In tiocspgrp of tty_jobctrl.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
{ "vanir_signatures": [ { "digest": { "threshold": 0.9, "line_hashes": [ "7338913957767132237580945162545283902", "276140429312739768394680534261795675580", "203989765631513543784047101143447013562", "144040697814404936400616784663233098827", "219487244008294298156309541912615923617", "121723368273225809510853011269019301423", "43185897151191301020763260751502390130" ] }, "id": "ASB-A-175451802-cde41775", "source": "https://android.googlesource.com/kernel/common/+/54ffccbf053b5b6ca4f6e45094b942fab92a25fc", "deprecated": false, "signature_version": "v1", "target": { "file": "drivers/tty/tty_jobctrl.c" }, "signature_type": "Line" } ], "fixes": [ "https://android.googlesource.com/kernel/common/+/54ffccbf053b5b6ca4f6e45094b942fab92a25fc" ], "spl": "2021-05-05", "severity": "High", "types": [ "EoP" ] }