{"id":"ASB-A-230356196","details":"In phNxpNciHal_write_unlocked of phNxpNciHal.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-230356196","CVE-2022-20462"],"modified":"2026-04-28T15:17:37.552933Z","published":"2022-11-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2022-11-01"},{"type":"FIX","url":"https://android.googlesource.com/platform/hardware/nxp/nfc/+/4ef6287d7b4d2f9857ca3faa1c79f070cbd80e06"}],"affected":[{"package":{"name":"platform/hardware/nxp/nfc","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"10:0"},{"fixed":"10:2022-11-01"}]}],"versions":["10"],"ecosystem_specific":{"vanir_signatures":[{"source":"https://android.googlesource.com/platform/hardware/nxp/nfc/+/a0c461b91a67f6ee0e86f856bcea2bdac2318491","signature_version":"v1","id":"ASB-A-230356196-2b426fc1","target":{"file":"halimpl/hal/phNxpNciHal_ext.cc","function":"phNxpNciHal_write_ext"},"deprecated":false,"signature_type":"Function","digest":{"function_hash":"95941805404000749890334167924536138770","length":7162}},{"source":"https://android.googlesource.com/platform/hardware/nxp/nfc/+/a0c461b91a67f6ee0e86f856bcea2bdac2318491","signature_version":"v1","id":"ASB-A-230356196-a07b1aa5","target":{"file":"halimpl/hal/phNxpNciHal_ext.cc"},"deprecated":false,"signature_type":"Line","digest":{"line_hashes":["219055300527710120337293274866049803551","336381885887554992179558876792283641179","57139778833048232178722579575282040841","191085082137101845790661836300778798488"],"threshold":0.9}}],"fixes":["https://android.googlesource.com/platform/hardware/nxp/nfc/+/a0c461b91a67f6ee0e86f856bcea2bdac2318491"],"severity":"High","spl":"2022-11-01","types":["EoP"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-230356196.json"}},{"package":{"name":"platform/hardware/nxp/nfc","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"11:0"},{"fixed":"11:2022-11-01"}]}],"versions":["11"],"ecosystem_specific":{"vanir_signatures":[{"source":"https://android.googlesource.com/platform/hardware/nxp/nfc/+/a0c461b91a67f6ee0e86f856bcea2bdac2318491","signature_version":"v1","id":"ASB-A-230356196-11865510","target":{"file":"halimpl/hal/phNxpNciHal_ext.cc","function":"phNxpNciHal_write_ext"},"deprecated":false,"signature_type":"Function","digest":{"function_hash":"95941805404000749890334167924536138770","length":7162}},{"source":"https://android.googlesource.com/platform/hardware/nxp/nfc/+/a0c461b91a67f6ee0e86f856bcea2bdac2318491","signature_version":"v1","id":"ASB-A-230356196-25735f29","target":{"file":"halimpl/hal/phNxpNciHal_ext.cc"},"deprecated":false,"signature_type":"Line","digest":{"line_hashes":["219055300527710120337293274866049803551","336381885887554992179558876792283641179","57139778833048232178722579575282040841","191085082137101845790661836300778798488"],"threshold":0.9}}],"fixes":["https://android.googlesource.com/platform/hardware/nxp/nfc/+/a0c461b91a67f6ee0e86f856bcea2bdac2318491"],"severity":"High","spl":"2022-11-01","types":["EoP"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-230356196.json"}},{"package":{"name":"platform/hardware/nxp/nfc","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12:0"},{"fixed":"12:2022-11-01"}]}],"versions":["12"],"ecosystem_specific":{"vanir_signatures":[{"source":"https://android.googlesource.com/platform/hardware/nxp/nfc/+/9b103dd005ba3b4a33d54518e879010254d897ae","signature_version":"v1","id":"ASB-A-230356196-486fd4fb","target":{"file":"snxxx/halimpl/hal/phNxpNciHal_ext.cc"},"deprecated":false,"signature_type":"Line","digest":{"line_hashes":["219055300527710120337293274866049803551","336381885887554992179558876792283641179","57139778833048232178722579575282040841","191085082137101845790661836300778798488"],"threshold":0.9}},{"source":"https://android.googlesource.com/platform/hardware/nxp/nfc/+/9b103dd005ba3b4a33d54518e879010254d897ae","signature_version":"v1","id":"ASB-A-230356196-b5c90b9d","target":{"file":"pn8x/halimpl/hal/phNxpNciHal_ext.cc","function":"phNxpNciHal_write_ext"},"deprecated":false,"signature_type":"Function","digest":{"function_hash":"70202436915826428778370366148075471606","length":7169}},{"source":"https://android.googlesource.com/platform/hardware/nxp/nfc/+/9b103dd005ba3b4a33d54518e879010254d897ae","signature_version":"v1","id":"ASB-A-230356196-b5fed546","target":{"file":"snxxx/halimpl/hal/phNxpNciHal_ext.cc","function":"phNxpNciHal_write_ext"},"deprecated":false,"signature_type":"Function","digest":{"function_hash":"105225332814135071589178724913404180392","length":7356}},{"source":"https://android.googlesource.com/platform/hardware/nxp/nfc/+/9b103dd005ba3b4a33d54518e879010254d897ae","signature_version":"v1","id":"ASB-A-230356196-f404a935","target":{"file":"pn8x/halimpl/hal/phNxpNciHal_ext.cc"},"deprecated":false,"signature_type":"Line","digest":{"line_hashes":["219055300527710120