{"id":"PUB-A-240266798","details":"In getCurrentConfigImpl of Effect.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-240266798","CVE-2022-20546"],"modified":"2026-04-14T15:05:17.852631Z","published":"2022-12-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2022-12-01"},{"type":"FIX","url":"https://android.googlesource.com/platform/hardware/interfaces/+/8e3480edfe9933306f82c1656deb8e6b7090273c"}],"affected":[{"package":{"name":"platform/hardware/interfaces","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"13:0"},{"fixed":"13:2022-12-01"}]}],"versions":["13"],"ecosystem_specific":{"types":["EoP"],"severity":"Moderate","vanir_signatures":[{"deprecated":false,"source":"https://android.googlesource.com/platform/hardware/interfaces/+/8e3480edfe9933306f82c1656deb8e6b7090273c","signature_type":"Function","target":{"function":"Effect::getCurrentConfigImpl","file":"audio/effect/all-versions/default/Effect.cpp"},"id":"PUB-A-240266798-96b7e3d9","signature_version":"v1","match_only_versions":["13"],"digest":{"length":403,"function_hash":"53844497502970601632387388703358335121"}},{"deprecated":false,"source":"https://android.googlesource.com/platform/hardware/interfaces/+/8e3480edfe9933306f82c1656deb8e6b7090273c","signature_type":"Line","target":{"file":"audio/effect/all-versions/default/Effect.cpp"},"id":"PUB-A-240266798-ab2e297c","signature_version":"v1","match_only_versions":["13"],"digest":{"threshold":0.9,"line_hashes":["279941343797890730238251587093866932818","71219947459818610146821922556310933151","214546316845681876649855276849560106011","161415415979714513961513579240668309442","28222962811485188659592534407920468255","305087178599056244762883241995225987687","60363030077593512272284861905328362714","126825534746707482653455498858936309527","338812742518812513955274817744275973075","330972832968183085815186410577251821868"]}},{"deprecated":false,"source":"https://android.googlesource.com/platform/hardware/interfaces/+/8e3480edfe9933306f82c1656deb8e6b7090273c","signature_type":"Function","target":{"function":"Effect::getSupportedConfigsImpl","file":"audio/effect/all-versions/default/Effect.cpp"},"id":"PUB-A-240266798-b80dbb4e","signature_version":"v1","match_only_versions":["13"],"digest":{"length":605,"function_hash":"164162307407575518265367862378908617823"}},{"deprecated":false,"source":"https://android.googlesource.com/platform/hardware/interfaces/+/8e3480edfe9933306f82c1656deb8e6b7090273c","signature_type":"Line","target":{"file":"audio/effect/all-versions/default/Effect.h"},"id":"PUB-A-240266798-c99f22d6","signature_version":"v1","match_only_versions":["13"],"digest":{"threshold":0.9,"line_hashes":["242258789558722412012115056907005020090","321649089408511517569535680318068427929","321910037615496718996072591622122677450"]}},{"deprecated":false,"source":"https://android.googlesource.com/platform/hardware/interfaces/+/8e3480edfe9933306f82c1656deb8e6b7090273c","signature_type":"Line","target":{"file":"audio/effect/all-versions/vts/functional/VtsHalAudioEffectTargetTest.cpp"},"id":"PUB-A-240266798-fd0cf1c8","signature_version":"v1","match_only_versions":["13"],"digest":{"threshold":0.9,"line_hashes":["299402435633257992468041126680997337751","106041305466996257860774793257578383670","114676062330246962598388985823165248094"]}}],"spl":"2022-12-01","fixes":["https://android.googlesource.com/platform/hardware/interfaces/+/8e3480edfe9933306f82c1656deb8e6b7090273c"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/PUB-A-240266798.json"}}],"schema_version":"1.7.5"}