In blkdevget of blockdev.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
{ "vanir_signatures": [ { "digest": { "length": 1012.0, "function_hash": "59860384918011909271086049070330711300" }, "id": "ASB-A-174737742-1030258c", "source": "https://android.googlesource.com/kernel/common/+/49289b1fa5a67011", "deprecated": false, "signature_version": "v1", "target": { "file": "fs/block_dev.c", "function": "blkdev_get" }, "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "90846224778272808729882967313166842834", "210455391159847382813861124562743997143", "248246878076002800437824119162846272817", "23941645145287169093863723333436811838", "252544520785248161093029773916555556162", "43255978613839031448674459723930450533", "56667024128294808584466809983137080536", "278232631818054803265387433573119926578", "99037826654964562077051696485955107269", "303513137588777170704921729365398102135", "323816049049426435613601578818162373908", "34162908940696437762784001955729682086", "186996799984975004504814502302763366766", "229949618134920860859124086870874959161", "76488741736126913303953636221164194601", "175714366343592637822288560052604907008", "248146019100149484551114728592840684680", "199636741300429016525280405751632169433", "284384089326924488323030925409834760661" ] }, "id": "ASB-A-174737742-339e9e91", "source": "https://android.googlesource.com/kernel/common/+/49289b1fa5a67011", "deprecated": false, "signature_version": "v1", "target": { "file": "fs/block_dev.c" }, "signature_type": "Line" }, { "digest": { "length": 2759.0, "function_hash": "134906959904962113697106075111122462301" }, "id": "ASB-A-174737742-7114383f", "source": "https://android.googlesource.com/kernel/common/+/49289b1fa5a67011", "deprecated": false, "signature_version": "v1", "target": { "file": "fs/block_dev.c", "function": "__blkdev_get" }, "signature_type": "Function" } ], "fixes": [ "https://android.googlesource.com/kernel/common/+/49289b1fa5a67011" ], "spl": "2021-04-05", "severity": "High", "types": [ "EoP" ] }