In multiple functions of TranscodingResourcePolicy.cpp, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
{ "vanir_signatures": [ { "digest": { "threshold": 0.9, "line_hashes": [ "88055873065938229015039868178854815111", "21831366337880377212900398717762876352", "230246249510369761794792499675499234160", "280884578144678649884035473960892402922", "188911508489527231183016731844564273951", "89794036570798171606971559582008842470", "42681266386760479348615141549354121270", "21115406930624199543209620153571833087", "50372186165674810357122891259551039466", "250306721803660844074441741178856173185" ] }, "id": "ASB-A-319210610-14af80ac", "source": "https://android.googlesource.com/platform/hardware/interfaces/+/92f705cee51938f485b3a8ca1e09910761f7eac0", "deprecated": false, "signature_version": "v1", "target": { "file": "health/aidl/default/LinkedCallback.h" }, "signature_type": "Line" }, { "match_only_versions": [ "14-next" ], "digest": { "length": 90.0, "function_hash": "300740564697337831257782458889711896646" }, "id": "ASB-A-319210610-23ee87ee", "source": "https://android.googlesource.com/platform/hardware/interfaces/+/92f705cee51938f485b3a8ca1e09910761f7eac0", "deprecated": false, "signature_version": "v1", "target": { "file": "health/aidl/default/Health.cpp", "function": "death_recipient_" }, "signature_type": "Function" }, { "match_only_versions": [ "14-next" ], "digest": { "threshold": 0.9, "line_hashes": [ "326899136224680279807580143555193999255", "144570384623791679082821068512163434055", "110587706139266352491087307600015537906", "99237932853060104737909824956186024460" ] }, "id": "ASB-A-319210610-2895cf39", "source": "https://android.googlesource.com/platform/hardware/interfaces/+/92f705cee51938f485b3a8ca1e09910761f7eac0", "deprecated": false, "signature_version": "v1", "target": { "file": "health/aidl/default/include/health-impl/Health.h" }, "signature_type": "Line" }, { "match_only_versions": [ "14-next" ], "digest": { "length": 97.0, "function_hash": "289736972941993372157628137255891761770" }, "id": "ASB-A-319210610-40c0fd0c", "source": "https://android.googlesource.com/platform/hardware/interfaces/+/92f705cee51938f485b3a8ca1e09910761f7eac0", "deprecated": false, "signature_version": "v1", "target": { "file": "health/aidl/default/LinkedCallback.cpp", "function": "LinkedCallback::OnCallbackDied" }, "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "190776895796579005650597781038594556515", "147560469819460551409564125041853909937", "313732980369219868787472027287117619783", "117708777502132553997426286843148966239", "37451360638920344393472737522455189284", "129539114118452479996158285928144013146", "4955245391244038107981064970618480498", "287170460903476809285982741674429143219", "227039537899996972471330565837820300457", "334902436829235129554984868054113197890", "286083258904902227399368133921336724253", "177954912571676520115269160201038074494", "182028739491224954286266148650615088567", "11351139861147799930676296460679458284", "5737785575584939595096926112739581461", "88887132411027010047141093159340345941", "60153417329959286429406459727485023009", "38687653355058011972241124259159439220", "223781059998303893032780503200762327171", "155444453087355997842516772154216507231", "48497545863459276293625570464182942101", "271785510299465849903412558820735468644", "54822290140072187460498941073603545101", "50982630818973887738336345387407140262", "47295674910586474858549424140224028529", "315883080893824751426353584378432771625", "233769336621174844960301255280755537324", "192301330453588666063975170343317862002", "246844631279833180561309643855506978601", "287092461571652586970379880291532826827", "19785226916215880760245839193198694252", "98270643683058487547033011097067532253" ] }, "id": "ASB-A-319210610-463b102f", "source": "https://android.googlesource.com/platform/hardware/interfaces/+/92f705cee51938f485b3a8ca1e09910761f7eac0", "deprecated": false, "signature_version": "v1", "target": { "file": "health/aidl/default/LinkedCallback.cpp" }, "signature_type": "Line" }, { "digest": { "threshold": 0.9, "line_hashes": [ "71325017191587605998124741257676976830", "244467282530860110652187327561002650670", "158257539857891727410572145848978961811", "95466657349771400873312876110431686643", "298237331269154985935840122803457892873", "287778197062952692350211979089777731912", "55089222175698013616394697470233690625", "284322679722892199350672807933361731530", "2290438750909914996834989030368788751", "49954666015876260575330347625437165682", "72730607423220034589056970980159675428", "28756688874090478124144273491125857033", "4106821767378629383786423429203076999", "70304957039245881876803990386820157181", "199842025394898628903427998308591965277", "77186955587156672889245599848467122293", "126048340418723316039340074032864417701", "192026352675894861663390848448153705572", "108258379241582231246331345229341387821", "202309968108345473609259623696767730051", "230384075388064353015534286144723312031", "178935103291506872577453997595900161903", "383986971664094641964911096181101438", "8006991666606403765730359734503744230", "67930681422328714596158351159304834024", "211111002653935174636178717288259826303" ] }, "id": "ASB-A-319210610-51c42495", "source": "https://android.googlesource.com/platform/hardware/interfaces/+/92f705cee51938f485b3a8ca1e09910761f7eac0", "deprecated": false, "signature_version": "v1", "target": { "file": "health/aidl/default/Health.cpp" }, "signature_type": "Line" }, { "digest": { "length": 