337293274866049803551","336381885887554992179558876792283641179","57139778833048232178722579575282040841","191085082137101845790661836300778798488"],"threshold":0.9}}],"fixes":["https://android.googlesource.com/platform/hardware/nxp/nfc/+/9b103dd005ba3b4a33d54518e879010254d897ae"],"severity":"High","spl":"2022-11-01","types":["EoP"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-230356196.json"}},{"package":{"name":"platform/hardware/nxp/nfc","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12L:0"},{"fixed":"12L:2022-11-01"}]}],"versions":["12L"],"ecosystem_specific":{"vanir_signatures":[{"source":"https://android.googlesource.com/platform/hardware/nxp/nfc/+/9b103dd005ba3b4a33d54518e879010254d897ae","signature_version":"v1","id":"ASB-A-230356196-0587a633","target":{"file":"pn8x/halimpl/hal/phNxpNciHal_ext.cc"},"deprecated":false,"signature_type":"Line","digest":{"line_hashes":["219055300527710120337293274866049803551","336381885887554992179558876792283641179","57139778833048232178722579575282040841","191085082137101845790661836300778798488"],"threshold":0.9}},{"source":"https://android.googlesource.com/platform/hardware/nxp/nfc/+/9b103dd005ba3b4a33d54518e879010254d897ae","signature_version":"v1","id":"ASB-A-230356196-7015178c","target":{"file":"snxxx/halimpl/hal/phNxpNciHal_ext.cc","function":"phNxpNciHal_write_ext"},"deprecated":false,"signature_type":"Function","digest":{"function_hash":"105225332814135071589178724913404180392","length":7356}},{"source":"https://android.googlesource.com/platform/hardware/nxp/nfc/+/9b103dd005ba3b4a33d54518e879010254d897ae","signature_version":"v1","id":"ASB-A-230356196-77485ea1","target":{"file":"snxxx/halimpl/hal/phNxpNciHal_ext.cc"},"deprecated":false,"signature_type":"Line","digest":{"line_hashes":["219055300527710120337293274866049803551","336381885887554992179558876792283641179","57139778833048232178722579575282040841","191085082137101845790661836300778798488"],"threshold":0.9}},{"source":"https://android.googlesource.com/platform/hardware/nxp/nfc/+/9b103dd005ba3b4a33d54518e879010254d897ae","signature_version":"v1","id":"ASB-A-230356196-e88d2d93","target":{"file":"pn8x/halimpl/hal/phNxpNciHal_ext.cc","function":"phNxpNciHal_write_ext"},"deprecated":false,"signature_type":"Function","digest":{"function_hash":"70202436915826428778370366148075471606","length":7169}}],"fixes":["https://android.googlesource.com/platform/hardware/nxp/nfc/+/9b103dd005ba3b4a33d54518e879010254d897ae"],"severity":"High","spl":"2022-11-01","types":["EoP"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-230356196.json"}},{"package":{"name":"platform/hardware/nxp/nfc","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"13:0"},{"fixed":"13:2022-11-01"}]}],"versions":["13"],"ecosystem_specific":{"vanir_signatures":[{"source":"https://android.googlesource.com/platform/hardware/nxp/nfc/+/9b103dd005ba3b4a33d54518e879010254d897ae","signature_version":"v1","id":"ASB-A-230356196-5b3c07de","target":{"file":"snxxx/halimpl/hal/phNxpNciHal_ext.cc"},"deprecated":false,"signature_type":"Line","digest":{"line_hashes":["219055300527710120337293274866049803551","336381885887554992179558876792283641179","57139778833048232178722579575282040841","191085082137101845790661836300778798488"],"threshold":0.9}},{"source":"https://android.googlesource.com/platform/hardware/nxp/nfc/+/9b103dd005ba3b4a33d54518e879010254d897ae","signature_version":"v1","id":"ASB-A-230356196-6c0dec57","target":{"file":"snxxx/halimpl/hal/phNxpNciHal_ext.cc","function":"phNxpNciHal_write_ext"},"deprecated":false,"signature_type":"Function","digest":{"function_hash":"105225332814135071589178724913404180392","length":7356}},{"source":"https://android.googlesource.com/platform/hardware/nxp/nfc/+/9b103dd005ba3b4a33d54518e879010254d897ae","signature_version":"v1","id":"ASB-A-230356196-cb6360f1","target":{"file":"pn8x/halimpl/hal/phNxpNciHal_ext.cc","function":"phNxpNciHal_write_ext"},"deprecated":false,"signature_type":"Function","digest":{"function_hash":"70202436915826428778370366148075471606","length":7169}},{"source":"https://android.googlesource.com/platform/hardware/nxp/nfc/+/9b103dd005ba3b4a33d54518e879010254d897ae","signature_version":"v1","id":"ASB-A-230356196-f63627da","target":{"file":"pn8x/halimpl/hal/phNxpNciHal_ext.cc"},"deprecated":false,"signature_type":"Line","digest":{"line_hashes":["219055300527710120337293274866049803551","336381885887554992179558876792283641179","57139778833048232178722579575282040841","191085082137101845790661836300778798488"],"threshold":0.9}}],"fixes":["https://android.googlesource.com/platform/hardware/nxp/nfc/+/9b103dd005ba3b4a33d54518e879010254d897ae"],"severity":"High","spl":"2022-11-01","types":["EoP"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-230356196.json"}}],"schema_version":"1.7.5"}