{"id":"ASB-A-238379819","details":"a function called 'nla_parse', do not check the len of para, it will check nla_type (which can be controlled by userspace) with 'maxtype' (in this case, it is GSCAN_MAX), then it access polciy array 'policy[type]', which OOB access happens.","aliases":["A-238379819","A-253978054","ASB-A-253978054","CVE-2022-20385","CVE-2022-42772","U-1903041"],"modified":"2026-04-30T15:48:46.890647Z","published":"2022-09-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2022-09-01"}],"affected":[{"package":{"name":":unknown:","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"SoCVersion:0"},{"fixed":"SoCVersion:2022-09-05"}]}],"versions":["SoCVersion"],"ecosystem_specific":{"spl":"2022-09-05","severity":"High","types":["EoP"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-238379819.json"}}],"schema_version":"1.7.5"}