{"id":"ASB-A-257443051","details":"In several functions of the Android Linux kernel, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-257443051","CVE-2023-20937"],"modified":"2026-05-26T15:46:26.044149249Z","published":"2023-02-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2023-02-01"},{"type":"FIX","url":"https://android.googlesource.com/kernel/common/+/50d2b75b860a6495aac6127a27f75b309e91b689"},{"type":"FIX","url":"https://android.googlesource.com/kernel/common/+/5844c8e7aaa946341f0d30441adc8f2cd97efbfc"},{"type":"FIX","url":"https://android.googlesource.com/kernel/common/+/4ea18cd059a4986a6a6f94a7f6d019b750bece65"},{"type":"FIX","url":"https://android.googlesource.com/kernel/common/+/ca96bd7bf10e62eccc583726be502f219ab02c1e"},{"type":"FIX","url":"https://android.googlesource.com/kernel/common/+/533a88fed7d0107eff64d723d853e9a2c4a1053c"},{"type":"FIX","url":"https://android.googlesource.com/kernel/common/+/a1f65b39ba08a0f24bde9f07921ff48277761132"},{"type":"FIX","url":"https://android.googlesource.com/kernel/common/+/3f311327f910e5c73d5bd602a80afcad371e83cd"}],"affected":[{"package":{"name":":linux_kernel:","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":":0"},{"fixed":":2023-02-05"}]}],"versions":["Kernel"],"ecosystem_specific":{"vanir_signatures":[{"source":"https://android.googlesource.com/kernel/common/+/3f311327f910e5c73d5bd602a80afcad371e83cd","id":"ASB-A-257443051-04360e3b","signature_version":"v1","signature_type":"Line","digest":{"line_hashes":["90349997961794140005994283412347607671","33330146174059506987460899299007733048","333405777602281207248768250366045409158","9437249119828905140733911049185923614","230146267755354811562359335644047689244","78847786890969535185675340708327893047","204198407646300911077867939533606828503","225777822968770784240026837602764288727","188772174509693946954763946792453575517","254696216374900701991017979343475924929","286232029829299807398042304180692032941","50182187084195876613061918879491888453","268827395812849400136751120940773080719","57430635733445739238548161749917906170","337758918008927829216942535846358460774","52374486780257004216729473160573811969","337359644861769469787614553243810373980","60203788414696144079431764192241925098","278635761680431502675922502123491894803","311795377058947205955375909980588384880","339224540752852382387208977916745122171","54437077036201331029712062886206145879","231662307513929131429289230369146654049","117748129994821568095662716726341289381","38409544743104477094759950189288221247","201400259752501890421235440946382221214","324607262028366708659567422559987261369","127256245248739780118635074090216326810","273190731458301690458387772005392519059","176092484117585210509053173109392899136","44479797551460979539514177780627940588","12967738027312931568533064170464958454","149755519372865311733052869707961052068","175902000962761333518582847236098404614","59105900363660926844410309261859658399","538889251892176561637896479779244880","227269234091886382935833954437779867645","62599682106280878832387371397663377395","260429548720160506740244304234000348532","289519164162454221233319286473396783531","151810853550874344260616967139732862208"],"threshold":0.9},"deprecated":false,"target":{"file":"arch/arm64/mm/fault.c"}},{"source":"https://android.googlesource.com/kernel/common/+/3f311327f910e5c73d5bd602a80afcad371e83cd","id":"ASB-A-257443051-0f6d69af","signature_version":"v1","signature_type":"Line","digest":{"line_hashes":["175987319813589939320544428101347308425","81355071304632501913545894005046657607","286712988081706539654303465161453327756","291509442699145851074023602221500049804","312687034910172620385929360375289439047","306441057852845127194663198855876104739","289610286434021659604212321548658205359","216537303692122383722883669374916911376","93129400781065904797586029801645263950","161442424904831991507394645295558863302","199819447781378841175661417481695150817","228602708382831907272581625298676472074","191289145721267978836501166683689708953","320881220285900115151882708337488966717","324698525148700124504906195489151568430","107858299146934385832845265392480619017","158138459365811558356183903437299148395","298372342315554677853334846823403983396","320