{"id":"ASB-A-238177383","details":"In io_identity_cow of io_uring.c, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-238177383","CVE-2022-20409"],"modified":"2026-05-27T15:53:17.428190120Z","published":"2022-10-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2022-10-01"},{"type":"FIX","url":"https://android.googlesource.com/kernel/common/+/0380da7fd63ac93caf96a75d1b31e388d3c754e9"}],"affected":[{"package":{"name":":linux_kernel:","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":":0"},{"fixed":":2022-10-05"}]}],"versions":["Kernel"],"ecosystem_specific":{"fixes":["https://android.googlesource.com/kernel/common/+/0380da7fd63ac93caf96a75d1b31e388d3c754e9"],"spl":"2022-10-05","vanir_signatures":[{"signature_version":"v1","id":"ASB-A-238177383-1c649e06","source":"https://android.googlesource.com/kernel/common/+/0380da7fd63ac93caf96a75d1b31e388d3c754e9","digest":{"threshold":0.9,"line_hashes":["283555694453714368821874255168558772476","134417412181918471945274425715513413757","484510208167674657433280657768788496","305247541390997635524119772618650777746"]},"signature_type":"Line","deprecated":false,"target":{"file":"fs/io_uring.c"}},{"signature_version":"v1","id":"ASB-A-238177383-3c096081","deprecated":false,"digest":{"function_hash":"7706770934050613843200183825408069182","length":793},"source":"https://android.googlesource.com/kernel/common/+/0380da7fd63ac93caf96a75d1b31e388d3c754e9","signature_type":"Function","target":{"file":"fs/io_uring.c","function":"io_identity_cow"}}],"severity":"Moderate","types":["EoP"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-238177383.json"}}],"schema_version":"1.7.5"}