In _lockswakeupblocks of locks.c, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
{ "vanir_signatures": [ { "digest": { "threshold": 0.9, "line_hashes": [ "147170438247471735262872181660361189118", "20667581815975678095374733830093028840", "139323861530326266815521218572813185942", "70781014294445318550606398216318877596", "302098020917718600652424129246391873287", "309519682506505986837208172260391903695", "316543573264737804965019459068628440726", "120378916552911450787666884521659345196", "339364006147420672475659598520748318918", "130359248380168917926444943362738180268", "304411242047678817991118227768341486817", "294661958350972078486968092908978790155", "116718432804677469241604285799157853816", "61788795752026634568835879633291370796", "141649897245233601064725334454198913794", "162641892488906362811967413703484968629", "90677125886090203754039905180379259871", "156144950439580574421172162759905844329", "48821398821519801329254254586343042197", "165112524404151328144019970855254162063", "10258054918042547245261499711103642894", "262724030209934493137870941260318293942", "271015982427392453731487685284907459353", "264175553619794976116439632956247020406", "187442933328834645744752195333847166048", "109772112146080972666428005818431203792", "317477231651591866567168765895495860636", "53592555628649116959654381653415976309", "217393181790487194897090730831018664480", "156144950439580574421172162759905844329", "48821398821519801329254254586343042197", "165112524404151328144019970855254162063", "54664818252529918240542407535109609311", "156144950439580574421172162759905844329", "48821398821519801329254254586343042197", "165112524404151328144019970855254162063" ] }, "id": "ASB-A-150693748-15f817f7", "source": "https://android.googlesource.com/kernel/common/+/dcf23ac3e846ca0cf626c155a0e3fcbbcf4fae8a", "deprecated": false, "signature_version": "v1", "target": { "file": "fs/locks.c" }, "signature_type": "Line" }, { "digest": { "threshold": 0.9, "line_hashes": [ "304965636041637636144385006918204504106", "339511179307545103794769988355311308218", "149107170706775543935573238665799037597", "219820196161272673210706788265307432876" ] }, "id": "ASB-A-150693748-3dd4238d", "source": "https://android.googlesource.com/kernel/common/+/dcf23ac3e846ca0cf626c155a0e3fcbbcf4fae8a", "deprecated": false, "signature_version": "v1", "target": { "file": "fs/cifs/file.c" }, "signature_type": "Line" }, { "digest": { "threshold": 0.9, "line_hashes": [ "295258753571822142688390582659995659751", "249012972673120218766751589975700530033", "162990123720776116260922239543944135877", "133628271012868401985618673616336751735", "316495522920972527760247328306192899647", "65274071215700163895272892287108469676" ] }, "id": "ASB-A-150693748-400eeedb", "source": "https://android.googlesource.com/kernel/common/+/6d390e4b5d48ec03bb87e63cf0a2bff5f4e116da", "deprecated": false, "signature_version": "v1", "target": { "file": "fs/locks.c" }, "signature_type": "Line" }, { "digest": { "length": 316.0, "function_hash": "60470774782459948818689714194466502039" }, "id": "ASB-A-150693748-5cdc4f67", "source": "https://android.googlesource.com/kernel/common/+/6d390e4b5d48ec03bb87e63cf0a2bff5f4e116da", "deprecated": false, "signature_version": "v1", "target": { "file": "fs/locks.c", "function": "locks_delete_block" }, "signature_type": "Function" }, { "digest": { "length": 547.0, "function_hash": "189535822795842630061614558747063062529" }, "id": "ASB-A-150693748-938f4e6f", "source": "https://android.googlesource.com/kernel/common/+/dcf23ac3e846ca0cf626c155a0e3fcbbcf4fae8a", "deprecated": false, "signature_version": "v1", "target": { "file": "fs/cifs/file.c", "function": "cifs_posix_lock_set" }, "signature_type": "Function" } ], "fixes": [ "https://android.googlesource.com/kernel/common/+/dcf23ac3e846ca0cf626c155a0e3fcbbcf4fae8a", "https://android.googlesource.com/kernel/common/+/6d390e4b5d48ec03bb87e63cf0a2bff5f4e116da" ], "spl": "2020-09-05", "severity": "High", "types": [ "EoP" ] }