In fget() of file.c, there is a possible read after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
{ "fixes": [ "https://android.googlesource.com/kernel/common/+/054aa8d439b9185d4f5eb9a90282d1ce74772969" ], "vanir_signatures": [ { "id": "ASB-A-216408350-04872399", "signature_type": "Function", "deprecated": false, "target": { "function": "__fget_files", "file": "fs/file.c" }, "digest": { "length": 312.0, "function_hash": "50347399082138730567468486640168205875" }, "signature_version": "v1", "source": "https://android.googlesource.com/kernel/common/+/054aa8d439b9185d4f5eb9a90282d1ce74772969" }, { "id": "ASB-A-216408350-181bf3dd", "signature_type": "Line", "deprecated": false, "target": { "file": "fs/file.c" }, "digest": { "threshold": 0.9, "line_hashes": [ "222339155623389242937145999001050522534", "14210766515571077282217007477797530518", "286959784734915952769508299362550069891", "325423163522201025610882289272510867957" ] }, "signature_version": "v1", "source": "https://android.googlesource.com/kernel/common/+/054aa8d439b9185d4f5eb9a90282d1ce74772969" } ], "severity": "High", "spl": "2022-09-05", "types": [ "EoP" ] }