{"id":"ASB-A-148588557","details":"In __flow_hash_from_keys of flow_dissector.c, there is a possible packet injection due to improperly used crypto. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-148588557","CVE-2019-18282"],"modified":"2026-04-08T15:00:25.631816Z","published":"2020-07-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2020-07-01"},{"type":"FIX","url":"https://android.googlesource.com/kernel/common/+/55667441c84fa5e0911a0aac44fb059c15ba6da2"}],"affected":[{"package":{"name":":linux_kernel:","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":":0"},{"fixed":":2020-07-05"}]}],"versions":["Kernel"],"ecosystem_specific":{"types":["EoP"],"severity":"High","vanir_signatures":[{"signature_version":"v1","signature_type":"Line","id":"ASB-A-148588557-00e8cb6e","source":"https://android.googlesource.com/kernel/common/+/55667441c84fa5e0911a0aac44fb059c15ba6da2","digest":{"threshold":0.9,"line_hashes":["216830771674073952271739855526984651552","283248836859075611635659023413831226197","311718675173209835525491230762297142798","138907628540240926041542864058944672664"]},"target":{"file":"include/net/fq.h"},"deprecated":false},{"signature_version":"v1","signature_type":"Function","id":"ASB-A-148588557-0a64519e","source":"https://android.googlesource.com/kernel/common/+/55667441c84fa5e0911a0aac44fb059c15ba6da2","digest":{"length":163,"function_hash":"328835351401029418920249497314618295909"},"target":{"function":"fq_flow_idx","file":"include/net/fq_impl.h"},"deprecated":false},{"signature_version":"v1","signature_type":"Line","id":"ASB-A-148588557-120e0d26","source":"https://android.googlesource.com/kernel/common/+/55667441c84fa5e0911a0aac44fb059c15ba6da2","digest":{"threshold":0.9,"line_hashes":["95301430675572668634442012518580248467","33558872309470466940504314230062784060","226672203253309007483155044816490731508","94604202655693118393347510283009547132","246464217681865152535658449423944627627","45673665239764653508690458727874884189","187534807119985981103973226294024197272","194568955491065574382854695787206542160"]},"target":{"file":"include/net/fq_impl.h"},"deprecated":false},{"signature_version":"v1","signature_type":"Function","id":"ASB-A-148588557-2009a658","source":"https://android.googlesource.com/kernel/common/+/55667441c84fa5e0911a0aac44fb059c15ba6da2","digest":{"length":112,"function_hash":"301214972810218438893898981966664178076"},"target":{"function":"skb_get_hash_perturb","file":"net/core/flow_dissector.c"},"deprecated":false},{"signature_version":"v1","signature_type":"Function","id":"ASB-A-148588557-3804974b","source":"https://android.googlesource.com/kernel/common/+/55667441c84fa5e0911a0aac44fb059c15ba6da2","digest":{"length":1497,"function_hash":"233450745710602483052475666956529446733"},"target":{"function":"hhf_init","file":"net/sched/sch_hhf.c"},"deprecated":false},{"signature_version":"v1","signature_type":"Function","id":"ASB-A-148588557-3c807d69","source":"https://android.googlesource.com/kernel/common/+/55667441c84fa5e0911a0aac44fb059c15ba6da2","digest":{"length":1705,"function_hash":"312432340274326278942725508660603859137"},"target":{"function":"hhf_classify","file":"net/sched/sch_hhf.c"},"deprecated":false},{"signature_version":"v1","signature_type":"Function","id":"ASB-A-148588557-42580e05","source":"https://android.googlesource.com/kernel/common/+/55667441c84fa5e0911a0aac44fb059c15ba6da2","digest":{"length":3040,"function_hash":"70113639914735468643785314821805692482"},"target":{"function":"sfb_enqueue","file":"net/sched/sch_sfb.c"},"deprecated":false},{"signature_version":"v1","signature_type":"Line","id":"ASB-A-148588557-4b1322a9","source":"https://android.googlesource.com/kernel/common/+/55667441c84fa5e0911a0aac44fb059c15ba6da2","digest":{"threshold":0.9,"line_hashes":["142360484127525313093668691568068032666","107695344681350788695525903624567756031","330848880062222940283661735280750561516","265124191371607535140821176436192052613"]},"target":{"file":"include/linux/skbuff.h"},"deprecated":false},{"signature