{"id":"PUB-A-240266798","details":"In getCurrentConfigImpl of Effect.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-240266798","CVE-2022-20546"],"modified":"2026-06-01T15:55:42.428303297Z","published":"2022-12-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2022-12-01"},{"type":"FIX","url":"https://android.googlesource.com/platform/hardware/interfaces/+/8e3480edfe9933306f82c1656deb8e6b7090273c"}],"affected":[{"package":{"name":"platform/hardware/interfaces","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"13:0"},{"fixed":"13:2022-12-01"}]}],"versions":["13"],"ecosystem_specific":{"types":["EoP"],"severity":"Moderate","spl":"2022-12-01","vanir_signatures":[{"signature_version":"v1","target":{"file":"audio/effect/all-versions/default/Effect.cpp","function":"Effect::getCurrentConfigImpl"},"deprecated":false,"digest":{"length":403,"function_hash":"53844497502970601632387388703358335121"},"source":"https://android.googlesource.com/platform/hardware/interfaces/+/8e3480edfe9933306f82c1656deb8e6b7090273c","id":"PUB-A-240266798-96b7e3d9","signature_type":"Function","match_only_versions":["13"]},{"signature_version":"v1","target":{"file":"audio/effect/all-versions/default/Effect.cpp"},"deprecated":false,"digest":{"threshold":0.9,"line_hashes":["279941343797890730238251587093866932818","71219947459818610146821922556310933151","214546316845681876649855276849560106011","161415415979714513961513579240668309442","28222962811485188659592534407920468255","305087178599056244762883241995225987687","60363030077593512272284861905328362714","126825534746707482653455498858936309527","338812742518812513955274817744275973075","330972832968183085815186410577251821868"]},"source":"https://android.googlesource.com/platform/hardware/interfaces/+/8e3480edfe9933306f82c1656deb8e6b7090273c","id":"PUB-A-240266798-ab2e297c","signature_type":"Line","match_only_versions":["13"]},{"signature_version":"v1","target":{"file":"audio/effect/all-versions/default/Effect.cpp","function":"Effect::getSupportedConfigsImpl"},"deprecated":false,"signature_type":"Function","source":"https://android.googlesource.com/platform/hardware/interfaces/+/8e3480edfe9933306f82c1656deb8e6b7090273c","id":"PUB-A-240266798-b80dbb4e","digest":{"length":605,"function_hash":"164162307407575518265367862378908617823"},"match_only_versions":["13"]},{"signature_version":"v1","target":{"file":"audio/effect/all-versions/default/Effect.h"},"deprecated":false,"digest":{"threshold":0.9,"line_hashes":["242258789558722412012115056907005020090","321649089408511517569535680318068427929","321910037615496718996072591622122677450"]},"source":"https://android.googlesource.com/platform/hardware/interfaces/+/8e3480edfe9933306f82c1656deb8e6b7090273c","id":"PUB-A-240266798-c99f22d6","signature_type":"Line","match_only_versions":["13"]},{"signature_version":"v1","target":{"file":"audio/effect/all-versions/vts/functional/VtsHalAudioEffectTargetTest.cpp"},"deprecated":false,"signature_type":"Line","source":"https://android.googlesource.com/platform/hardware/interfaces/+/8e3480edfe9933306f82c1656deb8e6b7090273c","id":"PUB-A-240266798-fd0cf1c8","digest":{"threshold":0.9,"line_hashes":["299402435633257992468041126680997337751","106041305466996257860774793257578383670","114676062330246962598388985823165248094"]},"match_only_versions":["13"]}],"fixes":["https://android.googlesource.com/platform/hardware/interfaces/+/8e3480edfe9933306f82c1656deb8e6b7090273c"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/PUB-A-240266798.json"}}],"schema_version":"1.7.5"}