In rwi93smformat of rwi93.cc, there is a possible out of bounds read due to uninitialized data. This could lead to remote information disclosure over NFC with no additional execution privileges needed. User interaction is needed for exploitation.
{
"types": [
"ID"
],
"spl": "2020-11-01",
"fixes": [
"https://android.googlesource.com/platform/system/nfc/+/046b6676ad19472e2c87aa6cb35f6d42e5dcfcc6"
],
"severity": "High",
"vanir_signatures": [
{
"target": {
"function": "rw_i93_sm_format",
"file": "src/nfc/tags/rw_i93.cc"
},
"signature_version": "v1",
"digest": {
"function_hash": "213542255988153905217280496995514215640",
"length": 7777.0
},
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/system/nfc/+/046b6676ad19472e2c87aa6cb35f6d42e5dcfcc6",
"deprecated": false,
"id": "ASB-A-157650336-068feca8"
},
{
"target": {
"file": "src/nfc/tags/rw_i93.cc"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"154963762155651629960931236683129418141",
"333916888871439669055388686053626198732",
"67372517558228822731127329421284046779",
"270583259168256560006516691405503002495",
"49195663521341752171776885931041511099",
"218073476827453719293910530457084865506",
"201333054149423822752511375754527146868"
]
},
"id": "ASB-A-157650336-b901e843",
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/system/nfc/+/046b6676ad19472e2c87aa6cb35f6d42e5dcfcc6",
"deprecated": false,
"signature_version": "v1"
}
]
}{
"types": [
"ID"
],
"spl": "2020-11-01",
"fixes": [
"https://android.googlesource.com/platform/system/nfc/+/263e1127da9806b9ee3564d3520b6fc7435325c8"
],
"severity": "High",
"vanir_signatures": [
{
"target": {
"file": "src/nfc/tags/rw_i93.c"
},
"signature_version": "v1",
"digest": {
"line_hashes": [
"236926422327120836637850561153966684488",
"333916888871439669055388686053626198732",
"67372517558228822731127329421284046779",
"270583259168256560006516691405503002495",
"49195663521341752171776885931041511099",
"218073476827453719293910530457084865506",
"105318739371176303332667308047799332828"
],
"threshold": 0.9
},
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/system/nfc/+/263e1127da9806b9ee3564d3520b6fc7435325c8",
"deprecated": false,
"id": "ASB-A-157650336-663efd68"
},
{
"target": {
"function": "rw_i93_sm_format",
"file": "src/nfc/tags/rw_i93.c"
},
"digest": {
"function_hash": "66482794995716220559310371738825213319",
"length": 7776.0
},
"id": "ASB-A-157650336-dbd9cced",
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/system/nfc/+/263e1127da9806b9ee3564d3520b6fc7435325c8",
"deprecated": false,
"signature_version": "v1"
}
]
}{
"types": [
"ID"
],
"spl": "2020-11-01",
"fixes": [
"https://android.googlesource.com/platform/system/nfc/+/263e1127da9806b9ee3564d3520b6fc7435325c8"
],
"severity": "High",
"vanir_signatures": [
{
"id": "ASB-A-157650336-5a8355b9",
"digest": {
"line_hashes": [
"236926422327120836637850561153966684488",
"333916888871439669055388686053626198732",
"67372517558228822731127329421284046779",
"270583259168256560006516691405503002495",
"49195663521341752171776885931041511099",
"218073476827453719293910530457084865506",
"105318739371176303332667308047799332828"
],
"threshold": 0.9
},
"signature_version": "v1",
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/system/nfc/+/263e1127da9806b9ee3564d3520b6fc7435325c8",
"deprecated": false,
"target": {
"file": "src/nfc/tags/rw_i93.c"
}
},
{
"id": "ASB-A-157650336-7cd7b2e7",
"signature_version": "v1",
"target": {
"function": "rw_i93_sm_format",
"file": "src/nfc/tags/rw_i93.c"
},
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/system/nfc/+/263e1127da9806b9ee3564d3520b6fc7435325c8",