_version":"v1","signature_type":"Function","id":"ASB-A-148588557-59422e05","source":"https://android.googlesource.com/kernel/common/+/55667441c84fa5e0911a0aac44fb059c15ba6da2","digest":{"length":276,"function_hash":"244942309722001007100284513244541276575"},"target":{"function":"__skb_get_hash_symmetric","file":"net/core/flow_dissector.c"},"deprecated":false},{"signature_version":"v1","source":"https://android.googlesource.com/kernel/common/+/55667441c84fa5e0911a0aac44fb059c15ba6da2","signature_type":"Function","id":"ASB-A-148588557-5ca18001","exact_target_file_match_only":true,"digest":{"length":121,"function_hash":"61294580310704128260289527285586182669"},"target":{"function":"__flow_hash_words","file":"net/core/flow_dissector.c"},"deprecated":false},{"signature_version":"v1","signature_type":"Function","id":"ASB-A-148588557-5f87b11e","source":"https://android.googlesource.com/kernel/common/+/55667441c84fa5e0911a0aac44fb059c15ba6da2","digest":{"length":113,"function_hash":"200783125342679606349958298577329162353"},"target":{"function":"sfb_init_perturbation","file":"net/sched/sch_sfb.c"},"deprecated":false},{"signature_version":"v1","signature_type":"Function","id":"ASB-A-148588557-626072db","source":"https://android.googlesource.com/kernel/common/+/55667441c84fa5e0911a0aac44fb059c15ba6da2","digest":{"length":89,"function_hash":"108855289393318654356275639202893157750"},"target":{"function":"flow_hash_from_keys","file":"net/core/flow_dissector.c"},"deprecated":false},{"signature_version":"v1","signature_type":"Function","id":"ASB-A-148588557-71e36f3a","source":"https://android.googlesource.com/kernel/common/+/55667441c84fa5e0911a0aac44fb059c15ba6da2","digest":{"length":2103,"function_hash":"95157876974844881398587902200201852239"},"target":{"function":"sfq_change","file":"net/sched/sch_sfq.c"},"deprecated":false},{"signature_version":"v1","signature_type":"Function","id":"ASB-A-148588557-78b5cb18","source":"https://android.googlesource.com/kernel/common/+/55667441c84fa5e0911a0aac44fb059c15ba6da2","digest":{"length":591,"function_hash":"233076545920371234869040207055007623601"},"target":{"function":"fq_init","file":"include/net/fq_impl.h"},"deprecated":false},{"signature_version":"v1","signature_type":"Function","id":"ASB-A-148588557-79a5261d","source":"https://android.googlesource.com/kernel/common/+/55667441c84fa5e0911a0aac44fb059c15ba6da2","digest":{"length":1455,"function_hash":"279556145455111125077940047211188344909"},"target":{"function":"sfq_init","file":"net/sched/sch_sfq.c"},"deprecated":false},{"signature_version":"v1","signature_type":"Line","id":"ASB-A-148588557-8266a6a9","source":"https://android.googlesource.com/kernel/common/+/55667441c84fa5e0911a0aac44fb059c15ba6da2","digest":{"threshold":0.9,"line_hashes":["79979489203306868919702268485294150242","251370951673513379996076678308160888789","63180926785655039675583991355272850381","166248064757454729846306804692963438038","162542372896037490882271157023992001600","335194571253462473163979117948116609724","280532423100102971121423873797529509832","75943806490275832075447786374742393334","203436715078794551815231166811008917741","193134419662714212192824643258610856593","144773114811236640960089575065025490439","146679681415099597704943839812206901427","127114370196809433702062632119653808313","262427306347761894257408675569972967368","262095477663838400102656845155038296238","312105671750916166986989484380725318565","147953401512340757337024515344970603992","205724584600625594126612388372763334108","262033334019516433924230310535510911730","202818629126144656988776342307460725165","12026391729801639883082494713729812302","309703912775764386946515522666075205706","7854207066863251023350198170556898044","96029265068468433356101812162763308812","294357992858772491823347533373642779176","163125489701551541808892142362599071960","164729427639890535407103374772342493432","291365271215517720147957387293995207160","227249794814160184986426660209708938567","173261340292481359523326373990762557704","233