In ioreqinit_async there is a potential use after free due to a race condition. This could lead to local escalation of privileges with User execution privileges needed. User interaction is not needed for exploitation.
{ "vanir_signatures": [ { "digest": { "length": 305.0, "function_hash": "227273210715688725373639114611586646087" }, "id": "ASB-A-233078742-7bc130dc", "source": "https://android.googlesource.com/kernel/common/+/812805ff3b0c7069dc94d4a031960b4e2c80beac", "deprecated": false, "signature_version": "v1", "target": { "file": "fs/io_uring.c", "function": "io_req_init_async" }, "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "272162681072718761223832810924314861088", "282435767030736005459484303915207870642", "77554876585778307774017004807339822970", "222188109909390957259112931253691907692" ] }, "id": "ASB-A-233078742-d30eb709", "source": "https://android.googlesource.com/kernel/common/+/812805ff3b0c7069dc94d4a031960b4e2c80beac", "deprecated": false, "signature_version": "v1", "target": { "file": "fs/io_uring.c" }, "signature_type": "Line" } ], "fixes": [ "https://android.googlesource.com/kernel/common/+/812805ff3b0c7069dc94d4a031960b4e2c80beac" ], "spl": "2022-08-05", "severity": "High", "types": [ "EoP" ] }