In dmabufrelease of dma-buf.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
{ "vanir_signatures": [ { "digest": { "threshold": 0.9, "line_hashes": [ "82945802222134333908791421654857536839", "19127304078615886264485522144236062199", "88933969644631599874421297430567268435", "289189136440764919026157444092562251182", "245681061489948476386890732050665850411", "153026179307233650232946407802658700875", "196112623073218067140441805437754837664", "238940983413991401835007672238974488220", "205829250603208589738977471201136261853", "21168457691085540039233751093771961233", "207363771351754171548141024381916588498", "58676797246452575214330101084909348292", "263011834459981128819472762533559309019" ] }, "id": "ASB-A-155756045-508471ff", "source": "https://android.googlesource.com/kernel/common/+/6e6c15288df8c4c6264f394ece251ef9f64b0e3f", "deprecated": false, "signature_version": "v1", "target": { "file": "drivers/dma-buf/dma-buf.c" }, "signature_type": "Line" }, { "digest": { "length": 467.0, "function_hash": "256706032848568622115479680309527026414" }, "id": "ASB-A-155756045-93391707", "source": "https://android.googlesource.com/kernel/common/+/6e6c15288df8c4c6264f394ece251ef9f64b0e3f", "deprecated": false, "signature_version": "v1", "target": { "file": "drivers/dma-buf/dma-buf.c", "function": "dma_buf_release" }, "signature_type": "Function" } ], "fixes": [ "https://android.googlesource.com/kernel/common/+/6e6c15288df8c4c6264f394ece251ef9f64b0e3f" ], "spl": "2022-04-05", "severity": "High", "types": [ "EoP" ] }