387438563921598567634250418819240074","100779727577290773944817278425903261227","24697830407511384049756960096759036895","99816855361397682304370734156593974941","185312888985018379520731808342332625657","246694964277350268851726497634968391502","151002103389487109354185622940647973930","41392026065318682845965973712627515183","129736930492348732647792270305972320513","43410658340400779568432824271899230748","123984375500959780859614462828784632157","137099628540063387458829590214611830916","276691337701505515798985627902129359097","251467912440892635766407609947745338799","199774513872493417565470795211244579756","71380111850497218801166485830697709157","228847645841818055611897065968566355316","288797757235278227300755848710611149816","134732646010844751065317519921797175957","178639014871355842083866659143800065280","126613001318726306868744089657567263059","268826432665757980047261362264397067571","292891510524277523046709679774866037451","117961091512222770245958741270462891546","47556611000269997391357412137369416749","70150731650327860676199394658143597228"]},"target":{"file":"net/core/flow_dissector.c"},"deprecated":false},{"signature_version":"v1","signature_type":"Line","id":"ASB-A-148588557-8504c82e","source":"https://android.googlesource.com/kernel/common/+/55667441c84fa5e0911a0aac44fb059c15ba6da2","digest":{"threshold":0.9,"line_hashes":["46321904095633711232856908845584495634","164981817097921993216271206168382636812","33689778707238051879096072382301073369","8048097136729218845645517010408371932","52706020810745923715682222357638293076","322819663966862756486707453999684304133","243082753464049232154183630212591976769","154945423849789118204336112044150150495","137596229404116582177911077368161778279","178535449232360418271104160074323692943","243507719420582121747231291949297361887","326307611468778190467212221300579690936","303010328855688627709699614302958374761","32243868167202509762638958503768886503","32160695896514221892408161422016725406","121753019160114413613858512058551215465","50735514811710182922601088139003558550","201751121412240519734745304901865534043","193106049672004349629571503415979733562","117533765548691628964140797297901676476","39746419301996991575501102143767414034","25845872273655158396151487303670049095"]},"target":{"file":"net/sched/sch_sfb.c"},"deprecated":false},{"signature_version":"v1","signature_type":"Function","id":"ASB-A-148588557-8a22c4fb","source":"https://android.googlesource.com/kernel/common/+/55667441c84fa5e0911a0aac44fb059c15ba6da2","digest":{"length":168,"function_hash":"26493789262049586993809205987823685326"},"target":{"function":"__skb_get_hash","file":"net/core/flow_dissector.c"},"deprecated":false},{"signature_version":"v1","signature_type":"Line","id":"ASB-A-148588557-90b65e99","source":"https://android.googlesource.com/kernel/common/+/55667441c84fa5e0911a0aac44fb059c15ba6da2","digest":{"threshold":0.9,"line_hashes":["328610208201842994316372318000384694555","149348909435491724288299558111771604429","235328250235667141527808421592522272972","285624164336856129721021521284772463897","111636791455912876267743007902321484311","197052625801443831392858610229807103789","47190608860431281803077012660863281044","325993752796299966469040777589648119537","146995324075089318528430178436973896483","312079628474876225766495203905894626569","257479939234590128611643474012923991387","321500235280896430700636217895654552396","129620742733755408641185063831292979539","290445373014201025896033946320766431778","200395088472951132853150045332586238709","228201285363778035724620594537504006108","104170952464160786932425982869419302570"]},"target":{"file":"net/sched/sch_hhf.c"},"deprecated":false},{"signature_version":"v1","signature_type":"Line","id":"ASB-A-148588557-a6951122","source":"https://android.googlesource.com/kernel/common/+/55667441c84fa5e0911a0aac44fb059c15ba6da2","digest":{"threshold":0.9,"line_hashes":["218431510198575119302096507414406642825","257645698202505926905423445601820625622","127526305100