{"id":"ASB-A-222023189","details":"In composite_setup of composite.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege when connecting a malicious USB device with no additional execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-222023189","CVE-2022-25258"],"modified":"2026-03-11T06:19:11.881209Z","published":"2022-06-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2022-06-01"},{"type":"FIX","url":"https://android.googlesource.com/kernel/common/+/22ec100472854"},{"type":"FIX","url":"https://android.googlesource.com/kernel/common/+/c7732dbce590e"}],"affected":[{"package":{"name":":linux_kernel:","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":":0"},{"fixed":":2022-06-05"}]}],"versions":["Kernel"],"ecosystem_specific":{"types":["EoP"],"fixes":["https://android.googlesource.com/kernel/common/+/22ec100472854","https://android.googlesource.com/kernel/common/+/c7732dbce590e"],"vanir_signatures":[{"id":"ASB-A-222023189-450738e9","source":"https://android.googlesource.com/kernel/common/+/c7732dbce590e","digest":{"length":8670,"function_hash":"15411130885992590080241792335577292221"},"deprecated":false,"signature_version":"v1","signature_type":"Function","target":{"file":"drivers/usb/gadget/composite.c","function":"composite_setup","truncated_path_level":1}},{"id":"ASB-A-222023189-abae828f","source":"https://android.googlesource.com/kernel/common/+/c7732dbce590e","digest":{"line_hashes":["8228047372824403445809389804182550337","215290394054290689799362561037584581376","50834800687003401478418564196561689514","157624948906676408928048125434499571554"],"threshold":0.9},"deprecated":false,"signature_version":"v1","signature_type":"Line","target":{"file":"drivers/usb/gadget/composite.c","truncated_path_level":1}},{"id":"ASB-A-222023189-be9112ba","source":"https://android.googlesource.com/kernel/common/+/22ec100472854","digest":{"length":8670,"function_hash":"15411130885992590080241792335577292221"},"deprecated":false,"signature_version":"v1","signature_type":"Function","target":{"file":"drivers/usb/gadget/composite.c","function":"composite_setup","truncated_path_level":1}},{"id":"ASB-A-222023189-f59ba70b","source":"https://android.googlesource.com/kernel/common/+/22ec100472854","digest":{"line_hashes":["8228047372824403445809389804182550337","215290394054290689799362561037584581376","50834800687003401478418564196561689514","157624948906676408928048125434499571554"],"threshold":0.9},"deprecated":false,"signature_version":"v1","signature_type":"Line","target":{"file":"drivers/usb/gadget/composite.c","truncated_path_level":1}}],"severity":"High","spl":"2022-06-05"},"database_specific":{"source":"https://storage.googleapis.com/android-osv-test/ASB-A-222023189.json"}}],"schema_version":"1.7.5"}