{"id":"ASB-A-221216105","details":"In nfa_dm_check_set_config of nfa_dm_main.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-221216105","CVE-2022-20147"],"modified":"2026-04-17T15:55:28.020024Z","published":"2022-06-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2022-06-01"},{"type":"FIX","url":"https://android.googlesource.com/platform/system/nfc/+/88c5c267e889699c71412022e3fcb03d20100e99"}],"affected":[{"package":{"name":"platform/system/nfc","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12L-next:0"},{"fixed":"12L-next:2022-06-01"}]}],"versions":["12L-next"],"ecosystem_specific":{"types":["EoP"],"spl":"2022-06-01","vanir_signatures":[{"deprecated":false,"signature_version":"v1","digest":{"function_hash":"156941489692749725818092720589879950799","length":4768},"target":{"function":"nfa_dm_check_set_config","file":"src/nfa/dm/nfa_dm_main.cc"},"source":"https://android.googlesource.com/platform/system/nfc/+/88c5c267e889699c71412022e3fcb03d20100e99","signature_type":"Function","id":"ASB-A-221216105-bc0806d7"},{"deprecated":false,"signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["228215901904264799496795337735341102715","17669025694038952674912891942475166015","20529047371298399982272447971778601430","99008648622485997403478422415536627075","286591029690804517788545255104721789690","232131448939947439337969491545383863719","304498648637370120616598659088557177407"]},"target":{"file":"src/nfa/dm/nfa_dm_main.cc"},"source":"https://android.googlesource.com/platform/system/nfc/+/88c5c267e889699c71412022e3fcb03d20100e99","signature_type":"Line","id":"ASB-A-221216105-e5cdc70a"}],"severity":"High","fixes":["https://android.googlesource.com/platform/system/nfc/+/88c5c267e889699c71412022e3fcb03d20100e99"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-221216105.json"}},{"package":{"name":"platform/system/nfc","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"10:0"},{"fixed":"10:2022-06-01"}]}],"versions":["10"],"ecosystem_specific":{"types":["EoP"],"spl":"2022-06-01","vanir_signatures":[{"deprecated":false,"signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["228215901904264799496795337735341102715","17669025694038952674912891942475166015","20529047371298399982272447971778601430","99008648622485997403478422415536627075","286591029690804517788545255104721789690","232131448939947439337969491545383863719","304498648637370120616598659088557177407"]},"target":{"file":"src/nfa/dm/nfa_dm_main.cc"},"source":"https://android.googlesource.com/platform/system/nfc/+/88c5c267e889699c71412022e3fcb03d20100e99","signature_type":"Line","id":"ASB-A-221216105-b2661fed"},{"deprecated":false,"signature_version":"v1","digest":{"function_hash":"156941489692749725818092720589879950799","length":4768},"target":{"function":"nfa_dm_check_set_config","file":"src/nfa/dm/nfa_dm_main.cc"},"source":"https://android.googlesource.com/platform/system/nfc/+/88c5c267e889699c71412022e3fcb03d20100e99","signature_type":"Function","id":"ASB-A-221216105-ccd6f291"}],"severity":"High","fixes":["https://android.googlesource.com/platform/system/nfc/+/88c5c267e889699c71412022e3fcb03d20100e99"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-221216105.json"}},{"package":{"name":"platform/system/nfc","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"11:0"},{"fixed":"11:2022-06-01"}]}],"versions":["11"],"ecosystem_specific":{"types":["EoP"],"spl":"2022-06-01","vanir_signatures":[{"deprecated":false,"signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["228215901904264799496795337735341102715","17669025694038952674912891942475166015","20529047371298399982272447971778601430","99008648622485997403478422415536627075","286591029690804517788545255104721789690","232131448939947439337969491545383863719","304498648637370120616598659088557177407"]},"target":{"file":"src/nfa/dm/nfa_dm_main.cc"},"source":"https://android.googlesource.com/platform/system/nfc/+/88c5c267e889699c71412022e3fcb03d20100e99","signature_type":"Line","id":"ASB-A-221216105-355719a3"},{"deprecated":false,"signature_version":"v1","digest":{"function_hash":"156941489692749725818092720589879950799","length":4768},"target":{"function":"nfa_dm_check_set_config","file":"src/nfa/dm/nfa_dm_main.cc"},"source":"https://android.googlesource.com/platform/system/nfc/+/88c5c267e889699c71412022e3fcb03d20100e99","signature_type":"Function","id":"ASB-A-221216105-3a92e5a4"}],"severity":"High","fixes":["https://android.googlesource.com/platform/system/nfc/+/88c5c267e889699c71412022e3fcb03d20100e99"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-221216105.json"}},{"package":{"name":"platform/system/nfc","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12:0"},{"fixed":"12:2022-06-01"}]}],"versions":["12"],"ecosystem_specific":{"types":["EoP"],"spl":"2022-06-01","vanir_signatures":[{"deprecated":false,"signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["228215901904264799496795337735341102715","17669025694038952674912891942475166015","20529047371298399982272447971778601430","99008648622485997403478422415536627075","286591029690804517788545255104721789690","232131448939947439337969491545383863719","304498648637370120616598659088557177407"]},"target":{"file":"src/nfa/dm/nfa_dm_main.cc"},"source":"https://android.googlesource.com/platform/system/nfc/+/88c5c267e889699c71412022e3fcb03d20100e99","signature_type":"Line","id":"ASB-A-221216105-5e55076e"},{"deprecated":false,"signature_version":"v1","digest":{"function_hash":"156941489692749725818092720589879950799","length":4768},"target":{"function":"nfa_dm_check_set_config","file":"src/nfa/dm/nfa_dm_main.cc"},"source":"https://android.googlesource.com/platform/system/nfc/+/88c5c267e889699c71412022e3fcb03d20100e99","signature_type":"Function","id":"ASB-A-221216105-ef4dd6bd"}],"severity":"High","fixes":["https://android.googlesource.com/platform/system/nfc/+/88c5c267e889699c71412022e3fcb03d20100e99"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-221216105.json"}},{"package":{"name":"platform/system/nfc","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12L:0"},{"fixed":"12L:2022-06-01"}]}],"versions":["12L"],"ecosystem_specific":{"types":["EoP"],"spl":"2022-06-01","vanir_signatures":[{"deprecated":false,"signature_version":"v1","digest":{"function_hash":"156941489692749725818092720589879950799","length":4768},"target":{"function":"nfa_dm_check_set_config","file":"src/nfa/dm/nfa_dm_main.cc"},"source":"https://android.googlesource.com/platform/system/nfc/+/88c5c267e889699c71412022e3fcb03d20100e99","signature_type":"Function","id":"ASB-A-221216105-36f0cca7"},{"deprecated":false,"signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["228215901904264799496795337735341102715","17669025694038952674912891942475166015","20529047371298399982272447971778601430","99008648622485997403478422415536627075","286591029690804517788545255104721789690","232131448939947439337969491545383863719","304498648637370120616598659088557177407"]},"target":{"file":"src/nfa/dm/nfa_dm_main.cc"},"source":"https://android.googlesource.com/platform/system/nfc/+/88c5c267e889699c71412022e3fcb03d20100e99","signature_type":"Line","id":"ASB-A-221216105-bc32815b"}],"severity":"High","fixes":["https://android.googlesource.com/platform/system/nfc/+/88c5c267e889699c71412022e3fcb03d20100e99"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-221216105.json"}}],"schema_version":"1.7.5"}