718532133039333806504216680107152172","235991785009887317673678571290304362782","231517677460875203802325096820706380290","18154702479158792987281938548990703870","333461159596177451765111719218312864691","61229569283209288228502996591193709304","55683042232018505222984111087810496265","177671343305291990160702528390575244627","70096681169316112200139066228363782547"],"threshold":0.9},"deprecated":false,"target":{"file":"kernel/fork.c"}},{"source":"https://android.googlesource.com/kernel/common/+/ca96bd7bf10e62eccc583726be502f219ab02c1e","id":"ASB-A-257443051-16817eea","signature_version":"v1","signature_type":"Function","deprecated":true,"target":{"function":"__find_vma","file":"mm/nommu.c"},"digest":{"length":340,"function_hash":"247574521921275082392918268778392699899"}},{"source":"https://android.googlesource.com/kernel/common/+/50d2b75b860a6495aac6127a27f75b309e91b689","id":"ASB-A-257443051-26766aef","signature_version":"v1","signature_type":"Line","digest":{"line_hashes":["202150568760842936207970370058739858145","36061958919330756560107959294501527422","186216907002860401703584664020542021824","27558272932828544654024251370394432338"],"threshold":0.9},"deprecated":false,"target":{"file":"mm/rmap.c"}},{"source":"https://android.googlesource.com/kernel/common/+/3f311327f910e5c73d5bd602a80afcad371e83cd","id":"ASB-A-257443051-590a6d17","signature_version":"v1","signature_type":"Line","digest":{"line_hashes":["229191064626350713838324552748613217701","298110321254293125895252720510586242268","129823111773582098620618320184012427407"],"threshold":0.9},"deprecated":true,"target":{"file":"mm/memory.c"}},{"source":"https://android.googlesource.com/kernel/common/+/3f311327f910e5c73d5bd602a80afcad371e83cd","id":"ASB-A-257443051-5b4a5066","signature_version":"v1","signature_type":"Function","target":{"function":"vm_area_free","file":"kernel/fork.c"},"digest":{"length":296,"function_hash":"304224270656147033512245617101240382711"},"deprecated":false},{"source":"https://android.googlesource.com/kernel/common/+/ca96bd7bf10e62eccc583726be502f219ab02c1e","id":"ASB-A-257443051-674e4071","signature_version":"v1","signature_type":"Line","digest":{"line_hashes":["156685963599492258169727425360014185662","238600745856232712036511589400244524532","304213370523799900187940759341940368694","297124876274695538835061859469291222875","60013874887765753717666567128730014221","329326120897325970132462853658070658804","340149787332029753642551137543091192769","180573021079073066296669354974424924780","326985130841906546465949551939203962017","172323454428466741430637338054629255956","236284904113255811643181499237406672814","213574775841200817704416437314853400603","196281169656912986980731375926752466834"],"threshold":0.9},"deprecated":false,"target":{"file":"mm/mmap.c"}},{"source":"https://android.googlesource.com/kernel/common/+/533a88fed7d0107eff64d723d853e9a2c4a1053c","id":"ASB-A-257443051-6db1d3fa","signature_version":"v1","signature_type":"Line","digest":{"line_hashes":["107495244874798744029887959353098959620","309089279031178842774707910566717880104","147482750705227228292036289846304377249","137557750825714246603947329889087201491","324131300247421353052654732280695566387","324862420182178577650750048117105568843","1228260130139878720329556233712426866","274284880338793595387743666369373837552"],"threshold":0.9},"deprecated":false,"target":{"file":"mm/mremap.c"}},{"source":"https://android.googlesource.com/kernel/common/+/3f311327f910e5c73d5bd602a80afcad371e83cd","id":"ASB-A-257443051-74d25446","signature_version":"v1","signature_type":"Line","digest":{"line_hashes":["283535518396793826535956934081474873108","2669960738505225739545333878213748393","161200334978936742850034182152227747015","176883152808705061616760747189695735293","212078564284353733299392021887819118668","204198407646300911077867939533606828503","164752008746532384405565435856914454230","48734980859394105981850888529800160506","17521398937503191473143967013755486787","86308018728779471901621197307079352725","60244002890564584453689078103251183016","268827395812849400136751120940773080719","202814779179569414122058626456051225426","130722769911506741027132657568996064870","148154783826115610999665662131411323848","273501