In _speculationctrl_update of process.c, there is a possible way to disable Speculative Store Bypass Disable due to a logic error, which allows for side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
{ "vanir_signatures": [ { "digest": { "length": 669.0, "function_hash": "250710125756048984842722933078406547396" }, "id": "ASB-A-169505740-5369071a", "source": "https://android.googlesource.com/kernel/common/+/dbbe2ad02e9df26e372f38cc3e70dab9222c832e", "deprecated": false, "signature_version": "v1", "target": { "file": "arch/x86/kernel/process.c", "function": "__speculation_ctrl_update" }, "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "223598936207650923025435889555090071458", "51941984143126213303642955956130225496", "332010218412004142622122792097786390298", "196807880300784702122698364023331092448", "219204688460491980966169296265965354595", "187556765688784133821185655933544331868", "174182776923154971239561183807260016612", "268988646742004861009343260164382758727", "272004541045723271693685430100529553213", "316936303680016290319045399938297543663", "14053540321143755774389207234345173957", "89672397712851798756268444260495039722", "198143662356294845207255966043940845345", "184513831414642033403474974711809925854" ] }, "id": "ASB-A-169505740-63e165db", "source": "https://android.googlesource.com/kernel/common/+/dbbe2ad02e9df26e372f38cc3e70dab9222c832e", "deprecated": false, "signature_version": "v1", "target": { "file": "arch/x86/kernel/process.c" }, "signature_type": "Line" } ], "fixes": [ "https://android.googlesource.com/kernel/common/+/dbbe2ad02e9df26e372f38cc3e70dab9222c832e" ], "spl": "2021-01-05", "severity": "High", "types": [ "ID" ] }