In fastrpcinternalinvoke of drivers/misc/fastrpc.c, there is a possible way for user-mode processes to send fastrpc kernel requests due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
{ "vanir_signatures": [ { "digest": { "threshold": 0.9, "line_hashes": [ "2482426716837670807191507678331904204", "18618756952759906251121912994584143389", "47795433000481475736428243376821800843" ] }, "id": "ASB-A-183188047-48700cdd", "source": "https://android.googlesource.com/kernel/common/+/20c40794eb85ea29852d7bc37c55713802a543d6", "deprecated": false, "signature_version": "v1", "target": { "file": "drivers/misc/fastrpc.c" }, "signature_type": "Line" }, { "digest": { "length": 1067.0, "function_hash": "30786217320439064280331192377014023502" }, "id": "ASB-A-183188047-ecbbde1b", "source": "https://android.googlesource.com/kernel/common/+/20c40794eb85ea29852d7bc37c55713802a543d6", "deprecated": false, "signature_version": "v1", "target": { "file": "drivers/misc/fastrpc.c", "function": "fastrpc_internal_invoke" }, "signature_type": "Function" } ], "fixes": [ "https://android.googlesource.com/kernel/common/+/20c40794eb85ea29852d7bc37c55713802a543d6" ], "spl": "2021-08-05", "severity": "High", "types": [ "EoP" ] }