{"id":"ASB-A-245869446","details":"In multiple functions of many files, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-245869446","CVE-2022-39189"],"modified":"2026-03-11T06:23:09.144658Z","published":"2023-02-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2023-02-01"},{"type":"FIX","url":"https://android.googlesource.com/kernel/common/+/0be362f248a062b0c57b24bd16250e48aca1258b"}],"affected":[{"package":{"name":":linux_kernel:","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":":0"},{"fixed":":2023-02-05"}]}],"versions":["Kernel"],"ecosystem_specific":{"severity":"High","vanir_signatures":[{"signature_version":"v1","signature_type":"Function","deprecated":false,"digest":{"function_hash":"38604489406231837717793669152131606938","length":755},"source":"https://android.googlesource.com/kernel/common/+/0be362f248a062b0c57b24bd16250e48aca1258b","target":{"function":"kvm_steal_time_set_preempted","file":"arch/x86/kvm/x86.c"},"id":"ASB-A-245869446-1b08df49"},{"signature_version":"v1","signature_type":"Line","deprecated":false,"digest":{"line_hashes":["59692480275264766853165137104156426228","214353513911615457213562912492860417937","273877541879068920260347504933113745277","15798145667535997922991764239401250078"],"threshold":0.9},"source":"https://android.googlesource.com/kernel/common/+/0be362f248a062b0c57b24bd16250e48aca1258b","target":{"file":"arch/x86/kvm/vmx/vmx.c"},"id":"ASB-A-245869446-4e113419"},{"signature_version":"v1","signature_type":"Function","deprecated":false,"digest":{"function_hash":"165481017018219247378593075874815406330","length":333},"source":"https://android.googlesource.com/kernel/common/+/0be362f248a062b0c57b24bd16250e48aca1258b","target":{"function":"handle_external_interrupt_irqoff","file":"arch/x86/kvm/vmx/vmx.c"},"id":"ASB-A-245869446-5374c6e8"},{"signature_version":"v1","signature_type":"Line","deprecated":false,"digest":{"line_hashes":["77013427174380958763618251436307309217","260912490785269495300238009067040999760","27048756297649844329325457963885708573","214724014562384713343912824674964654335","305645830347182943102607156739301999758","195355178703760701337862641816984625414","302809168331074603663963560945904877504","221736838959360489411131341271589814399","137936098070211798298446521327929481847","280460129927042103704893367658740007798","195828335554372007478403600861262374234"],"threshold":0.9},"source":"https://android.googlesource.com/kernel/common/+/0be362f248a062b0c57b24bd16250e48aca1258b","target":{"file":"arch/x86/kvm/x86.c"},"id":"ASB-A-245869446-bb6c2651"},{"signature_version":"v1","signature_type":"Function","deprecated":false,"digest":{"function_hash":"33828916803657510720769090657283268307","length":799},"source":"https://android.googlesource.com/kernel/common/+/0be362f248a062b0c57b24bd16250e48aca1258b","target":{"function":"vcpu_run","file":"arch/x86/kvm/x86.c"},"id":"ASB-A-245869446-c5347606"},{"signature_version":"v1","signature_type":"Line","deprecated":false,"digest":{"line_hashes":["27455215021659110276612552094316477814","32679905025671916597419488091600971837","261160318527586754838829020256618233405","163987717602089840069875587587559850486","337327902055208212947137973516695178292","250204395601394085695912527180843271660","177798265508470921274907416937320593741","146010721565448674377621111995655250043"],"threshold":0.9},"source":"https://android.googlesource.com/kernel/common/+/0be362f248a062b0c57b24bd16250e48aca1258b","target":{"file":"arch/x86/include/asm/kvm_host.h"},"id":"ASB-A-245869446-e2250a01"},{"signature_version":"v1","signature_type":"Line","deprecated":false,"digest":{"line_hashes":["319180214301471377585150049024309308330","50373122713968120405096298349158498297","262696856476674390061976107357942042546","335269534060379695117872965537878128774"],"threshold":0.9},"source":"https://android.googlesource.com/kernel/common/+/0be362f248a062b0c57b24bd16250e48aca1258b","target":{"file":"arch/x86/kvm/svm/svm.c"},"id":"ASB-A-245869446-f6ae6194"}],"fixes":["https://android.googlesource.com/kernel/common/+/0be362f248a062b0c57b24bd16250e48aca1258b"],"types":["EoP"],"spl":"2023-02-05"},"database_specific":{"source":"https://storage.googleapis.com/android-osv-test/ASB-A-245869446.json"}}],"schema_version":"1.7.5"}