{"id":"ASB-A-174737879","details":"In multiple locations, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-174737879","CVE-2020-29374"],"modified":"2026-03-10T21:49:14.570206Z","published":"2023-08-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2023-08-01"},{"type":"FIX","url":"https://android.googlesource.com/kernel/common/+/a308c71bf1e6e"},{"type":"FIX","url":"https://android.googlesource.com/kernel/common/+/52d1e606ee733"},{"type":"FIX","url":"https://android.googlesource.com/kernel/common/+/1a0cf26323c8"},{"type":"FIX","url":"https://android.googlesource.com/kernel/common/+/09854ba94c6a"},{"type":"FIX","url":"https://android.googlesource.com/kernel/common/+/be068f2903"},{"type":"FIX","url":"https://android.googlesource.com/kernel/common/+/17839856fd588"}],"affected":[{"package":{"name":":linux_kernel:","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":":0"},{"fixed":":2023-08-05"}]}],"versions":["Kernel"],"ecosystem_specific":{"vanir_signatures":[{"digest":{"threshold":0.9,"line_hashes":["174976490296946991246910277352102408256","244294158023364689983675256562614999810","80615053076251239769930300325208135444","57170684908740387172301021707914018345","257952295658745104923910458787775428265","278846859602014634913390169143373603383","179533537749381961794230495007146899963","328378694140903536589676389307498063010","274432487139958405702893068273075187953","214438643548237675683311928681715806787","315417227101848360375116881730912800699","48047593146948675454976647461453380853","238598341512853016882059856721470122842","43009068416818630533983324242782178614","51115585563120211361192828290020388836","229775904767502691676820898904917182855","245788646849712757263769463415113672550","209791104305673750527845675522338646552","223176870461756529715843356909920811256","243854175057511934298961746738395030129","126230026502210687560287269242217299514","84249344745785425501883823569362456573","23819077534910201360806390356119395020","306757330430440958120434920063734815454","55032739140385669917955147191959873036","75903480179494580751448343434303954466","130995343249546601802277297481267068961","330476163437731284196900105753432037423","246081370125594904255358430383917657177","50203913314268303740113016615302880666","182867908146161411378661934773928993991"]},"signature_version":"v1","source":"https://android.googlesource.com/kernel/common/+/17839856fd588","deprecated":true,"target":{"file":"mm/gup.c"},"signature_type":"Line","id":"ASB-A-174737879-0ebdc20f"},{"digest":{"length":518,"function_hash":"165122426279389289516098823215678261052"},"signature_version":"v1","source":"https://android.googlesource.com/kernel/common/+/1a0cf26323c8","deprecated":true,"target":{"function":"reuse_ksm_page","file":"mm/ksm.c"},"signature_type":"Function","id":"ASB-A-174737879-0f28963b"},{"digest":{"threshold":0.9,"line_hashes":["174976490296946991246910277352102408256","244294158023364689983675256562614999810","137771701589545585043351121653046784847","174348524300207821401677743342059851850","280702731116474624743187805277461456288","36599420256826756919944024829358843795","310037769683798400580837388012461494428","313845624048492157049644664436683358941","164241916334492394385139744372759634671","172105033351547033760169799795738413652","125060709238994796972341301262544687225","276116495034323647448512934867009880418","209442462803615263366040373913893391966","21299388732874036035710342143940524615","8247046247795230267681230054384992867","84993823628080464295592226947328907389","124072554733851780902345229763983763249","141288612289926815556263348836752864566","66512587270165169797863309843590890843","263761405045480318080394786788271234649","167755950829608680858706554221180965967","309425645261592962779398889432909979380","249949125103362902640650267451688705161","222720488376086064972002449873183566770","68918823534360708421940998788217771887","280760165048494398070913212822491198245","102004136927528652425618276180922367276","237892524384331407207797886562062384108","191950222979812338623477360875483994117","82858775054124511986204673659073605785"]},"signature_version":"v1","source":"https://android.googlesource.com/kernel/common/+/a308c71bf1e6e","deprecated":true,"target":{"file":"mm/gup.c"},"signature_type":"Line","id":"ASB-A-174737879-26637640"},{"digest":{"length":104