{"id":"ASB-A-242096164","details":"In fdt_next_tag of fdt.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-242096164","CVE-2022-20454"],"modified":"2026-04-30T15:48:46.890647Z","published":"2022-11-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2022-11-01"},{"type":"FIX","url":"https://android.googlesource.com/platform/external/dtc/+/922334f6fb875169d64f9c33cba62d0dafc9faa2"}],"affected":[{"package":{"name":"platform/external/dtc","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"10:0"},{"fixed":"10:2022-11-01"}]}],"versions":["10"],"ecosystem_specific":{"vanir_signatures":[{"signature_version":"v1","target":{"function":"fdt_next_tag","file":"libfdt/fdt.c"},"digest":{"length":868,"function_hash":"48155499511233603468743082440558327132"},"deprecated":false,"signature_type":"Function","id":"ASB-A-242096164-72981459","source":"https://android.googlesource.com/platform/external/dtc/+/61e10c9c53b170ff8a5612ba4ec79e51d58e5eb3"},{"signature_version":"v1","target":{"file":"libfdt/fdt.c"},"digest":{"threshold":0.9,"line_hashes":["309739067641002084097361440152695524008","291156366120625323191698924957040365850","94871565527139618704143000422685786411","263913712226550338005318720709474483675","215879935486278698129105530739150608650","53422207073116415397177492878834415029","253305878879964867255926377589465692270","204786516121377371741346635871681687151","186720150446016306502542934040182032270"]},"deprecated":false,"signature_type":"Line","id":"ASB-A-242096164-d60429c7","source":"https://android.googlesource.com/platform/external/dtc/+/61e10c9c53b170ff8a5612ba4ec79e51d58e5eb3"}],"spl":"2022-11-01","fixes":["https://android.googlesource.com/platform/external/dtc/+/61e10c9c53b170ff8a5612ba4ec79e51d58e5eb3"],"severity":"High","types":["EoP"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-242096164.json"}},{"package":{"name":"platform/external/dtc","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"11:0"},{"fixed":"11:2022-11-01"}]}],"versions":["11"],"ecosystem_specific":{"spl":"2022-11-01","fixes":["https://android.googlesource.com/platform/external/dtc/+/d3f1c0562390ea9153d86ded1158436741669b59"],"severity":"High","types":["EoP"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-242096164.json"}},{"package":{"name":"platform/external/dtc","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12:0"},{"fixed":"12:2022-11-01"}]}],"versions":["12"],"ecosystem_specific":{"vanir_signatures":[{"signature_version":"v1","target":{"file":"libfdt/fdt.c"},"digest":{"threshold":0.9,"line_hashes":["241084989191143711222821133113772133513","225693625221088512506126213521745643014","298308984007314378771845219538921406682","2226405392376155895598714930614935904","313343107482493312486101327311761746297","314877662952931323275007588452111010203","4145266700988403605904709748972308037","102415554197559027539351105493185035050","53422207073116415397177492878834415029","253305878879964867255926377589465692270","204786516121377371741346635871681687151","186720150446016306502542934040182032270"]},"deprecated":false,"signature_type":"Line","id":"ASB-A-242096164-48049d98","source":"https://android.googlesource.com/platform/external/dtc/+/2b597691efba9251c47d14a6d9dfc5568abd98e7"},{"signature_version":"v1","target":{"function":"fdt_next_tag","file":"libfdt/fdt.c"},"digest":{"length":1093,"function_hash":"7842000788661298478680035696604098379"},"deprecated":false,"signature_type":"Function","id":"ASB-A-242096164-5e12775b","source":"https://android.googlesource.com/platform/external/dtc/+/2b597691efba9251c47d14a6d9dfc5568abd98e7"}],"spl":"2022-11-01","fixes":["https://android.googlesource.com/platform/external/dtc/+/2b597691efba9251c47d14a6d9dfc5568abd98e7"],"severity":"High","types":["EoP"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-242096164.json"}},{"package":{"name":"platform/external/dtc","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12L:0"},{"fixed":"12L:2022-11-01"}]}],"versions":["12L"],"ecosystem_specific":{"spl":"2022-11-01","fixes":["https://android.googlesource.com/platform/external/dtc/+/75c07bb2f68e0eddc1b37612a7de8b388e1a4181"],"severity":"High","types":["EoP"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-242096164.json"}},{"package":{"name":"platform/external/dtc","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"13:0"},{"fixed":"13:2022-11-01"}]}],"versions":["13"],"ecosystem_specific":{"vanir_signatures":[{"signature_version":"v1","target":{"file":"libfdt/fdt.c"},"digest":{"threshold":0.9,"line_hashes":["241084989191143711222821133113772133513","225693625221088512506126213521745643014","298308984007314378771845219538921406682","2226405392376155895598714930614935904","313343107482493312486101327311761746297","314877662952931323275007588452111010203","4145266700988403605904709748972308037","102415554197559027539351105493185035050","53422207073116415397177492878834415029","253305878879964867255926377589465692270","204786516121377371741346635871681687151","186720150446016306502542934040182032270"]},"deprecated":false,"signature_type":"Line","id":"ASB-A-242096164-0d76dbd5","source":"https://android.googlesource.com/platform/external/dtc/+/8ef746c547044b107da65c054daedf33075027b6"},{"signature_version":"v1","target":{"function":"fdt_next_tag","file":"libfdt/fdt.c"},"digest":{"length":1093,"function_hash":"7842000788661298478680035696604098379"},"deprecated":false,"signature_type":"Function","id":"ASB-A-242096164-b14eecf8","source":"https://android.googlesource.com/platform/external/dtc/+/8ef746c547044b107da65c054daedf33075027b6"}],"spl":"2022-11-01","fixes":["https://android.googlesource.com/platform/external/dtc/+/8ef746c547044b107da65c054daedf33075027b6"],"severity":"High","types":["EoP"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-242096164.json"}}],"schema_version":"1.7.5"}