In rwi93sendtoupper of rw_i93.cc, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
{
"types": [
"EoP"
],
"vanir_signatures": [
{
"deprecated": false,
"digest": {
"function_hash": "288516866889129787941985763249517117985",
"length": 3916.0
},
"id": "ASB-A-271849189-0a0ffd10",
"source": "https://android.googlesource.com/platform/system/nfc/+/dc9d09e1698725712628d394bf9be4c9003579e8",
"signature_type": "Function",
"signature_version": "v1",
"target": {
"function": "rw_i93_send_to_upper",
"file": "src/nfc/tags/rw_i93.cc"
}
},
{
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"72247595034635059755324449475392037959",
"91200629283256505089092559029191209159",
"103095160778598118044654568876133632888",
"82392611457310425243320920294441324667"
]
},
"id": "ASB-A-271849189-b08202ce",
"source": "https://android.googlesource.com/platform/system/nfc/+/dc9d09e1698725712628d394bf9be4c9003579e8",
"signature_type": "Line",
"signature_version": "v1",
"target": {
"file": "src/nfc/tags/rw_i93.cc"
}
}
],
"spl": "2023-07-01",
"severity": "High",
"fixes": [
"https://android.googlesource.com/platform/system/nfc/+/dc9d09e1698725712628d394bf9be4c9003579e8"
]
}
{
"types": [
"EoP"
],
"vanir_signatures": [
{
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"72247595034635059755324449475392037959",
"91200629283256505089092559029191209159",
"103095160778598118044654568876133632888",
"82392611457310425243320920294441324667"
]
},
"id": "ASB-A-271849189-a587ecc3",
"signature_version": "v1",
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/system/nfc/+/dc9d09e1698725712628d394bf9be4c9003579e8",
"target": {
"file": "src/nfc/tags/rw_i93.cc"
}
},
{
"deprecated": false,
"digest": {
"length": 3916.0,
"function_hash": "288516866889129787941985763249517117985"
},
"id": "ASB-A-271849189-df43d87e",
"signature_version": "v1",
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/system/nfc/+/dc9d09e1698725712628d394bf9be4c9003579e8",
"target": {
"function": "rw_i93_send_to_upper",
"file": "src/nfc/tags/rw_i93.cc"
}
}
],
"spl": "2023-07-01",
"severity": "High",
"fixes": [
"https://android.googlesource.com/platform/system/nfc/+/dc9d09e1698725712628d394bf9be4c9003579e8"
]
}
{
"vanir_signatures": [
{
"deprecated": false,
"digest": {
"function_hash": "288516866889129787941985763249517117985",
"length": 3916.0
},
"id": "ASB-A-271849189-1d8194d7",
"signature_version": "v1",
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/system/nfc/+/dc9d09e1698725712628d394bf9be4c9003579e8",
"target": {
"function": "rw_i93_send_to_upper",
"file": "src/nfc/tags/rw_i93.cc"
}
},
{
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"72247595034635059755324449475392037959",
"91200629283256505089092559029191209159",
"103095160778598118044654568876133632888",
"82392611457310425243320920294441324667"
]
},
"id": "ASB-A-271849189-55357a0c",
"signature_version": "v1",
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/system/nfc/+/dc9d09e1698725712628d394bf9be4c9003579e8",
"target": {
"file": "src/nfc/tags/rw_i93.cc"
}
}
],
"types": [
"EoP"
],
"spl": "2023-07-01",
"severity": "High",
"fixes": [
"https://android.googlesource.com/platform/system/nfc/+/dc9d09e1698725712628d394bf9be4c9003579e8"
]
}
{
"types": [
"EoP"
],
"vanir_signatures": [
{
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"72247595034635059755324449475392037959",
"91200629283256505089092559029191209159",
"103095160778598118044654568876133632888",
"82392611457310425243320920294441324667"
]
},
"id": "ASB-A-271849189-531f9c24",
"signature_version": "v1",
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/system/nfc/+/dc9d09e1698725712628d394bf9be4c9003579e8",
"target": {
"file": "src/nfc/tags/rw_i93.cc"
}
},
{
"deprecated": false,
"digest": {
"length": 3916.0,
"function_hash": "288516866889129787941985763249517117985"
},
"id": "ASB-A-271849189-9c5af80d",
"signature_version": "v1",
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/system/nfc/+/dc9d09e1698725712628d394bf9be4c9003579e8",
"target": {
"function": "rw_i93_send_to_upper",
"file": "src/nfc/tags/rw_i93.cc"
}
}
],
"spl": "2023-07-01",
"severity": "High",
"fixes": [
"https://android.googlesource.com/platform/system/nfc/+/dc9d09e1698725712628d394bf9be4c9003579e8"
]
}
{
"types": [
"EoP"
],
"vanir_signatures": [
{
"deprecated": false,
"digest": {
"function_hash": "288516866889129787941985763249517117985",
"length": 3916.0
},
"id": "ASB-A-271849189-36342c0b",
"source": "https://android.googlesource.com/platform/system/nfc/+/dc9d09e1698725712628d394bf9be4c9003579e8",
"signature_type": "Function",
"signature_version": "v1",
"target": {
"function": "rw_i93_send_to_upper",
"file": "src/nfc/tags/rw_i93.cc"
}
},
{
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"72247595034635059755324449475392037959",
"91200629283256505089092559029191209159",
"103095160778598118044654568876133632888",
"82392611457310425243320920294441324667"
]
},
"id": "ASB-A-271849189-95513c31",
"signature_version": "v1",
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/system/nfc/+/dc9d09e1698725712628d394bf9be4c9003579e8",
"target": {
"file": "src/nfc/tags/rw_i93.cc"
}
}
],
"spl": "2023-07-01",
"severity": "High",
"fixes": [
"https://android.googlesource.com/platform/system/nfc/+/dc9d09e1698725712628d394bf9be4c9003579e8"
]
}