{"id":"ASB-A-268589017","details":"In bigben_remove of hid-bigbenff.c, there is a possible race condition due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-268589017","CVE-2023-25012"],"modified":"2026-03-11T06:28:11.039439Z","published":"2023-07-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2023-07-01"},{"type":"FIX","url":"https://android.googlesource.com/kernel/common/+/2cabed5f026551685b5c652fedcb010cc1e4c22a"},{"type":"FIX","url":"https://android.googlesource.com/kernel/common/+/1fd3cdb1c245d67442d04c06c63dd0de96cd6091"},{"type":"FIX","url":"https://android.googlesource.com/kernel/common/+/e422c244a9b2192e3734825bd0c1cfed5cf8cc23"},{"type":"FIX","url":"https://android.googlesource.com/kernel/common/+/617c5ccc25ececa1efbc96a6a87499ec02070535"}],"affected":[{"package":{"name":":linux_kernel:","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":":0"},{"fixed":":2023-07-05"}]}],"versions":["Kernel"],"ecosystem_specific":{"fixes":["https://android.googlesource.com/kernel/common/+/2cabed5f026551685b5c652fedcb010cc1e4c22a","https://android.googlesource.com/kernel/common/+/1fd3cdb1c245d67442d04c06c63dd0de96cd6091","https://android.googlesource.com/kernel/common/+/e422c244a9b2192e3734825bd0c1cfed5cf8cc23","https://android.googlesource.com/kernel/common/+/617c5ccc25ececa1efbc96a6a87499ec02070535"],"types":["EoP"],"vanir_signatures":[{"signature_type":"Line","id":"ASB-A-268589017-06cd4427","digest":{"threshold":0.9,"line_hashes":["150806394922372306520867468636303535403","100355171888563622330363374148209553804","114756578028980487798794427515892715651","98338438260130467145450726012849214816"]},"deprecated":false,"target":{"file":"drivers/hid/hid-bigbenff.c"},"source":"https://android.googlesource.com/kernel/common/+/1fd3cdb1c245d67442d04c06c63dd0de96cd6091","signature_version":"v1"},{"signature_type":"Function","id":"ASB-A-268589017-0b31adc1","digest":{"length":631,"function_hash":"173329870709256075901518500633917247874"},"deprecated":false,"target":{"file":"drivers/hid/hid-bigbenff.c","function":"hid_bigben_play_effect"},"source":"https://android.googlesource.com/kernel/common/+/e422c244a9b2192e3734825bd0c1cfed5cf8cc23","signature_version":"v1"},{"signature_type":"Line","id":"ASB-A-268589017-213dd575","digest":{"threshold":0.9,"line_hashes":["47078364368640867469028644796454700973","10369359589696548902201438536105334896","102133623324249312242667377922268104764","131380323297942395671530660106611804348","121242916892447794310831024891517723333","62136394718521697104661652866492385079","148069679042890058808355501733377113712","339155058200001361619470398183537589367","20827325889441192208216152679191234728","124046928327778031277101799983837463611","216999699844899041982247809739287722358","113019699757089574244894421564626018417","123196098272088532171390740226088477958","312533909955340852980348141069953644250","42955897544003012181618577187722397174"]},"deprecated":false,"target":{"file":"drivers/hid/hid-bigbenff.c"},"source":"https://android.googlesource.com/kernel/common/+/617c5ccc25ececa1efbc96a6a87499ec02070535","signature_version":"v1"},{"signature_type":"Function","id":"ASB-A-268589017-3882720d","digest":{"length":1573,"function_hash":"135773091381837721091354169965703968703"},"deprecated":false,"target":{"file":"drivers/hid/hid-bigbenff.c","function":"bigben_worker"},"source":"https://android.googlesource.com/kernel/common/+/1fd3cdb1c245d67442d04c06c63dd0de96cd6091","signature_version":"v1"},{"signature_type":"Function","id":"ASB-A-268589017-5364649d","digest":{"length":540,"function_hash":"253322112641557034882541029482987213618"},"deprecated":false,"target":{"file":"drivers/hid/hid-bigbenff.c","function":"hid_bigben_play_effect"},"source":"https://android.googlesource.com/kernel/common/+/2cabed5f026551685b5c652fedcb010cc1e4c22a","signature_version":"v1"},{"signature_type":"Function","id":"ASB-A-268589017-5b83031d","digest":{"length":2191,"function_hash":"338122517525090694269655243517906965701"},"deprecated":false,"target":{"file":"drivers/hid/hid-bigbenff.c","function":"bigben_probe"},"source":"https://android.googlesource.com/kernel/common/+/617c5ccc25ececa1efbc96a6a87499ec02070535","signature_version":"v1"},{"signature_type":"Function","id":"ASB-A-268589017-7b6901c4","digest":{"length":722,"function_hash":"316436784951831304433901309868418571802"},"deprecated":false,"target":{"file":"drivers/hid/hid-bigbenff.c","function":"bigben_set_led"},"source":"https://android.googlesource.com/kernel/common/+/e422c244a9b2192e3734825bd0c1cfed5cf8cc23","signature_version":"v1"},{"signature_type":"Function","id":"ASB-A-268589017-7c564d36","digest":{"length":2174,"function_hash":"283228630286872131567950752744282302055"},"deprecated":false,"target":{"file":"drivers/hid/hid-bigbenff.c","function":"bigben_probe"},"source":"https://android.googlesource.com/kernel/common/+/2cabed5f026551685b5c652fedcb010cc1e4c22a","signature_version":"v1"},{"signature_type":"Line","id":"ASB-A-268589017-8b80cbc9","digest":{"threshold":0.9,"line_hashes":["10783932124717809065975525814018063746","202233066716543381168893117077506060221","333075247382177478790015001077471032434","253314601472456783949022845032610302604","32406587198122137956585265619737078713","79637830955801454955686322642667708249","100659576457065707686811531392018260379","57