{"id":"ASB-A-220741611","details":"In multiple functions of iov_iter.c, there is a possible out of bounds write due to uninitialized data. This could lead to local escalation of privilege in system libraries with no additional execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-220741611","CVE-2022-0847"],"modified":"2026-04-10T16:16:18.068628Z","published":"2022-05-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2022-05-01"},{"type":"FIX","url":"https://android.googlesource.com/kernel/common/+/b9b8fd203dba3"},{"type":"FIX","url":"https://android.googlesource.com/kernel/common/+/b19ec7afa9297"},{"type":"FIX","url":"https://android.googlesource.com/kernel/common/+/aa3e9c7480830f38390a61501386be4a03efb88d"}],"affected":[{"package":{"name":":linux_kernel:","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":":0"},{"fixed":":2022-05-05"}]}],"versions":["Kernel"],"ecosystem_specific":{"vanir_signatures":[{"source":"https://android.googlesource.com/kernel/common/+/b9b8fd203dba3","signature_version":"v1","signature_type":"Function","deprecated":false,"digest":{"length":996,"function_hash":"339689791828797232024530409227774779441"},"id":"ASB-A-220741611-0d0bc08c","target":{"function":"push_pipe","file":"lib/iov_iter.c"}},{"source":"https://android.googlesource.com/kernel/common/+/aa3e9c7480830f38390a61501386be4a03efb88d","signature_version":"v1","signature_type":"Line","deprecated":false,"digest":{"line_hashes":["134436877735195479399431085792838987467","232980826822544885754214897579198116529","217024493674096007528144937323210585157","144648163504042365693439419794279883660","74186965640530955316531541713336962193","266087078819064697008367606713792713038","212389789156659759290233420496431435880","332634056076018835733964202215024247512"],"threshold":0.9},"id":"ASB-A-220741611-1195352e","target":{"file":"lib/iov_iter.c"}},{"source":"https://android.googlesource.com/kernel/common/+/b19ec7afa9297","signature_version":"v1","signature_type":"Function","deprecated":false,"digest":{"length":961,"function_hash":"190579346138162308382343159614563282947"},"id":"ASB-A-220741611-1bb580e1","target":{"function":"copy_page_to_iter_pipe","file":"lib/iov_iter.c"}},{"source":"https://android.googlesource.com/kernel/common/+/b9b8fd203dba3","signature_version":"v1","signature_type":"Function","deprecated":false,"digest":{"length":961,"function_hash":"190579346138162308382343159614563282947"},"id":"ASB-A-220741611-2ba35c95","target":{"function":"copy_page_to_iter_pipe","file":"lib/iov_iter.c"}},{"source":"https://android.googlesource.com/kernel/common/+/b19ec7afa9297","signature_version":"v1","signature_type":"Line","deprecated":false,"digest":{"line_hashes":["134436877735195479399431085792838987467","232980826822544885754214897579198116529","217024493674096007528144937323210585157","144648163504042365693439419794279883660","74186965640530955316531541713336962193","266087078819064697008367606713792713038","212389789156659759290233420496431435880","332634056076018835733964202215024247512"],"threshold":0.9},"id":"ASB-A-220741611-424ccc2d","target":{"file":"lib/iov_iter.c"}},{"source":"https://android.googlesource.com/kernel/common/+/b9b8fd203dba3","signature_version":"v1","signature_type":"Line","deprecated":false,"digest":{"line_hashes":["134436877735195479399431085792838987467","232980826822544885754214897579198116529","217024493674096007528144937323210585157","144648163504042365693439419794279883660","74186965640530955316531541713336962193","266087078819064697008367606713792713038","212389789156659759290233420496431435880","332634056076018835733964202215024247512"],"threshold":0.9},"id":"ASB-A-220741611-4e980db0","target":{"file":"lib/iov_iter.c"}},{"source":"https://android.googlesource.com/kernel/common/+/aa3e9c7480830f38390a61501386be4a03efb88d","signature_version":"v1","signature_type":"Function","deprecated":false,"digest":{"length":996,"function_hash":"339689791828797232024530409227774779441"},"id":"ASB-A-220741611-7378aae4","target":{"function":"push_pipe","file":"lib/iov_iter.c"}},{"source":"https://android.googlesource.com/kernel/common/+/b19ec7afa9297","signature_version":"v1","signature_type":"Function","deprecated":false,"digest":{"length":996,"function_hash":"339689791828797232024530409227774779441"},"id":"ASB-A-220741611-75618f6f","target":{"function":"push_pipe","file":"lib/iov_iter.c"}},{"source":"https://android.googlesource.com/kernel/common/+/aa3e9c7480830f38390a61501386be4a03efb88d","signature_version":"v1","signature_type":"Function","deprecated":false,"digest":{"length":961,"function_hash":"190579346138162308382343159614563282947"},"id":"ASB-A-220741611-d191cbac","target":{"function":"copy_page_to_iter_pipe","file":"lib/iov_iter.c"}}],"fixes":["https://android.googlesource.com/kernel/common/+/b9b8fd203dba3","https://android.googlesource.com/kernel/common/+/b19ec7afa9297","https://android.googlesource.com/kernel/common/+/aa3e9c7480830f38390a61501386be4a03efb88d"],"severity":"High","types":["EoP"],"spl":"2022-05-05"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-220741611.json"}}],"schema_version":"1.7.5"}