006625168419505923942031299","63830029220228634867344333408316169330","3281554989804526925695543009695330638","258856045945770458854936492866305622077","250874369499676706479348147034044491787","39435925379446642350284622935585406896","12497613566455699071280319294137739700","142210501070545365509734551573787009906","197010059616658668041119831159127161757","254704709689106544523169775280205878550","39655166749394213655050489834445918526","314310337567906398266446331317996488707","31009757692421739246287178480270363278","302152988077229263233383269473301531988","284377558547778943110735073975400231422","197224973872784890139422573742721375812","231296173561525568579626392161427667165","147072978618577701321711613900205087562","45389949648610294718533614508534989030","128738295853805304642853564110751982852","294484262749481742583652608363874546400","78906937787581239204202648915306929609","262524157491704130317561191533586847804","232170410262869952301551954208121332006"]},"target":{"file":"net/sched/sch_sfq.c"},"deprecated":false},{"signature_version":"v1","signature_type":"Function","id":"ASB-A-148588557-bfeaf23e","source":"https://android.googlesource.com/kernel/common/+/55667441c84fa5e0911a0aac44fb059c15ba6da2","digest":{"length":202,"function_hash":"315018008532792634838947805969196315637"},"target":{"function":"__flow_hash_from_keys","file":"net/core/flow_dissector.c"},"deprecated":false},{"signature_version":"v1","signature_type":"Function","id":"ASB-A-148588557-d1eccb63","source":"https://android.googlesource.com/kernel/common/+/55667441c84fa5e0911a0aac44fb059c15ba6da2","digest":{"length":159,"function_hash":"176284280421538353086942238463946131042"},"target":{"function":"sfq_hash","file":"net/sched/sch_sfq.c"},"deprecated":false},{"signature_version":"v1","signature_type":"Line","id":"ASB-A-148588557-da8b4b0f","source":"https://android.googlesource.com/kernel/common/+/55667441c84fa5e0911a0aac44fb059c15ba6da2","digest":{"threshold":0.9,"line_hashes":["23614965184244061597913813826817286862","1053369916977101385407799434666440463","292102435721935121808695719257678050463","859621337595235562735971769733622519","110675886615930258050298918997487942206","198782319067369760839260682964366688420","174012846144389341728915002689124139301"]},"target":{"file":"include/net/flow_dissector.h"},"deprecated":false},{"signature_version":"v1","signature_type":"Function","id":"ASB-A-148588557-e05fb1c1","source":"https://android.googlesource.com/kernel/common/+/55667441c84fa5e0911a0aac44fb059c15ba6da2","digest":{"length":189,"function_hash":"99057023828108968658529212262762313078"},"target":{"function":"___skb_get_hash","file":"net/core/flow_dissector.c"},"deprecated":false},{"signature_version":"v1","signature_type":"Function","id":"ASB-A-148588557-f01997cb","source":"https://android.googlesource.com/kernel/common/+/55667441c84fa5e0911a0aac44fb059c15ba6da2","digest":{"length":669,"function_hash":"68129618127123959380036175218985112568"},"target":{"function":"flow_keys_hash_length","file":"net/core/flow_dissector.c"},"deprecated":false},{"signature_version":"v1","signature_type":"Function","id":"ASB-A-148588557-f945f49a","source":"https://android.googlesource.com/kernel/common/+/55667441c84fa5e0911a0aac44fb059c15ba6da2","digest":{"length":411,"function_hash":"19375162217843495230721034774766806037"},"target":{"function":"sfq_perturbation","file":"net/sched/sch_sfq.c"},"deprecated":false},{"signature_version":"v1","signature_type":"Function","id":"ASB-A-148588557-fe8b0ae6","source":"https://android.googlesource.com/kernel/common/+/55667441c84fa5e0911a0aac44fb059c15ba6da2","digest":{"length":205,"function_hash":"309451441038152215406383278796075854742"},"target":{"function":"flow_keys_hash_start","file":"net/core/flow_dissector.c"},"deprecated":false}],"fixes":["https://android.googlesource.com/kernel/common/+/55667441c84fa5e0911a0aac44fb059c15ba6da2"],"spl":"2020-07-05"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-148588557.json"}}],"schema_version":"1.7.5"}