{"id":"ASB-A-239842288","details":"In rndis_set_response of rndis.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege if a malicious USB device is attached with no additional execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-239842288","CVE-2022-20423"],"modified":"2026-05-29T15:55:33.750044621Z","published":"2022-10-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2022-10-01"},{"type":"FIX","url":"https://android.googlesource.com/kernel/common/+/0a21a3eb9fcea0609f3bc8bee1f796788e0a770e"},{"type":"FIX","url":"https://android.googlesource.com/kernel/common/+/28bc0267399f4"}],"affected":[{"package":{"name":":linux_kernel:","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":":0"},{"fixed":":2022-10-05"}]}],"versions":["Kernel"],"ecosystem_specific":{"vanir_signatures":[{"digest":{"function_hash":"324509543485242453198264164088682879174","length":1113},"target":{"function":"rndis_set_response","file":"drivers/usb/gadget/function/rndis.c"},"source":"https://android.googlesource.com/kernel/common/+/0a21a3eb9fcea0609f3bc8bee1f796788e0a770e","signature_version":"v1","id":"ASB-A-239842288-03ac93ad","deprecated":false,"signature_type":"Function"},{"digest":{"line_hashes":["74610532842214861125328212539619698848","219320814454438370276643923899985203310","235029350871556551678875653730524412287","220013837063397485624450100683511902294"],"threshold":0.9},"target":{"file":"drivers/usb/gadget/function/rndis.c"},"source":"https://android.googlesource.com/kernel/common/+/28bc0267399f4","signature_version":"v1","id":"ASB-A-239842288-1570ac21","deprecated":false,"signature_type":"Line"},{"digest":{"function_hash":"324509543485242453198264164088682879174","length":1113},"target":{"function":"rndis_set_response","file":"drivers/usb/gadget/function/rndis.c"},"source":"https://android.googlesource.com/kernel/common/+/28bc0267399f4","signature_version":"v1","id":"ASB-A-239842288-91ac53f0","deprecated":false,"signature_type":"Function"},{"digest":{"line_hashes":["74610532842214861125328212539619698848","219320814454438370276643923899985203310","235029350871556551678875653730524412287","220013837063397485624450100683511902294"],"threshold":0.9},"target":{"file":"drivers/usb/gadget/function/rndis.c"},"deprecated":false,"signature_version":"v1","id":"ASB-A-239842288-e44fcac5","source":"https://android.googlesource.com/kernel/common/+/0a21a3eb9fcea0609f3bc8bee1f796788e0a770e","signature_type":"Line"}],"types":["EoP"],"severity":"High","spl":"2022-10-05","fixes":["https://android.googlesource.com/kernel/common/+/0a21a3eb9fcea0609f3bc8bee1f796788e0a770e","https://android.googlesource.com/kernel/common/+/28bc0267399f4"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-239842288.json"}}],"schema_version":"1.7.5"}