878652191767625331110792383400588","60203788414696144079431764192241925098","278635761680431502675922502123491894803","311795377058947205955375909980588384880","339224540752852382387208977916745122171","54437077036201331029712062886206145879","231662307513929131429289230369146654049","117748129994821568095662716726341289381","38409544743104477094759950189288221247","201400259752501890421235440946382221214","324607262028366708659567422559987261369","127256245248739780118635074090216326810","319274653280772053681813587304964432115","107550976864504162092315980744953915234","323135307888809759483870274871034548980","67864239895056451170368489968707931338","143929440722259153534079025134199158967","2001341478430462588173697149349390065","149755519372865311733052869707961052068","175902000962761333518582847236098404614","209621486992994374534471927347383296962","124300029164884976352165487045291386959","139998833890775143499667766774268001246","298448879261304466312057690351166964029","93327184200239926127618015863641635088","149755519372865311733052869707961052068","175902000962761333518582847236098404614","179830911570077284387809679554913390849","59599782728891466535860303504254156614","84763462107407810331557305636998350965","151026915247565011446355289011492127895","296171499531907385988037117536041313883","45870060721800295844943652131237747456","231544623516924583749555990478724686860"],"threshold":0.9},"deprecated":false,"target":{"file":"arch/powerpc/mm/fault.c"}},{"source":"https://android.googlesource.com/kernel/common/+/3f311327f910e5c73d5bd602a80afcad371e83cd","id":"ASB-A-257443051-797ec804","signature_version":"v1","signature_type":"Function","target":{"function":"___do_page_fault","file":"arch/powerpc/mm/fault.c"},"digest":{"length":3870,"function_hash":"188714146957860623339706150010987046687"},"deprecated":false},{"source":"https://android.googlesource.com/kernel/common/+/50d2b75b860a6495aac6127a27f75b309e91b689","id":"ASB-A-257443051-7ab44b3b","signature_version":"v1","signature_type":"Function","digest":{"length":761,"function_hash":"121126448024498034494840826277502301605"},"deprecated":false,"target":{"function":"unlink_anon_vmas","file":"mm/rmap.c"}},{"source":"https://android.googlesource.com/kernel/common/+/3f311327f910e5c73d5bd602a80afcad371e83cd","id":"ASB-A-257443051-87b9ed62","signature_version":"v1","signature_type":"Line","deprecated":false,"target":{"file":"arch/x86/mm/fault.c"},"digest":{"line_hashes":["65230660445532762996007397126293140723","97278426426379749107002336789654477557","161200334978936742850034182152227747015","176883152808705061616760747189695735293","307027489443714200184220542382049526318","204198407646300911077867939533606828503","164752008746532384405565435856914454230","48734980859394105981850888529800160506","17521398937503191473143967013755486787","86308018728779471901621197307079352725","60244002890564584453689078103251183016","268827395812849400136751120940773080719","202814779179569414122058626456051225426","130722769911506741027132657568996064870","148154783826115610999665662131411323848","273501878652191767625331110792383400588","60203788414696144079431764192241925098","278635761680431502675922502123491894803","311795377058947205955375909980588384880","339224540752852382387208977916745122171","54437077036201331029712062886206145879","231662307513929131429289230369146654049","117748129994821568095662716726341289381","38409544743104477094759950189288221247","201400259752501890421235440946382221214","324607262028366708659567422559987261369","127256245248739780118635074090216326810","15957040965880395749758832587945850100","206519986382954727830331852672171663395","20864466908749243996482676896792087007","151385497125609608957953195751884269440","149755519372865311733052869707961052068","175902000962761333518582847236098404614","179830911570077284387809679554913390849","59599782728891466535860303504254156614","84763462107407810331557305636998350965","151026915247565011446355289011492127895","143435979801156031744814899357163402818","77551455440546928173909890983937402998","191472214570196089178594477514177096424"],"threshold":0.9}},{"source":"https://android.googlesource.com/kernel/common/+/ca96bd7bf10e62eccc583726be502f