{"id":"ASB-A-230794395","details":"In fdt_next_tag of fdt.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-230794395","CVE-2022-20412"],"modified":"2026-05-01T15:24:27.653932Z","published":"2022-10-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2022-10-01"},{"type":"FIX","url":"https://android.googlesource.com/platform/external/dtc/+/fba4a44c6f978793fe42ae32434aee1e92f0be7c"}],"affected":[{"package":{"name":"platform/external/dtc","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"10:0"},{"fixed":"10:2022-10-01"}]}],"versions":["10"],"ecosystem_specific":{"severity":"High","types":["EoP"],"fixes":["https://android.googlesource.com/platform/external/dtc/+/35c4c2b27acf66c217865451eeecf09bc82dae66"],"vanir_signatures":[{"id":"ASB-A-230794395-5fcba0ce","target":{"file":"libfdt/fdt.c","function":"fdt_offset_ptr"},"source":"https://android.googlesource.com/platform/external/dtc/+/35c4c2b27acf66c217865451eeecf09bc82dae66","digest":{"function_hash":"312355044490999311680138983836808689671","length":410},"signature_type":"Function","deprecated":false,"signature_version":"v1"},{"id":"ASB-A-230794395-7bb40bcd","target":{"file":"libfdt/fdt.c"},"source":"https://android.googlesource.com/platform/external/dtc/+/35c4c2b27acf66c217865451eeecf09bc82dae66","digest":{"line_hashes":["266984877797973412143116920294650544922","49462694035804154044927557974214420795","158942918778413130283053747784504606418","243870923220564217571919509773863672366","130621858275109693522054482746780176119","206352014911434540644001762793645924506","334548850389752236119074724450549448316","188340313234924781031762851821461742140","241626587593000428123672662300855153316","126004864080576951781972268306649988873"],"threshold":0.9},"signature_type":"Line","deprecated":false,"signature_version":"v1"}],"spl":"2022-10-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-230794395.json"}},{"package":{"name":"platform/external/dtc","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"11:0"},{"fixed":"11:2022-10-01"}]}],"versions":["11"],"ecosystem_specific":{"severity":"High","types":["EoP"],"fixes":["https://android.googlesource.com/platform/external/dtc/+/35c4c2b27acf66c217865451eeecf09bc82dae66"],"vanir_signatures":[{"id":"ASB-A-230794395-cb5a3d9b","target":{"file":"libfdt/fdt.c","function":"fdt_offset_ptr"},"source":"https://android.googlesource.com/platform/external/dtc/+/35c4c2b27acf66c217865451eeecf09bc82dae66","digest":{"function_hash":"312355044490999311680138983836808689671","length":410},"signature_type":"Function","deprecated":false,"signature_version":"v1"},{"id":"ASB-A-230794395-ea253a77","target":{"file":"libfdt/fdt.c"},"source":"https://android.googlesource.com/platform/external/dtc/+/35c4c2b27acf66c217865451eeecf09bc82dae66","digest":{"line_hashes":["266984877797973412143116920294650544922","49462694035804154044927557974214420795","158942918778413130283053747784504606418","243870923220564217571919509773863672366","130621858275109693522054482746780176119","206352014911434540644001762793645924506","334548850389752236119074724450549448316","188340313234924781031762851821461742140","241626587593000428123672662300855153316","126004864080576951781972268306649988873"],"threshold":0.9},"signature_type":"Line","deprecated":false,"signature_version":"v1"}],"spl":"2022-10-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-230794395.json"}},{"package":{"name":"platform/external/dtc","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12:0"},{"fixed":"12:2022-10-01"}]}],"versions":["12"],"ecosystem_specific":{"severity":"High","types":["EoP"],"fixes":["https://android.googlesource.com/platform/external/dtc/+/6f0fef2b2adce7f643c0c05b3df0c24840b29b54"],"vanir_signatures":[{"id":"ASB-A-230794395-0a825b35","target":{"file":"libfdt/fdt.c","function":"fdt_offset_ptr"},"source":"https://android.googlesource.com/platform/external/dtc/+/6f0fef2b2adce7f643c0c05b3df0c24840b29b54","digest":{"function_hash":"102411366170663226074525800423424698319","length":467},"signature_type":"Function","deprecated":false,"signature_version":"v1"},{"id":"ASB-A-230794395-0d0b9b94","target":{"file":"libfdt/fdt.c"},"source":"https://android.googlesource.com/platform/external/dtc/+/6f0fef2b2adce7f643c0c05b3df0c24840b29b54","digest":{"line_hashes":["266984877797973412143116920294650544922","192948583744952671966769211555992898726","120700501835552485563373450803012591791","234690462464257875745063909761627790554","114317319769253858983561566982460505858","130621858275109693522054482746780176119","242317702679378832154437837661829467161","259899953768705374365081909042002072569","277075291535447467809203283151276493486","197748537186705866800293744911917983208","240467384858530781791779611225249070979"],"threshold":0.9},"signature_type":"Line","deprecated":false,"signature_version":"v1"}],"spl":"2022-10-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-230794395.json"}},{"package":{"name":"platform/external/dtc","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12L:0"},{"fixed":"12L:2022-10-01"}]}],"versions":["12L"],"ecosystem_specific":{"severity":"High","types":["EoP"],"fixes":["https://android.googlesource.com/platform/external/dtc/+/7d9d85931fc20d0f80b4b82aed1d99d5edd65cde"],"spl":"2022-10-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-230794395.json"}},{"package":{"name":"platform/external/dtc","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"13:0"},{"fixed":"13:2022-10-01"}]}],"versions":["13"],"ecosystem_specific":{"severity":"High","types":["EoP"],"fixes":["https://android.googlesource.com/platform/external/dtc/+/7992e4aeb93afc9d36f7b18fdfa688227d1a9c20"],"spl":"2022-10-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-230794395.json"}}],"schema_version":"1.7.5"}