"deprecated": false,
"digest": {
"function_hash": "66482794995716220559310371738825213319",
"length": 7776.0
}
}
]
}{
"types": [
"ID"
],
"spl": "2020-11-01",
"fixes": [
"https://android.googlesource.com/platform/system/nfc/+/046b6676ad19472e2c87aa6cb35f6d42e5dcfcc6"
],
"severity": "High",
"vanir_signatures": [
{
"id": "ASB-A-157650336-cc325580",
"digest": {
"function_hash": "213542255988153905217280496995514215640",
"length": 7777.0
},
"signature_version": "v1",
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/system/nfc/+/046b6676ad19472e2c87aa6cb35f6d42e5dcfcc6",
"deprecated": false,
"target": {
"function": "rw_i93_sm_format",
"file": "src/nfc/tags/rw_i93.cc"
}
},
{
"target": {
"file": "src/nfc/tags/rw_i93.cc"
},
"signature_version": "v1",
"digest": {
"line_hashes": [
"154963762155651629960931236683129418141",
"333916888871439669055388686053626198732",
"67372517558228822731127329421284046779",
"270583259168256560006516691405503002495",
"49195663521341752171776885931041511099",
"218073476827453719293910530457084865506",
"201333054149423822752511375754527146868"
],
"threshold": 0.9
},
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/system/nfc/+/046b6676ad19472e2c87aa6cb35f6d42e5dcfcc6",
"deprecated": false,
"id": "ASB-A-157650336-f256e576"
}
]
}{
"types": [
"ID"
],
"spl": "2020-11-01",
"fixes": [
"https://android.googlesource.com/platform/system/nfc/+/046b6676ad19472e2c87aa6cb35f6d42e5dcfcc6"
],
"severity": "High",
"vanir_signatures": [
{
"target": {
"function": "rw_i93_sm_format",
"file": "src/nfc/tags/rw_i93.cc"
},
"signature_version": "v1",
"digest": {
"function_hash": "213542255988153905217280496995514215640",
"length": 7777.0
},
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/system/nfc/+/046b6676ad19472e2c87aa6cb35f6d42e5dcfcc6",
"deprecated": false,
"id": "ASB-A-157650336-575da64f"
},
{
"target": {
"file": "src/nfc/tags/rw_i93.cc"
},
"digest": {
"line_hashes": [
"154963762155651629960931236683129418141",
"333916888871439669055388686053626198732",
"67372517558228822731127329421284046779",
"270583259168256560006516691405503002495",
"49195663521341752171776885931041511099",
"218073476827453719293910530457084865506",
"201333054149423822752511375754527146868"
],
"threshold": 0.9
},
"id": "ASB-A-157650336-9b8f37cc",
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/system/nfc/+/046b6676ad19472e2c87aa6cb35f6d42e5dcfcc6",
"deprecated": false,
"signature_version": "v1"
}
]
}{
"types": [
"ID"
],
"spl": "2020-11-01",
"fixes": [
"https://android.googlesource.com/platform/system/nfc/+/046b6676ad19472e2c87aa6cb35f6d42e5dcfcc6"
],
"severity": "High",
"vanir_signatures": [
{
"target": {
"file": "src/nfc/tags/rw_i93.cc"
},
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"154963762155651629960931236683129418141",
"333916888871439669055388686053626198732",
"67372517558228822731127329421284046779",
"270583259168256560006516691405503002495",
"49195663521341752171776885931041511099",
"218073476827453719293910530457084865506",
"201333054149423822752511375754527146868"
]
},
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/system/nfc/+/046b6676ad19472e2c87aa6cb35f6d42e5dcfcc6",
"deprecated": false,
"id": "ASB-A-157650336-21fcef17"
},
{
"id": "ASB-A-157650336-df1a667b",
"signature_version": "v1",
"target": {
"function": "rw_i93_sm_format",
"file": "src/nfc/tags/rw_i93.cc"
},
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/system/nfc/+/046b6676ad19472e2c87aa6cb35f6d42e5dcfcc6",
"deprecated": false,
"digest": {
"function_hash": "213542255988153905217280496995514215640",
"length": 7777.0
}
}
]
}