219ab02c1e","id":"ASB-A-257443051-91384ef4","signature_version":"v1","signature_type":"Line","digest":{"line_hashes":["81700678338773074863018501713725247894","50698360331196292757810054454044932375","335204455933231430924995672223613401769","184697530637852874906539774423522135255","150375175074358220710405373954831660367","340149787332029753642551137543091192769","159636192618247159582685955605291225403","121820265137203358363780543019006426533","216062756756310966897171174451155256201","90329303184179043200982817940491424422","293045555982919206667573360832699542145","300571343976692096269233302240681406514","5785280889718316081047986213031488869","144680077956518283959616875929336339393","100788919595381097047411152510007643050","220884027888050459794073188008898298494","3974968927507212213381530096802112767","80545221920067591812573844940509936002"],"threshold":0.9},"deprecated":false,"target":{"file":"mm/nommu.c"}},{"source":"https://android.googlesource.com/kernel/common/+/ca96bd7bf10e62eccc583726be502f219ab02c1e","id":"ASB-A-257443051-9f012bb5","signature_version":"v1","signature_type":"Function","digest":{"length":451,"function_hash":"151536618048851767232811806267239231843"},"deprecated":true,"target":{"function":"__find_vma","file":"mm/mmap.c"}},{"source":"https://android.googlesource.com/kernel/common/+/3f311327f910e5c73d5bd602a80afcad371e83cd","id":"ASB-A-257443051-d35302a4","signature_version":"v1","signature_type":"Line","deprecated":false,"target":{"file":"include/linux/mm.h"},"digest":{"line_hashes":["175925605630129977500607429321439482098","283758380412923256971152073675571960749","272900498982581303053079008445667011802","213565501536761127666321575191622401834","71218211812465642298037396863403322880","258709761927682766191126049909863976640","268365746978759670979097373678111050774","298608140387694760621932855496906016511","159531492885290835773938488433943451220","312049542230174037007266015410897740910","204568358134380169870240535390479315574"],"threshold":0.9}},{"source":"https://android.googlesource.com/kernel/common/+/3f311327f910e5c73d5bd602a80afcad371e83cd","id":"ASB-A-257443051-e68506f9","signature_version":"v1","signature_type":"Function","target":{"function":"do_user_addr_fault","file":"arch/x86/mm/fault.c"},"digest":{"length":4214,"function_hash":"152353335468662850099667088904036137916"},"deprecated":false},{"source":"https://android.googlesource.com/kernel/common/+/3f311327f910e5c73d5bd602a80afcad371e83cd","id":"ASB-A-257443051-e6e96860","signature_version":"v1","signature_type":"Function","digest":{"length":275,"function_hash":"298044960508098302873430909542696215386"},"deprecated":false,"target":{"function":"vma_init","file":"include/linux/mm.h"}},{"source":"https://android.googlesource.com/kernel/common/+/3f311327f910e5c73d5bd602a80afcad371e83cd","id":"ASB-A-257443051-e7e2eae8","signature_version":"v1","signature_type":"Function","digest":{"length":3808,"function_hash":"98557788917403011131869163971872806062"},"deprecated":false,"target":{"function":"do_page_fault","file":"arch/arm64/mm/fault.c"}},{"source":"https://android.googlesource.com/kernel/common/+/3f311327f910e5c73d5bd602a80afcad371e83cd","id":"ASB-A-257443051-ec4a9d4d","signature_version":"v1","signature_type":"Function","target":{"function":"__vm_area_free","file":"kernel/fork.c"},"digest":{"length":150,"function_hash":"243599005556346965824282924633813521506"},"deprecated":false}],"types":["EoP"],"severity":"High","fixes":["https://android.googlesource.com/kernel/common/+/50d2b75b860a6495aac6127a27f75b309e91b689","https://android.googlesource.com/kernel/common/+/5844c8e7aaa946341f0d30441adc8f2cd97efbfc","https://android.googlesource.com/kernel/common/+/4ea18cd059a4986a6a6f94a7f6d019b750bece65","https://android.googlesource.com/kernel/common/+/ca96bd7bf10e62eccc583726be502f219ab02c1e","https://android.googlesource.com/kernel/common/+/533a88fed7d0107eff64d723d853e9a2c4a1053c","https://android.googlesource.com/kernel/common/+/a1f65b39ba08a0f24bde9f07921ff48277761132","https://android.googlesource.com/kernel/common/+/3f311327f910e5c73d5bd602a80afcad371e83cd"],"spl":"2023-02-05"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-257443051.json"}}],"schema_version":"1.7.5"}