In adrenosetparam of adreno_gpu.c, there is a possible memory corruption due to a double free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
{ "vanir_signatures": [ { "digest": { "threshold": 0.9, "line_hashes": [ "137499823065546987751838243333912764874", "313781014223327949248879367044420520162", "143690902458475044838598812343736842239", "70078867355138051369967558370536672710", "317807581993598243132077952695981339857", "247812858636199983564700080281754340264" ] }, "id": "ASB-A-265016072-09a23a07", "source": "https://android.googlesource.com/kernel/common/+/8103d53f25ec7", "deprecated": false, "signature_version": "v1", "target": { "file": "drivers/gpu/drm/msm/adreno/adreno_gpu.c" }, "signature_type": "Line" }, { "digest": { "threshold": 0.9, "line_hashes": [ "118492932545520791641655017401360173934", "163526697256376568562232606184995229554", "217608385893849329291499603075213132191" ] }, "id": "ASB-A-265016072-3e0a3903", "source": "https://android.googlesource.com/kernel/common/+/8103d53f25ec7", "deprecated": false, "signature_version": "v1", "target": { "file": "drivers/gpu/drm/msm/msm_gpu.c" }, "signature_type": "Line" }, { "digest": { "length": 901.0, "function_hash": "38937292462211299424417340593056186837" }, "id": "ASB-A-265016072-b1fc8290", "source": "https://android.googlesource.com/kernel/common/+/8103d53f25ec7", "deprecated": false, "signature_version": "v1", "target": { "file": "drivers/gpu/drm/msm/adreno/adreno_gpu.c", "function": "adreno_set_param" }, "signature_type": "Function" }, { "digest": { "length": 451.0, "function_hash": "172533765802362585631188051682220935161" }, "id": "ASB-A-265016072-fa78c0d6", "source": "https://android.googlesource.com/kernel/common/+/8103d53f25ec7", "deprecated": false, "signature_version": "v1", "target": { "file": "drivers/gpu/drm/msm/msm_gpu.c", "function": "get_comm_cmdline" }, "signature_type": "Function" } ], "fixes": [ "https://android.googlesource.com/kernel/common/+/8103d53f25ec7" ], "spl": "2023-05-05", "severity": "High", "types": [ "EoP" ] }