{"id":"ASB-A-222023189","details":"In composite_setup of composite.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege when connecting a malicious USB device with no additional execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-222023189","CVE-2022-25258"],"modified":"2026-03-09T15:09:45.114269Z","published":"2022-06-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2022-06-01"},{"type":"FIX","url":"https://android.googlesource.com/kernel/common/+/22ec100472854"},{"type":"FIX","url":"https://android.googlesource.com/kernel/common/+/c7732dbce590e"}],"affected":[{"package":{"name":":linux_kernel:","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":":0"},{"fixed":":2022-06-05"}]}],"versions":["Kernel"],"ecosystem_specific":{"spl":"2022-06-05","severity":"High","fixes":["https://android.googlesource.com/kernel/common/+/22ec100472854","https://android.googlesource.com/kernel/common/+/c7732dbce590e"],"types":["EoP"],"vanir_signatures":[{"digest":{"function_hash":"15411130885992590080241792335577292221","length":8670},"signature_type":"Function","deprecated":false,"source":"https://android.googlesource.com/kernel/common/+/c7732dbce590e","id":"ASB-A-222023189-450738e9","target":{"file":"drivers/usb/gadget/composite.c","function":"composite_setup","truncated_path_level":1},"signature_version":"v1"},{"digest":{"line_hashes":["8228047372824403445809389804182550337","215290394054290689799362561037584581376","50834800687003401478418564196561689514","157624948906676408928048125434499571554"],"threshold":0.9},"signature_type":"Line","deprecated":false,"source":"https://android.googlesource.com/kernel/common/+/c7732dbce590e","id":"ASB-A-222023189-abae828f","target":{"file":"drivers/usb/gadget/composite.c","truncated_path_level":1},"signature_version":"v1"},{"digest":{"function_hash":"15411130885992590080241792335577292221","length":8670},"signature_type":"Function","deprecated":false,"source":"https://android.googlesource.com/kernel/common/+/22ec100472854","id":"ASB-A-222023189-be9112ba","target":{"file":"drivers/usb/gadget/composite.c","function":"composite_setup","truncated_path_level":1},"signature_version":"v1"},{"digest":{"line_hashes":["8228047372824403445809389804182550337","215290394054290689799362561037584581376","50834800687003401478418564196561689514","157624948906676408928048125434499571554"],"threshold":0.9},"signature_type":"Line","deprecated":false,"source":"https://android.googlesource.com/kernel/common/+/22ec100472854","id":"ASB-A-222023189-f59ba70b","target":{"file":"drivers/usb/gadget/composite.c","truncated_path_level":1},"signature_version":"v1"}]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-222023189.json"}}],"schema_version":"1.7.3"}