In _efirtasmwrapper of efi-rt-wrapper.S, there is a possible bypass of shadow stack protection due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
{ "vanir_signatures": [ { "digest": { "threshold": 0.9, "line_hashes": [ "179337840841991355642887043988593067606", "5773807457505110754444059043052909632", "282730260334074690969290374034554911948", "134253192418214020651208017925988575156", "232811901045737453688945005799129261957", "218620793557511025058338371865771396683", "339105349812813529627753795168013015537", "276077201739349405452701792039390901192", "253288503435522497287142918487731045661", "226981391358113279537999084226866317163", "88902760063645305806195411021768245062" ] }, "id": "ASB-A-260821414-eb7a78e9", "source": "https://android.googlesource.com/kernel/common/+/ec6fe823507b2f6ef4a58f3a9bee9a5ec086c32c", "deprecated": false, "signature_version": "v1", "target": { "file": "arch/arm64/include/asm/efi.h" }, "signature_type": "Line" } ], "fixes": [ "https://android.googlesource.com/kernel/common/+/ec6fe823507b2f6ef4a58f3a9bee9a5ec086c32c", "https://android.googlesource.com/kernel/common/+/984241bdc04f401c423005a52eb013b00e19358c" ], "spl": "2023-05-05", "severity": "High", "types": [ "EoP" ] }