{"id":"ASB-A-237717857","details":"In audioTransportsToHal of HidlUtils.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-237717857","CVE-2022-20416"],"modified":"2026-04-21T15:25:42.831358Z","published":"2022-10-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2022-10-01"},{"type":"FIX","url":"https://android.googlesource.com/platform/hardware/interfaces/+/bbf8f4e9987295b655704332c8c0a4f7475c00af"}],"affected":[{"package":{"name":"platform/hardware/interfaces","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12:0"},{"fixed":"12:2022-10-01"}]}],"versions":["12"],"ecosystem_specific":{"severity":"High","fixes":["https://android.googlesource.com/platform/hardware/interfaces/+/f16c6d3a5741768356159f099d04bfe2219c81fe"],"vanir_signatures":[{"signature_version":"v1","signature_type":"Function","id":"ASB-A-237717857-3347ba34","digest":{"function_hash":"30693180149815436432511666337241282332","length":1770},"deprecated":false,"source":"https://android.googlesource.com/platform/hardware/interfaces/+/f16c6d3a5741768356159f099d04bfe2219c81fe","target":{"function":"HidlUtils::audioTransportsToHal","file":"audio/common/all-versions/default/7.0/HidlUtils.cpp"}},{"signature_version":"v1","signature_type":"Line","id":"ASB-A-237717857-6345877f","digest":{"line_hashes":["269344792656577092001110833540011432940","24566917316876822633373775224199387841","326563767327415897676849247084034620501","296721903556534197228020912422928613838","98664012303234856457986909474349887885","242909748081190874474530485925527046198","337480627864806466889618801044925771695","32976967712788725498324097883947031232"],"threshold":0.9},"deprecated":false,"source":"https://android.googlesource.com/platform/hardware/interfaces/+/f16c6d3a5741768356159f099d04bfe2219c81fe","target":{"file":"audio/common/all-versions/default/7.0/HidlUtils.cpp"}},{"signature_version":"v1","signature_type":"Line","id":"ASB-A-237717857-a6f3adea","digest":{"line_hashes":["172186339874870091662576372895279208413","227349891284322899533340354059474595611","186519563238785187792249710978779741919","110617716582878860557393456367871608803","43366630099968855310673323885673129606","131451768960244202058325825301537495331","78935328830424581718176604854654660458","306341795472413105250127479060524261756","16834518065203268661284590998142718197","299064499527370160859152552006985321520","180805790256931266346711168313089126423","170095354208668041088633580278233745834","33521963547965584930512648087844251698","114610901870909908359583640191322919081","212452195949018653488913703488818546503","153444376759287560523706886364648112712","29528458756198696541044575576555735593","48063698236143321999460836226503716002","172446838531745295337624745295579102534","183608570636346057331731099513885835857"],"threshold":0.9},"deprecated":false,"source":"https://android.googlesource.com/platform/hardware/interfaces/+/f16c6d3a5741768356159f099d04bfe2219c81fe","target":{"file":"audio/common/all-versions/default/tests/hidlutils_tests.cpp"}},{"signature_version":"v1","signature_type":"Function","id":"ASB-A-237717857-e11f7680","digest":{"function_hash":"127934060083940188991457240859462848395","length":1096},"deprecated":false,"source":"https://android.googlesource.com/platform/hardware/interfaces/+/f16c6d3a5741768356159f099d04bfe2219c81fe","target":{"function":"TEST","file":"audio/common/all-versions/default/tests/hidlutils_tests.cpp"}},{"signature_version":"v1","signature_type":"Function","id":"ASB-A-237717857-e5a04e11","digest":{"function_hash":"168160430229648601525038002173658487200","length":978},"deprecated":false,"source":"https://android.googlesource.com/platform/hardware/interfaces/+/f16c6d3a5741768356159f099d04bfe2219c81fe","target":{"function":"TEST","file":"audio/common/all-versions/default/tests/hidlutils_tests.cpp"}}],"types":["EoP"],"spl":"2022-10-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-237717857.json"}},{"package":{"name":"platform/hardware/interfaces","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12L:0"},{"fixed":"12L:2022-10-01"}]}],"versions":["12L"],"ecosystem_specific":{"severity":"High","fixes":["https://android.googlesource.com/platform/hardware/interfaces/+/f16c6d3a5741768356159f099d04bfe2219c81fe"],"vanir_signatures":[{"signature_version":"v1","signature_type":"Function","id":"ASB-A-237717857-082faaa8","digest":{"function_hash":"127934060083940188991457240859462848395","length":1096},"deprecated":false,"source":"https://android.googlesource.com/platform/hardware/interfaces/+/f16c6d3a5741768356159f099d04bfe2219c81fe","target":{"function":"TEST","file":"audio/common/all-versions/default/tests/hidlutils_tests.cpp"}},{"signature_version":"v1","signature_type":"Line","id":"ASB-A-237717857-4ea9c451","digest":{"line_hashes":["269344792656577092001110833540011432940","24566917316876822633373775224199387841","326563767327415897676849247084034620501","296721903556534197228020912422928613838","98664012303234856457986909474349887885","242909748081190874474530485925527046198","337480627864806466889618801044925771695","32976967712788725498324097883947031232"],"threshold":0.9},"deprecated":false,"source":"https://android.googlesource.com/platform/hardware/interfaces/+/f16c6d3a5741768356159f099d04bfe2219c81fe","target":{"file":"audio/common/all-versions/default/7.0/HidlUtils.cpp"}},{"signature_version":"v1","signature_type":"Line","id":"ASB-A-237717857-5e18add7","digest":{"line_hashes":["172186339874870091662576372895279208413","