330006653911811855992188186599142947","46763203180011333946095053591512509477","15352880012144436811199965153276177727","337767392239476776783508601174493753433","8918760447863121913208547831843011759","188557900762768751391097565843114349304","129656771386629272065452813164927016795","339113479530564011719211118262377073845","94541647880187338145795639687270206316","66751151447730835198057130407968116262","137772132008674241987705400607841494738","41141773345157091071534849436471571138","26768272055240480568538285424629472970"]},"deprecated":false,"target":{"file":"drivers/hid/hid-bigbenff.c"},"source":"https://android.googlesource.com/kernel/common/+/e422c244a9b2192e3734825bd0c1cfed5cf8cc23","signature_version":"v1"},{"signature_type":"Function","id":"ASB-A-268589017-910a666b","digest":{"length":1564,"function_hash":"273026948227071602714984146253039623031"},"deprecated":false,"target":{"file":"drivers/hid/hid-bigbenff.c","function":"bigben_worker"},"source":"https://android.googlesource.com/kernel/common/+/e422c244a9b2192e3734825bd0c1cfed5cf8cc23","signature_version":"v1"},{"signature_type":"Function","id":"ASB-A-268589017-9497a5ea","digest":{"length":631,"function_hash":"49550790642047497120172017436086097902"},"deprecated":false,"target":{"file":"drivers/hid/hid-bigbenff.c","function":"bigben_set_led"},"source":"https://android.googlesource.com/kernel/common/+/2cabed5f026551685b5c652fedcb010cc1e4c22a","signature_version":"v1"},{"signature_type":"Line","id":"ASB-A-268589017-bb9e52ca","digest":{"threshold":0.9,"line_hashes":["170801758030258884861538758678594740558","249299439092359066189043364722627743794","338185359276941740510402377774585588655","243988816042995455867667886171933946996","194884766443985677085074988040487977982","14050074771272841572925121763737910571","310848588941783372125153587426800903406","114930066354983457361395835245500415982","182796686242458689615299952093860967961","8856487086507521612684844259235970694","45425450697047727821099591776666263505","29994108566393786553873268571238061464","87361166835025475804465819775434098565","58464657697028961571603197470196277868","319417364505333290779605446045284606238","222499932173199658469388865283481070023","172223357612224858570786271706609504995","135755269103756455523942389206606290120","269138159219430080731722709720880318934","87361166835025475804465819775434098565","58464657697028961571603197470196277868","205193334889348892144716625732812925137","37580888543137018229929689971565560820","54350655327342768431080282528221078477","12976282385784092870387876656271071643","335112332198927072552576369584495425474","298365815644179876281009239263697715908","75293277767135240181672102136738448500","155657313313497202882429295917850638759","245989983336163126006365334266750952164","4243887715503796700629760273369901146","271379221828688470156356452522374788708","281531320475889412786366087001393100772","218899643482385094823171014173114825751","29153715790109213959964471663817725152","123135806629766317768781298406167394939","244211682463083748058152249323332992588","110890128933949637954732212540028237021","252892435672143168980475661694822741067","251648637410287476767106334621474181798","229143915330479384821799721147044601002","306298246618403798313004315661778723718","326221262382217482924765384005787549588","92835713279487021264974299402717527285","61115457479083266547468666442929555162","47852149208762194314475291085487113686","193716436960222311270232671761533491997","281885871057663333599686874996815656620","254283279391829507920935632123963201351","46100703413552992586614102686129373539","20900816375716886551510191443487014802","177753618342386356883083646543526440254","315319771030054542194016383492202682748","243496798770318132164128249183923634695","231809816367966581616030502784605238494","9885306284604865265059417382592059605"]},"deprecated":false,"target":{"file":"drivers/hid/hid-bigbenff.c"},"source":"https://android.googlesource.com/kernel/common/+/2cabed5f026551685b5c652fedcb010cc1e4c22a","signature_version":"v1"},{"signature_type":"Function","id":"ASB-A-268589017-e88c9168","digest":{"length":2203,"function_hash":"59826607660057764668765012329557463594"},"deprecated":false,"target":{"file":"drivers/hid/hid-bigbenff.c","function":"bigben_probe"},"source":"https://android.googlesource.com/kernel/common/+/e422c244a9b2192e3734825bd0c1cfed5cf8cc23","signature_version":"v1"},{"signature_type":"Function","id":"ASB-A-268589017-f32a0dcc","digest":{"length":154,"function_hash":"139532792595065699547609751039221578526"},"deprecated":false,"target":{"file":"drivers/hid/hid-bigbenff.c","function":"bigben_remove"},"source":"https://android.googlesource.com/kernel/common/+/2cabed5f026551685b5c652fedcb010cc1e4c22a","signature_version":"v1"},{"signature_type":"Function","id":"ASB-A-268589017-fc4aef55","digest":{"length":982,"function_hash":"130189952422934216779969856399260567000"},"deprecated":false,"target":{"file":"drivers/hid/hid-bigbenff.c","function":"bigben_worker"},"source":"https://android.googlesource.com/kernel/common/+/2cabed5f026551685b5c652fedcb010cc1e4c22a","signature_version":"v1"}],"severity":"High","spl":"2023-07-05"},"database_specific":{"source":"https://storage.googleapis.com/android-osv-test/ASB-A-268589017.json"}}],"schema_version":"1.7.5"}