In auditfreelsmfield of auditfilter.c, there is a possible bad kfree due to a logic error in auditdatatoentry. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
{ "vanir_signatures": [ { "digest": { "length": 3591.0, "function_hash": "262188255296507625842075697071702071322" }, "id": "ASB-A-150693166-2cb7d8b5", "source": "https://android.googlesource.com/kernel/common/+/2ad3e17ebf94b7b7f3f64c050ff168f9915345eb", "deprecated": false, "signature_version": "v1", "target": { "file": "kernel/auditfilter.c", "function": "audit_data_to_entry" }, "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "335514774952053068964126000723708737175", "50767499278571900786777115030171832129", "184221901908642089008691165801321016453", "105992563030535888628015553557154869553", "31888528108927617897229064440158833545", "84448697986447306441635035679656726738", "144025954782965084951563756656439483085", "170313191273812626468463772270364602927", "333248594055293915611518991262198810902", "59783601544904464130894031068210201112", "48238227169478142205471660278628900696", "41672313396660055001056083877625276946", "214003543767909984382572164898282291964", "282924885902500257148976841991946254537", "223048105196560746745437056321955654616", "53627253512501429047119946883975273735", "219616349745628213720712376577013891905", "283963557676695802213747314975127181421", "273656317033648809144065737704893072908", "310039714268241659649062295606362885941", "315084894595132378654372713456928273851", "154119856103426292454001406880282571884", "124015898162614780210255657506734683664", "124207153743960250935567817359614056617", "153048774387929105147999885441996296058", "136417199786686894996399420720366913649", "211840676650842940095726349714775078690", "268686139647440531815577365584022473413", "127882950943779954527254396117843952018", "53351867666220115086638698212202189188", "103483723812474125269414283030725370985", "265829811888219379433303618133097570522", "338059516959089279344950378467210812421", "52054132740565018966712615487239195231", "327505491822289074440793831796496901909", "191009561208431341461193231514261528212", "57036873887898810577267885057949380622", "276368582912883207519103516965950879453", "237520554243828390299928141019747994695", "327782864136562597165435333252679503967", "103521899021050542510719151317591139652", "211840676650842940095726349714775078690", "193580817198326137167812747584757047487", "198908970498491258405730266460081183411", "324591286527466813078954433957541269116", "2729743433998156932127181895434864970", "51642668175666219300810495671629900820", "147599151612067677427653225030276874848", "91455851158841033399570578415278808219", "330332080155768710519069543564593935249", "336677856464835676374532098993346704142", "116985298024379880114721730673948070505", "211840676650842940095726349714775078690", "8351655231751420186845533735464964004", "168790572808256581065311631655430750330", "23864246176049884177010821143214461515", "313704123098083208710735500637262167028", "21241484165244501140024064164445543529", "30963839319373696656996015835746271000", "239485955192251444650256782046408994758", "247683033351277952499436307688996298837", "243454099898185198731971492951940856826", "108495023009607383559146193386054706804", "136252688663382179044827454806103652121", "1272715372609216643903115861645229265", "85577835452524913333902766216798345941", "153095717059807488132964599499364781559", "326739567074868613411720547276050423903", "237240067380879796977600526032081019411", "211840676650842940095726349714775078690", "195230615717211493717469139561899427695", "162554109719924627922443387326413572676", "264834071073267574876220737203550577022", "41437096957090518402679123537108280249", "266737351318371305323467437281474691580", "235536158269672325666820542859051141663", "292604153892070604092198405765848372834", "11824543486525532556152847182745448705", "142817662931435557744694740603713231625", "331318686389710491539660643214296578332", "180635996297300982257064365523581658723", "217898223302724187441156363615921668257", "175289658647832783601090359132033125621", "109367842031855669099981976734094323731", "132759606558636876860866177364620579599", "280849594327729146074182145607247674618", "191629326517677715884199181763126676506", "27793219605463335627360929778610712619", "198832386553704380516357304809091339440", "337068165094842025191864577899095368431", "14075623874692587671684539082274243437", "111331879496888133595615321740787610463" ] }, "id": "ASB-A-150693166-f57e98ad", "source": "https://android.googlesource.com/kernel/common/+/2ad3e17ebf94b7b7f3f64c050ff168f9915345eb", "deprecated": false, "signature_version": "v1", "target": { "file": "kernel/auditfilter.c" }, "signature_type": "Line" } ], "fixes": [ "https://android.googlesource.com/kernel/common/+/2ad3e17ebf94b7b7f3f64c050ff168f9915345eb" ], "spl": "2020-12-05", "severity": "High", "types": [ "EoP" ] }