{"id":"ASB-A-246465319","details":"In fdt_path_offset_namelen of fdt_ro.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-246465319","CVE-2022-20498"],"modified":"2026-04-30T15:48:46.890647Z","published":"2022-12-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2022-12-01"},{"type":"FIX","url":"https://android.googlesource.com/platform/external/dtc/+/ae2ece49eeacac7c89456ccc0c11d7a3047878eb"}],"affected":[{"package":{"name":"platform/external/dtc","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"10:0"},{"fixed":"10:2022-12-01"}]}],"versions":["10"],"ecosystem_specific":{"vanir_signatures":[{"id":"ASB-A-246465319-f0f9363c","target":{"file":"libfdt/fdt_ro.c"},"source":"https://android.googlesource.com/platform/external/dtc/+/d10c84c4bc78e8ebd8c6ebf70126ad3cb0ba1c46","digest":{"threshold":0.9,"line_hashes":["313892047556989837974905003400441723125","280888915742760431162838500447709826822","16669983411762510838423516276626381269"]},"deprecated":false,"signature_version":"v1","signature_type":"Line"},{"id":"ASB-A-246465319-fa1dc448","target":{"function":"fdt_path_offset_namelen","file":"libfdt/fdt_ro.c"},"source":"https://android.googlesource.com/platform/external/dtc/+/d10c84c4bc78e8ebd8c6ebf70126ad3cb0ba1c46","digest":{"length":702,"function_hash":"221827069630181021746652605547895732436"},"deprecated":false,"signature_version":"v1","signature_type":"Function"}],"types":["ID"],"severity":"Critical","fixes":["https://android.googlesource.com/platform/external/dtc/+/d10c84c4bc78e8ebd8c6ebf70126ad3cb0ba1c46"],"spl":"2022-12-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-246465319.json"}},{"package":{"name":"platform/external/dtc","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"11:0"},{"fixed":"11:2022-12-01"}]}],"versions":["11"],"ecosystem_specific":{"types":["ID"],"severity":"Critical","fixes":["https://android.googlesource.com/platform/external/dtc/+/e0440b09079afacb3101f5140560f719d438dadc"],"spl":"2022-12-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-246465319.json"}},{"package":{"name":"platform/external/dtc","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12:0"},{"fixed":"12:2022-12-01"}]}],"versions":["12"],"ecosystem_specific":{"vanir_signatures":[{"id":"ASB-A-246465319-a7286fca","target":{"function":"fdt_path_offset_namelen","file":"libfdt/fdt_ro.c"},"source":"https://android.googlesource.com/platform/external/dtc/+/a6ac6d916df145366bcb34f5507d5da213b2ebaf","digest":{"length":702,"function_hash":"221827069630181021746652605547895732436"},"deprecated":false,"signature_version":"v1","signature_type":"Function"},{"id":"ASB-A-246465319-da88e7f1","target":{"file":"libfdt/fdt_ro.c"},"source":"https://android.googlesource.com/platform/external/dtc/+/a6ac6d916df145366bcb34f5507d5da213b2ebaf","digest":{"threshold":0.9,"line_hashes":["281516969829063991719741721143573487947","139521848752087930508396216630369440300","140403702278646926293242532004389412178"]},"deprecated":false,"signature_version":"v1","signature_type":"Line"}],"types":["ID"],"severity":"Critical","fixes":["https://android.googlesource.com/platform/external/dtc/+/a6ac6d916df145366bcb34f5507d5da213b2ebaf"],"spl":"2022-12-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-246465319.json"}},{"package":{"name":"platform/external/dtc","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12L:0"},{"fixed":"12L:2022-12-01"}]}],"versions":["12L"],"ecosystem_specific":{"types":["ID"],"severity":"Critical","fixes":["https://android.googlesource.com/platform/external/dtc/+/952da991f42227e29d7257539d042386d3f4fa33"],"spl":"2022-12-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-246465319.json"}},{"package":{"name":"platform/external/dtc","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"13:0"},{"fixed":"13:2022-12-01"}]}],"versions":["13"],"ecosystem_specific":{"types":["ID"],"severity":"Critical","fixes":["https://android.googlesource.com/platform/external/dtc/+/5b78ca841071fee81479036462e7e048fefacb26"],"spl":"2022-12-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-246465319.json"}}],"schema_version":"1.7.5"}