In piperesizeresults of pipe.c, there is a possible UAF bug caused by a race condition. This could lead to local denial of service and local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
{ "vanir_signatures": [ { "digest": { "threshold": 0.9, "line_hashes": [ "174066485411310807633767307405195016336", "309718443487373006088657801040093541781", "123479116233543085081780815739459577278", "219093937791553154666348538088726851434", "90029672857136066760629739330987736359", "18249780466667027071239985674326118678", "315236170843468055357738141619650369471", "133798260095775449815513357711508429", "292045256548982531504756415888031002312", "11316084626467880180862910514852592675", "32716908462881132271490522257628879001", "63102687686438255015795313250901235866", "336956158813235096165466343490772399291", "195275778097828283066408464715133854309", "160936012957928571007406348863422389599", "108547412531501327174624029395224895126", "149086052647715813731355191140920504689", "115358309335790546788126174764657590819", "220349234493388545938441083825545796726", "325591897061353286025711401583154177594" ] }, "id": "ASB-A-244395411-b11fc347", "source": "https://android.googlesource.com/kernel/common/+/a2c2b6c91475908e2ac90a3d70f5d12ae86b8033", "deprecated": false, "signature_version": "v1", "target": { "file": "fs/pipe.c" }, "signature_type": "Line" }, { "digest": { "length": 1019.0, "function_hash": "267508876685641151495730788666127975888" }, "id": "ASB-A-244395411-e8048f75", "source": "https://android.googlesource.com/kernel/common/+/a2c2b6c91475908e2ac90a3d70f5d12ae86b8033", "deprecated": false, "signature_version": "v1", "target": { "file": "fs/pipe.c", "function": "pipe_resize_ring" }, "signature_type": "Function" } ], "fixes": [ "https://android.googlesource.com/kernel/common/+/a2c2b6c91475908e2ac90a3d70f5d12ae86b8033" ], "spl": "2023-01-05", "severity": "High", "types": [ "EoP" ] }