In LoadPartitionTable of gpt.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege when inserting a malicious USB device, with no additional execution privileges needed. User interaction is not needed for exploitation.
{ "types": [ "EoP" ], "severity": "High", "vanir_signatures": [ { "digest": { "threshold": 0.9, "line_hashes": [ "41189207655891059859167090529817598632", "308456246001391846981234990171806103081", "130492737334370976961864212511290515607", "189236150705486283594326498183963354117" ] }, "id": "ASB-A-152874864-5d787553", "deprecated": false, "source": "https://android.googlesource.com/platform/external/gptfdisk/+/7ffd0a26064cf25c0922f2bab511e4b4e8149083", "signature_version": "v1", "signature_type": "Line", "target": { "file": "gpt.cc" } }, { "digest": { "function_hash": "86726952141382446110111110173821165684", "length": 1021.0 }, "id": "ASB-A-152874864-900c6f85", "deprecated": false, "source": "https://android.googlesource.com/platform/external/gptfdisk/+/7ffd0a26064cf25c0922f2bab511e4b4e8149083", "signature_version": "v1", "signature_type": "Function", "target": { "file": "gpt.cc", "function": "GPTData::LoadPartitionTable" } } ], "fixes": [ "https://android.googlesource.com/platform/external/gptfdisk/+/7ffd0a26064cf25c0922f2bab511e4b4e8149083" ], "spl": "2020-08-01" }
{ "types": [ "EoP" ], "severity": "High", "vanir_signatures": [ { "digest": { "threshold": 0.9, "line_hashes": [ "41189207655891059859167090529817598632", "308456246001391846981234990171806103081", "130492737334370976961864212511290515607", "189236150705486283594326498183963354117" ] }, "id": "ASB-A-152874864-22bf3ac9", "deprecated": false, "source": "https://android.googlesource.com/platform/external/gptfdisk/+/7ffd0a26064cf25c0922f2bab511e4b4e8149083", "signature_version": "v1", "signature_type": "Line", "target": { "file": "gpt.cc" } }, { "digest": { "function_hash": "86726952141382446110111110173821165684", "length": 1021.0 }, "id": "ASB-A-152874864-8d3ebf93", "deprecated": false, "source": "https://android.googlesource.com/platform/external/gptfdisk/+/7ffd0a26064cf25c0922f2bab511e4b4e8149083", "signature_version": "v1", "signature_type": "Function", "target": { "file": "gpt.cc", "function": "GPTData::LoadPartitionTable" } } ], "fixes": [ "https://android.googlesource.com/platform/external/gptfdisk/+/7ffd0a26064cf25c0922f2bab511e4b4e8149083" ], "spl": "2020-08-01" }
{ "types": [ "EoP" ], "severity": "High", "vanir_signatures": [ { "digest": { "threshold": 0.9, "line_hashes": [ "41189207655891059859167090529817598632", "308456246001391846981234990171806103081", "130492737334370976961864212511290515607", "189236150705486283594326498183963354117" ] }, "id": "ASB-A-152874864-b1b25098", "deprecated": false, "source": "https://android.googlesource.com/platform/external/gptfdisk/+/7ffd0a26064cf25c0922f2bab511e4b4e8149083", "signature_version": "v1", "signature_type": "Line", "target": { "file": "gpt.cc" } }, { "digest": { "function_hash": "86726952141382446110111110173821165684", "length": 1021.0 }, "id": "ASB-A-152874864-bf977b9e", "deprecated": false, "source": "https://android.googlesource.com/platform/external/gptfdisk/+/7ffd0a26064cf25c0922f2bab511e4b4e8149083", "signature_version": "v1", "signature_type": "Function", "target": { "file": "gpt.cc", "function": "GPTData::LoadPartitionTable" } } ], "fixes": [ "https://android.googlesource.com/platform/external/gptfdisk/+/7ffd0a26064cf25c0922f2bab511e4b4e8149083" ], "spl": "2020-08-01" }
{ "types": [ "EoP" ], "severity": "High", "vanir_signatures": [ { "digest": { "threshold": 0.9, "line_hashes": [ "41189207655891059859167090529817598632", "308456246001391846981234990171806103081", "130492737334370976961864212511290515607", "189236150705486283594326498183963354117" ] }, "id": "ASB-A-152874864-536aab85", "deprecated": false, "source": "https://android.googlesource.com/platform/external/gptfdisk/+/7ffd0a26064cf25c0922f2bab511e4b4e8149083", "signature_version": "v1", "signature_type": "Line", "target": { "file": "gpt.cc" } }, { "digest": { "function_hash": "86726952141382446110111110173821165684", "length": 1021.0 }, "id": "ASB-A-152874864-789e6262", "deprecated": false, "source": "https://android.googlesource.com/platform/external/gptfdisk/+/7ffd0a26064cf25c0922f2bab511e4b4e8149083", "signature_version": "v1", "signature_type": "Function", "target": { "file": "gpt.cc", "function": "GPTData::LoadPartitionTable" } } ], "fixes": [ "https://android.googlesource.com/platform/external/gptfdisk/+/7ffd0a26064cf25c0922f2bab511e4b4e8149083" ], "spl": "2020-08-01" }