_kernel		android	>= :0 < :2022-05-05

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date