227349891284322899533340354059474595611","186519563238785187792249710978779741919","110617716582878860557393456367871608803","43366630099968855310673323885673129606","131451768960244202058325825301537495331","78935328830424581718176604854654660458","306341795472413105250127479060524261756","16834518065203268661284590998142718197","299064499527370160859152552006985321520","180805790256931266346711168313089126423","170095354208668041088633580278233745834","33521963547965584930512648087844251698","114610901870909908359583640191322919081","212452195949018653488913703488818546503","153444376759287560523706886364648112712","29528458756198696541044575576555735593","48063698236143321999460836226503716002","172446838531745295337624745295579102534","183608570636346057331731099513885835857"],"threshold":0.9},"deprecated":false,"source":"https://android.googlesource.com/platform/hardware/interfaces/+/f16c6d3a5741768356159f099d04bfe2219c81fe","target":{"file":"audio/common/all-versions/default/tests/hidlutils_tests.cpp"}},{"signature_version":"v1","signature_type":"Function","id":"ASB-A-237717857-90647a9e","digest":{"function_hash":"30693180149815436432511666337241282332","length":1770},"deprecated":false,"source":"https://android.googlesource.com/platform/hardware/interfaces/+/f16c6d3a5741768356159f099d04bfe2219c81fe","target":{"function":"HidlUtils::audioTransportsToHal","file":"audio/common/all-versions/default/7.0/HidlUtils.cpp"}},{"signature_version":"v1","signature_type":"Function","id":"ASB-A-237717857-fc41aa42","digest":{"function_hash":"168160430229648601525038002173658487200","length":978},"deprecated":false,"source":"https://android.googlesource.com/platform/hardware/interfaces/+/f16c6d3a5741768356159f099d04bfe2219c81fe","target":{"function":"TEST","file":"audio/common/all-versions/default/tests/hidlutils_tests.cpp"}}],"types":["EoP"],"spl":"2022-10-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-237717857.json"}},{"package":{"name":"platform/hardware/interfaces","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"13:0"},{"fixed":"13:2022-10-01"}]}],"versions":["13"],"ecosystem_specific":{"severity":"High","fixes":["https://android.googlesource.com/platform/hardware/interfaces/+/f16c6d3a5741768356159f099d04bfe2219c81fe"],"vanir_signatures":[{"signature_version":"v1","signature_type":"Function","id":"ASB-A-237717857-2498d497","digest":{"function_hash":"168160430229648601525038002173658487200","length":978},"deprecated":false,"source":"https://android.googlesource.com/platform/hardware/interfaces/+/f16c6d3a5741768356159f099d04bfe2219c81fe","target":{"function":"TEST","file":"audio/common/all-versions/default/tests/hidlutils_tests.cpp"}},{"signature_version":"v1","signature_type":"Function","id":"ASB-A-237717857-4cbcee65","digest":{"function_hash":"127934060083940188991457240859462848395","length":1096},"deprecated":false,"source":"https://android.googlesource.com/platform/hardware/interfaces/+/f16c6d3a5741768356159f099d04bfe2219c81fe","target":{"function":"TEST","file":"audio/common/all-versions/default/tests/hidlutils_tests.cpp"}},{"signature_version":"v1","signature_type":"Function","id":"ASB-A-237717857-62c23548","digest":{"function_hash":"30693180149815436432511666337241282332","length":1770},"deprecated":false,"source":"https://android.googlesource.com/platform/hardware/interfaces/+/f16c6d3a5741768356159f099d04bfe2219c81fe","target":{"function":"HidlUtils::audioTransportsToHal","file":"audio/common/all-versions/default/7.0/HidlUtils.cpp"}},{"signature_version":"v1","signature_type":"Line","id":"ASB-A-237717857-7c5aa959","digest":{"line_hashes":["172186339874870091662576372895279208413","227349891284322899533340354059474595611","186519563238785187792249710978779741919","110617716582878860557393456367871608803","43366630099968855310673323885673129606","131451768960244202058325825301537495331","78935328830424581718176604854654660458","306341795472413105250127479060524261756","16834518065203268661284590998142718197","299064499527370160859152552006985321520","180805790256931266346711168313089126423","170095354208668041088633580278233745834","33521963547965584930512648087844251698","114610901870909908359583640191322919081","212452195949018653488913703488818546503","153444376759287560523706886364648112712","29528458756198696541044575576555735593","48063698236143321999460836226503716002","172446838531745295337624745295579102534","183608570636346057331731099513885835857"],"threshold":0.9},"deprecated":false,"source":"https://android.googlesource.com/platform/hardware/interfaces/+/f16c6d3a5741768356159f099d04bfe2219c81fe","target":{"file":"audio/common/all-versions/default/tests/hidlutils_tests.cpp"}},{"signature_version":"v1","signature_type":"Line","id":"ASB-A-237717857-acd99333","digest":{"line_hashes":["269344792656577092001110833540011432940","24566917316876822633373775224199387841","326563767327415897676849247084034620501","296721903556534197228020912422928613838","98664012303234856457986909474349887885","242909748081190874474530485925527046198","337480627864806466889618801044925771695","32976967712788725498324097883947031232"],"threshold":0.9},"deprecated":false,"source":"https://android.googlesource.com/platform/hardware/interfaces/+/f16c6d3a5741768356159f099d04bfe2219c81fe","target":{"file":"audio/common/all-versions/default/7.0/HidlUtils.cpp"}}],"types":["EoP"],"spl":"2022-10-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-237717857.json"}}],"schema_version":"1.7.5"}