In spectrev2userselectmitigation of bugs.c, there is a possible failure to enable a Spectre mitigation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
{ "vanir_signatures": [ { "digest": { "length": 1742.0, "function_hash": "68387579215200689532030260593294665825" }, "id": "ASB-A-156766097-5362dac8", "source": "https://android.googlesource.com/kernel/common/+/21998a351512eba4ed5969006f0c55882d995ada", "deprecated": false, "signature_version": "v1", "target": { "file": "arch/x86/kernel/cpu/bugs.c", "function": "spectre_v2_user_select_mitigation" }, "signature_type": "Function" }, { "digest": { "length": 780.0, "function_hash": "20062910062754643001478515319828839684" }, "id": "ASB-A-156766097-6deae108", "source": "https://android.googlesource.com/kernel/common/+/21998a351512eba4ed5969006f0c55882d995ada", "deprecated": false, "signature_version": "v1", "target": { "file": "arch/x86/kernel/cpu/bugs.c", "function": "cpu_bugs_smt_update" }, "signature_type": "Function" }, { "digest": { "length": 717.0, "function_hash": "315465907148056470696049626562340066763" }, "id": "ASB-A-156766097-9447cd45", "source": "https://android.googlesource.com/kernel/common/+/21998a351512eba4ed5969006f0c55882d995ada", "deprecated": false, "signature_version": "v1", "target": { "file": "arch/x86/kernel/cpu/bugs.c", "function": "ib_prctl_set" }, "signature_type": "Function" }, { "digest": { "length": 221.0, "function_hash": "118611778568922724823566210967516675683" }, "id": "ASB-A-156766097-a1cf2c29", "source": "https://android.googlesource.com/kernel/common/+/21998a351512eba4ed5969006f0c55882d995ada", "deprecated": false, "signature_version": "v1", "target": { "file": "arch/x86/kernel/cpu/bugs.c", "function": "arch_seccomp_spec_mitigate" }, "signature_type": "Function" }, { "digest": { "length": 572.0, "function_hash": "286477930041857219423342677977109922394" }, "id": "ASB-A-156766097-e3c8beee", "source": "https://android.googlesource.com/kernel/common/+/21998a351512eba4ed5969006f0c55882d995ada", "deprecated": false, "signature_version": "v1", "target": { "file": "arch/x86/kernel/cpu/bugs.c", "function": "ib_prctl_get" }, "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "228928855909060019856943404854234150243", "330769517936622111367727957632979962704", "29131053358709940863973745848097681630", "286349779456563978482953362243802420821", "176806237075469307512394374879857523961", "17760055884296936999807499537786013313", "47421736163618346112684902331456503689", "329482688497737072330302686953598436185", "224037725934225999994417083455153872618", "238152342300009427207111799921658907036", "92725688848845966742380479337877963614", "306639875336364876839115764883924582452", "100976398929682902125068660749563059706", "280081607050598749272023717399347633774", "2954124610970388610105181324610594474", "155711973090341424268522810018498237500", "329872699168090749590813212768231513303", "217215322955449206335928399307203983168", "161191705863270090274052343846003068835", "132934957554997026833210651242155736523", "170475092922955678509678428607352936795", "254949678867157683299420700542109384708", "124869493388487077645418424137742335903", "174118938130692923118092451225331033056", "305160457490679423978171639736178711322", "320940826241945829952035644909451819926", "148930356543264936003480726368837780906", "267227463566449232124376006118451541902", "34841128414079482721431921694689166428", "87923541675287633410459117742846107701", "316802964904488578055841754094136210533", "136958200499115578413571564065099888648", "119483724488113904349372438171375952009", "197337729333259985060137172239320505628", "329737253840969054728999432564913477414", "47088732280639467161715943353039407668", "237383282431272198145299313310220225052", "149494446097451707622916618149366525362", "170274095612732060586217014839153343096", "156443059740294297133010802056821099415", "330893816899630212615868187503910386798", "24592397142706076756716922159298525249", "279862642826071021583775112258330262938", "92940395331321719564748808576721512754", "306558267970200317200190840564038704950", "274209944012748640856239172091267097729", "269161139470219081384571146629399941291", "69586767640921823281187154149758488757", "103732763986412256115947056145474103040", "277550541533224359833841383190919934301", "190663943188852685705529776840894080832", "214032991353571543325819719334208051144", "77418178600500251749346807102629263979", "23438954278845544991260185316163404947", "137056532106803208912006162535164361898", "248669405692003264984069473660978598932", "282359557290970587689146943671007074150", "222602815372021292338229989527927354736", "319655191619003432734363225686281255629", "281563216145373126408647342823539636026", "318832939422916977825760704237572643127", "205093374621831262189714072314196269593", "179767872085771946153016021174700520269", "211640207605928403166870457227898380726", "168634358118478773759650979029800072984", "20136475945972082586201374384561373725", "168939410703793940325689035055542507798", "103731119176355950671306737422787949691" ] }, "id": "ASB-A-156766097-ee1d1ab6", "source": "https://android.googlesource.com/kernel/common/+/21998a351512eba4ed5969006f0c55882d995ada", "deprecated": false, "signature_version": "v1", "target": { "file": "arch/x86/kernel/cpu/bugs.c" }, "signature_type": "Line" }, { "digest": { "length": 465.0, "function_hash": "287601828443776033056957123457497823774" }, "id": "ASB-A-156766097-fa703fce", "source": "https://android.googlesource.com/kernel/common/+/21998a351512eba4ed5969006f0c55882d995ada", "deprecated": false, "signature_version": "v1", "target": { "file": "arch/x86/kernel/cpu/bugs.c", "function": "stibp_state" }, "signature_type": "Function" } ], "fixes": [ "https://android.googlesource.com/kernel/common/+/21998a351512eba4ed5969006f0c55882d995ada" ], "spl": "2021-01-05", "severity": "High", "types": [ "ID" ] }