{"id":"PUB-A-228222508","details":"In IncFs_GetFilledRangesStartingFrom of incfs.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-228222508","CVE-2022-20523"],"modified":"2026-05-29T15:55:33.750044621Z","published":"2022-12-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2022-12-01"},{"type":"FIX","url":"https://android.googlesource.com/platform/system/incremental_delivery/+/c82569e37a745665549df5a77159a0584b45e7d5"}],"affected":[{"package":{"name":"platform/system/incremental_delivery","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"13:0"},{"fixed":"13:2022-12-01"}]}],"versions":["13"],"ecosystem_specific":{"spl":"2022-12-01","fixes":["https://android.googlesource.com/platform/system/incremental_delivery/+/c82569e37a745665549df5a77159a0584b45e7d5"],"vanir_signatures":[{"match_only_versions":["13"],"digest":{"length":1146,"function_hash":"322534710492198498728088746048309453296"},"id":"PUB-A-228222508-07984fc6","signature_type":"Function","target":{"function":"getFilledRanges","file":"incfs/include/incfs_inline.h"},"source":"https://android.googlesource.com/platform/system/incremental_delivery/+/c82569e37a745665549df5a77159a0584b45e7d5","signature_version":"v1","deprecated":false},{"match_only_versions":["13"],"digest":{"threshold":0.9,"line_hashes":["184364086387266558529663117564781717520","1708441484464638935869197195031073747","167739443198112843784811602581043168550","133655956200243983785996285177499922601"]},"id":"PUB-A-228222508-18361eb2","signature_type":"Line","target":{"file":"incfs/MountRegistry.cpp"},"source":"https://android.googlesource.com/platform/system/incremental_delivery/+/c82569e37a745665549df5a77159a0584b45e7d5","signature_version":"v1","deprecated":false},{"match_only_versions":["13"],"digest":{"threshold":0.9,"line_hashes":["189146588532364475518475748611899951557","318274370219494165893301932891080614561","194738581224048273677595064053585412736","271238737763556895637649963852183009123","125887374729500005821548624635044493481","253693479788318455550222078098532172605","265807105934826127264094243111029798418"]},"id":"PUB-A-228222508-27671ce0","signature_type":"Line","target":{"file":"incfs/include/incfs_inline.h"},"source":"https://android.googlesource.com/platform/system/incremental_delivery/+/c82569e37a745665549df5a77159a0584b45e7d5","signature_version":"v1","deprecated":false},{"match_only_versions":["13"],"digest":{"length":3211,"function_hash":"29010597758195177999908771608877230602"},"id":"PUB-A-228222508-81bb781c","signature_type":"Function","target":{"function":"MountRegistry::Mounts::loadFrom","file":"incfs/MountRegistry.cpp"},"source":"https://android.googlesource.com/platform/system/incremental_delivery/+/c82569e37a745665549df5a77159a0584b45e7d5","signature_version":"v1","deprecated":false}],"types":["ID"],"severity":"Moderate"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/PUB-A-228222508.json"}}],"schema_version":"1.7.5"}