{"id":"ASB-A-238177383","details":"In io_identity_cow of io_uring.c, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-238177383","CVE-2022-20409"],"modified":"2026-03-11T06:17:37.620309Z","published":"2022-10-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2022-10-01"},{"type":"FIX","url":"https://android.googlesource.com/kernel/common/+/0380da7fd63ac93caf96a75d1b31e388d3c754e9"}],"affected":[{"package":{"name":":linux_kernel:","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":":0"},{"fixed":":2022-10-05"}]}],"versions":["Kernel"],"ecosystem_specific":{"fixes":["https://android.googlesource.com/kernel/common/+/0380da7fd63ac93caf96a75d1b31e388d3c754e9"],"types":["EoP"],"spl":"2022-10-05","severity":"Moderate","vanir_signatures":[{"digest":{"threshold":0.9,"line_hashes":["283555694453714368821874255168558772476","134417412181918471945274425715513413757","484510208167674657433280657768788496","305247541390997635524119772618650777746"]},"id":"ASB-A-238177383-1c649e06","target":{"file":"fs/io_uring.c"},"source":"https://android.googlesource.com/kernel/common/+/0380da7fd63ac93caf96a75d1b31e388d3c754e9","signature_type":"Line","signature_version":"v1","deprecated":false},{"digest":{"function_hash":"7706770934050613843200183825408069182","length":793},"id":"ASB-A-238177383-3c096081","target":{"function":"io_identity_cow","file":"fs/io_uring.c"},"source":"https://android.googlesource.com/kernel/common/+/0380da7fd63ac93caf96a75d1b31e388d3c754e9","signature_type":"Function","signature_version":"v1","deprecated":false}]},"database_specific":{"source":"https://storage.googleapis.com/android-osv-test/ASB-A-238177383.json"}}],"schema_version":"1.7.5"}