{"id":"ASB-A-254837884","details":"In binder_vma_close of binder.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-254837884","CVE-2023-20928"],"modified":"2026-03-11T06:25:32.244307Z","published":"2023-01-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2023-01-01"},{"type":"FIX","url":"https://android.googlesource.com/kernel/common/+/201d5f4a3ec1"}],"affected":[{"package":{"name":":linux_kernel:","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":":0"},{"fixed":":2023-01-05"}]}],"versions":["Kernel"],"ecosystem_specific":{"vanir_signatures":[{"digest":{"threshold":0.9,"line_hashes":["100875016308097048072291723447710811875","149568884223429909118461864484845063531","70213872906120777345980907773890985356","86488574879235347096510238924366881850","102197622046000173361911449232118828731","297695735167916381244666377250959927645","104464989245594042592166828400026512939","131812476344507624725627465123447311598","39956935989143500963478394144784119019","196563358893118200776470466394375565434","104464989245594042592166828400026512939","72179324111657337252246212890390875994"]},"signature_version":"v1","deprecated":false,"target":{"file":"drivers/android/binder_alloc.c"},"source":"https://android.googlesource.com/kernel/common/+/201d5f4a3ec1","id":"ASB-A-254837884-c24e19f2","signature_type":"Line"}],"spl":"2023-01-05","severity":"High","fixes":["https://android.googlesource.com/kernel/common/+/201d5f4a3ec1"],"types":["EoP"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv-test/ASB-A-254837884.json"}}],"schema_version":"1.7.5"}