{"id":"PUB-A-228523213","details":"In compose of Vibrator.cpp, there is a possible arbitrary code execution  due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-228523213","CVE-2022-20524"],"modified":"2026-05-26T15:46:26.044149249Z","published":"2022-12-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2022-12-01"},{"type":"FIX","url":"https://android.googlesource.com/platform/hardware/interfaces/+/608655b45078e310fdc233b7dab325ac5abb9aae"}],"affected":[{"package":{"name":"platform/hardware/interfaces","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"13:0"},{"fixed":"13:2022-12-01"}]}],"versions":["13"],"ecosystem_specific":{"severity":"Moderate","vanir_signatures":[{"signature_type":"Function","signature_version":"v1","id":"PUB-A-228523213-2dd3ec5b","digest":{"length":1139,"function_hash":"117130774669409857063412071531567389165"},"target":{"file":"vibrator/aidl/default/Vibrator.cpp","function":"Vibrator::compose"},"deprecated":false,"source":"https://android.googlesource.com/platform/hardware/interfaces/+/608655b45078e310fdc233b7dab325ac5abb9aae"},{"source":"https://android.googlesource.com/platform/hardware/interfaces/+/608655b45078e310fdc233b7dab325ac5abb9aae","signature_version":"v1","id":"PUB-A-228523213-40ac193d","digest":{"threshold":0.9,"line_hashes":["137113212944455505595984517359609983707","335075521863027633565734272190078559092","204580950817905752338340407551275112154","140385963569528161743810481876384203007","318895696344917804675620433413266868091","285323402050139333162301359377394323723","54730117134372829604422994571902155397","279477816286468920600703993624276505236","241648474350781388323088083648116361874","4513601005160789433733085062492078791","247070909339722821364844509451551885792","185397770891738426885666745588193197906","30168539055241161394251047116541952088","280366042502374237525633356860142182585","167509643502859382776909790525618082094","170678752709944669269716094535087031638","266817190545869651818981895912870315734","97110324255583107309625186198566903209","298807921226603847089415162752481577904","131374671433377509151083402036031180699"]},"target":{"file":"vibrator/aidl/default/Vibrator.cpp"},"deprecated":false,"signature_type":"Line"},{"source":"https://android.googlesource.com/platform/hardware/interfaces/+/608655b45078e310fdc233b7dab325ac5abb9aae","digest":{"threshold":0.9,"line_hashes":["54613332248356254112916616052195213942","17034216959182564606696825685731436741","103146724595776529429533467694371502124","325373083386355576381742031835850724099"]},"deprecated":false,"signature_type":"Line","signature_version":"v1","id":"PUB-A-228523213-5349264a","target":{"file":"vibrator/aidl/default/VibratorManager.cpp"},"match_only_versions":["13"]},{"signature_type":"Function","signature_version":"v1","id":"PUB-A-228523213-6ada12e4","digest":{"length":710,"function_hash":"320702196129629212860008786629199084442"},"target":{"file":"vibrator/aidl/default/Vibrator.cpp","function":"Vibrator::perform"},"deprecated":false,"source":"https://android.googlesource.com/platform/hardware/interfaces/+/608655b45078e310fdc233b7dab325ac5abb9aae"},{"source":"https://android.googlesource.com/platform/hardware/interfaces/+/608655b45078e310fdc233b7dab325ac5abb9aae","digest":{"length":299,"function_hash":"228321586261239167258912563811714797003"},"deprecated":false,"signature_type":"Function","signature_version":"v1","id":"PUB-A-228523213-6f3dc623","target":{"file":"vibrator/aidl/default/VibratorManager.cpp","function":"VibratorManager::triggerSynced"},"match_only_versions":["13"]},{"signature_type":"Function","signature_version":"v1","id":"PUB-A-228523213-b3acb21d","digest":{"length":2399,"function_hash":"129286636322486162554207820906498819005"},"target":{"file":"vibrator/aidl/default/Vibrator.cpp","function":"Vibrator::composePwle"},"deprecated":false,"source":"https://android.googlesource.com/platform/hardware/interfaces/+/608655b45078e310fdc233b7dab325ac5abb9aae"},{"source":"https://android.googlesource.com/platform/hardware/interfaces/+/608655b45078e310fdc233b7dab325ac5abb9aae","signature_version":"v1","id":"PUB-A-228523213-be0b3974","digest":{"function_hash":"306478687497055041045970042818010893123","length":461},"target":{"file":"vibrator/aidl/default/Vibrator.cpp","function":"Vibrator::on"},"deprecated":false,"signature_type":"Function"}],"types":["EoP"],"fixes":["https://android.googlesource.com/platform/hardware/interfaces/+/608655b45078e310fdc233b7dab325ac5abb9aae"],"spl":"2022-12-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/PUB-A-228523213.json"}}],"schema_version":"1.7.5"}