,"function_hash":"147105879230278855026062240661502510606"},"signature_version":"v1","source":"https://android.googlesource.com/kernel/common/+/1a0cf26323c8","deprecated":true,"target":{"function":"reuse_ksm_page","file":"include/linux/ksm.h"},"signature_type":"Function","id":"ASB-A-174737879-27f4dfe3"},{"digest":{"threshold":0.9,"line_hashes":["1341810836145744661755952833369946095","272377735385636086768192331943203756015","288411679720168480403672340861990712118","3432159655120486330813595115207109163","132136690186477370671829489252972625995","137491150483024805947569371315972650732","37570274988032730521147012292760795577","330230847599576277279490341568027934703","154365528037446040311002767093917427182","220468342564594651933480443391101960688","337383943962948569211479032337662057310","77735294097327676817989043584862376467"]},"signature_version":"v1","source":"https://android.googlesource.com/kernel/common/+/52d1e606ee733","deprecated":true,"target":{"file":"mm/memory.c"},"signature_type":"Line","id":"ASB-A-174737879-3712937e"},{"digest":{"threshold":0.9,"line_hashes":["129349296596538685714957343908531318991","237960060259730149600909533440410807404","237707147744413447061047142705619213354","172488912318125651845608753638689648510","71703894152171452744817867738910319369","14766279862144987663834380081429099604","64405655513103782727341669476966651083"]},"signature_version":"v1","source":"https://android.googlesource.com/kernel/common/+/17839856fd588","deprecated":true,"target":{"file":"mm/huge_memory.c"},"signature_type":"Line","id":"ASB-A-174737879-390e217d"},{"digest":{"length":2038,"function_hash":"91203271834135273316609377118534290573"},"signature_version":"v1","source":"https://android.googlesource.com/kernel/common/+/17839856fd588","deprecated":true,"target":{"function":"__get_user_pages","file":"mm/gup.c"},"signature_type":"Function","id":"ASB-A-174737879-7a94fb48"},{"digest":{"threshold":0.9,"line_hashes":["98359811195614673096869388462222202566","136388917462111906150865725933513945475","244883787530501208970786915564587383401","217331004437116009160171953324521745594","313206545821722164926026240225659556960","111021653398054559829552377737188904357"]},"signature_version":"v1","source":"https://android.googlesource.com/kernel/common/+/a308c71bf1e6e","deprecated":true,"target":{"file":"mm/huge_memory.c"},"signature_type":"Line","id":"ASB-A-174737879-8553bce8"},{"digest":{"threshold":0.9,"line_hashes":["64419711302526469673989123908215026328","32789090576443936259677802324966338992","229966377351428861441075782914684140611","920990623390383008220412118765896697","11690520068892337738304490947564850848","245256259509543804775392393734089460146","13795596398159029969443267890473480333","82254201038756258343541576683801683728","169319765403158201278768658634121799421","65032410222957490126543560456217207818","162830504149508124922875253406961148585","101978416667528536869270811011906204597","43997859360892852227046094158040078181","329333710222096653681142458018831487997","270774914660295096993396927489524995664","22916259750833737716932604998552642691","148544152647817918317727768542917799239","333273360572396453945342686645143123531","137491150483024805947569371315972650732","200642297831873786687871165037756448602","80171294739351691178409722252896560879","200041455058468839585709518727923797861","283860014710244718770901395833191221781","180499324711100753875487181671096498318","73296977650294761246324485845586872280","129315676442819813886647123576307427752","106896783604123247795279251602359878292","94121373049761358433746246179270211791","307136710259526163663060639605167387443","99563852047202403394425297813689925926","154365528037446040311002767093917427182","73590382965723586233790927145725276558","199051573382509999059118251761349011451","228322360299194754193697442719501597016","310906665366737981080348256999758751238","154726477153806126395007969691188577685","67860512080645903657204147911279165376","122665158935133803976306018903829459805","132675606326671015457234653064677364744","231996733897213974757450321203364846387"]},"signature_version":"v1","source":"https://android.googlesource.com/kernel/common/+/09854ba94c6a","deprecated":true,"target":{"file":"mm/memory.c"},"signature_type":"Line","id":"ASB-A-174737879-8ef3821d"},{"digest":{"threshold":0.9,"line_hashes":["34213730763470594905319790042400300566","24939990561786555628528356557435280034","295806191884377514984718239744986515114","319204252635888156365636615141460727802","301018447438553440096139391408572705799","321367729713405711701750549393399482169","97268653007249169494149896286918448445","136995645386365369627017945514213363656","161838577797733452552071742823844657003","87580385223969999722626569914778320610","216794799615401461784449441292961518465","86872286692413478813566943595163177627","301204181458009309134461757188587524940"]},"signature_version":"v1","source":"https://android.googlesource.com/kernel/common/+/1a0cf26323c8","deprecated":true,"target":{"file":"include/linux/ksm.h"},"signature_type":"Line","id":"ASB-A-174737879-92c14c01"},{"digest":{"length":175,"function_hash":"22854469281736808529659055724496481259"},"signature_version":"v1","source":"https://android.googlesource.com/kernel/common/+/17839856fd588","deprecated":true,"target":{"function":"can_follow_write_pmd","file":"mm/huge_memory.c"},"signature_type":"Function","id":"ASB-A-174737879-b9b000a4"},{"digest":{"length":175,"function_hash":"22854469281736808529659055724496481259"},"signature_version":"v1","source":"https://android.googlesource.com/kernel/common/+/17839856fd588","deprecated":true,"target":{"function":"can_follow_write_pte","file":"mm/gup.c"},"signature_type":"Function","id":"ASB-A-174737879-dd022688"},{"digest":{"threshold":0.9,"line_hashes":["230083326202969499465142333602964524973","209835816913677301785509423196406124921","33784349707776369126222223352316959637","119533238642935801652150179229774700831","204863402520167833281194430296853039385","80332358398008451686044832919069373897","240904853957340680067700732494220894732","100598809069711325214321974695373925728","171822875912680660461450593816065570586","59257380323871221354302725760668232925","57669427517010108229229838524514888521","146418624083933942169754191030393924469","314134575042663837152088535115934846432","8084814078674768785265994412853434575","275194606090569011859231864195619960374","4685358256957327795019767287848346126","242979598670170952446462895589576480327","174712294673038214310234387024510677272","325112122044462167434093186992492241501","314447575435600288303701791096109509286","140543348408481604796782639015909863765","179056401961539405487702849291352268604","226913609569049317492954385400503927327","207956527656130265472873399865795585793"]},"signature_version":"v1","source":"https://android.googlesource.com/kernel/common/+/1a0cf26323c8","deprecated":true,"target":{"file":"mm/ksm.c"},"signature_type":"Line","id":"ASB-A-174737879-e966987d"},{"digest":{"threshold":0.9,"line_hashes":["276027541805158184524907867335061450280","11205647824677375105175440433270504548","200894277652173598465388354679014413350","70188612788489940039827805000425761804","193932126308908940960189600451047769819"]},"signature_version":"v1","source":"https://android.googlesource.com/kernel/common/+/be068f2903","deprecated":true,"target":{"file":"mm/memory.c"},"signature_type":"Line","id":"ASB-A-174737879-eae4d906"},{"digest":{"length":873,"function_hash":"323879688725331999498444677361153014233"},"signature_version":"v1","source":"https://android.googlesource.com/kernel/common/+/17839856fd588","deprecated":true,"target":{"function":"internal_get_user_pages_fast","file":"mm/gup.c"},"signature_type":"Function","id":"ASB-A-174737879-ed4f2e9a"},{"digest":{"length":1114,"function_hash":"217496649770382931120865219628184692309"},"signature_version":"v1","source":"https://android.googlesource.com/kernel/common/+/a308c71bf1e6e","deprecated":true,"target":{"function":"internal_get_user_pages_fast","file":"mm/gup.c"},"signature_type":"Function","id":"ASB-A-174737879-fffdd7b1"}],"severity":"High","types":["EoP"],"spl":"2023-08-05","fixes":["https://android.googlesource.com/kernel/common/+/a308c71bf1e6e","https://android.googlesource.com/kernel/common/+/52d1e606ee733","https://android.googlesource.com/kernel/common/+/1a0cf26323c8","https://android.googlesource.com/kernel/common/+/09854ba94c6a","https://android.googlesource.com/kernel/common/+/be068f2903","https://android.googlesource.com/kernel/common/+/17839856fd588"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv-test/ASB-A-174737879.json"}}],"schema_version":"1.7.5"}