960.0, "function_hash": "221898747952532295987130569611993977658" }, "id": "ASB-A-319210610-702124d5", "source": "https://android.googlesource.com/platform/hardware/interfaces/+/92f705cee51938f485b3a8ca1e09910761f7eac0", "deprecated": false, "signature_version": "v1", "target": { "file": "health/aidl/default/Health.cpp", "function": "Health::registerCallback" }, "signature_type": "Function" }, { "digest": { "length": 472.0, "function_hash": "65588303066599657894901207928732112239" }, "id": "ASB-A-319210610-7fadac94", "source": "https://android.googlesource.com/platform/hardware/interfaces/+/92f705cee51938f485b3a8ca1e09910761f7eac0", "deprecated": false, "signature_version": "v1", "target": { "file": "health/aidl/default/Health.cpp", "function": "Health::OnHealthInfoChanged" }, "signature_type": "Function" }, { "digest": { "length": 453.0, "function_hash": "203781655547380121228648489127196543767" }, "id": "ASB-A-319210610-b2ba0d9b", "source": "https://android.googlesource.com/platform/hardware/interfaces/+/92f705cee51938f485b3a8ca1e09910761f7eac0", "deprecated": false, "signature_version": "v1", "target": { "file": "health/aidl/default/LinkedCallback.cpp", "function": "LinkedCallback::Make" }, "signature_type": "Function" }, { "match_only_versions": [ "14-next" ], "digest": { "length": 387.0, "function_hash": "95069492653139285366455002942644688584" }, "id": "ASB-A-319210610-b74ab717", "source": "https://android.googlesource.com/platform/hardware/interfaces/+/92f705cee51938f485b3a8ca1e09910761f7eac0", "deprecated": false, "signature_version": "v1", "target": { "file": "health/aidl/default/LinkedCallback.cpp", "function": "LinkedCallback::~LinkedCallback" }, "signature_type": "Function" }, { "match_only_versions": [ "14-next" ], "digest": { "length": 628.0, "function_hash": "166952596721966745935800565880940171924" }, "id": "ASB-A-319210610-e2ba65e0", "source": "https://android.googlesource.com/platform/hardware/interfaces/+/92f705cee51938f485b3a8ca1e09910761f7eac0", "deprecated": false, "signature_version": "v1", "target": { "file": "health/aidl/default/Health.cpp", "function": "Health::unregisterCallback" }, "signature_type": "Function" } ], "fixes": [ "https://android.googlesource.com/platform/hardware/interfaces/+/92f705cee51938f485b3a8ca1e09910761f7eac0" ], "spl": "2024-08-01", "severity": "High", "types": [ "EoP" ] }
{ "vanir_signatures": [ { "match_only_versions": [ "14-next" ], "digest": { "threshold": 0.9, "line_hashes": [ "303452778891494800091258403998038953656", "137546428114884860978136533582394733635", "126430875558707470628829286121584880851" ] }, "id": "ASB-A-319210610-0a12c6fb", "source": "https://android.googlesource.com/platform/system/nfc/+/61e85a0efb40101a67004bbdde92ecb3e2619245", "deprecated": false, "signature_version": "v1", "target": { "file": "src/include/NfcAdaptation.h" }, "signature_type": "Line" }, { "digest": { "threshold": 0.9, "line_hashes": [ "172761299231926371494450949941106256386", "99013579739634249941807440848928648383", "245597867166856563006943937366242826917", "112725002936376826118247831219124605772", "315629282321432520066601751638087295318", "311372477722161480571569393937650103880", "59516521405284473397738158598849423465", "48003345987571918564222640396765794531", "215851773235794087398139712988604266196", "110350937067545084828828457868052249266", "49253200448427155108109172496959456870", "64615238649884678946839418563101009740", "291627558934228775524929618694143331358", "131496948849560617720727457704880192301", "159594610820155054647763233939118712092", "243628573594403179876779806237055224467", "235346677763906315561111664294720855657", "126280323663538771432847191172275044878", "95363894994034707650320095685481294040", "37742344300394356133737241986943478530", "267507793667508155980518100491965652387", "233436731569506537577937498174509142086", "111060060983588290242076065757194420224", "255992413356017998871447720839448546165", "78299317321049500597569524606999950521", "199996685300165119626170241439021258969", "7080525728700124294334265018471705908", "261156534128066911479514342523815796749", "145582176526232354842633462804303542508", "328822235067171455200488434378716138458", "199469426350524965198492051207178331701", "208496187751003204410283777461952364637", "220469665713517378909040572135051572566", "250376403609424910937913110868996989112", "243192816612373850864031527999595355789", "171152750758269589659971471582227422027" ] }, "id": "ASB-A-319210610-34711b07", "source": "https://android.googlesource.com/platform/system/nfc/+/61e85a0efb40101a67004bbdde92ecb3e2619245", "deprecated": false, "signature_version": "v1", "target": { "file": "src/adaptation/NfcAdaptation.cc" }, "signature_type": "Line" }, { "digest": { "length": 464.0, "function_hash": "255894120896083993233258903276104615097" }, "id": "ASB-A-319210610-3c347c11", "source": "https://android.googlesource.com/platform/system/nfc/+/61e85a0efb40101a67004bbdde92ecb3e2619245", "deprecated": false, "signature_version": "v1", "target": { "file": "src/adaptation/NfcAdaptation.cc", "function": "NfcAdaptation::Finalize" }, "signature_type": "Function" }, { "match_only_versions": [ "14-next" ], "digest": { "length": 214.0, "function_hash": "238719037673068852935139253896439006298" }, "id": "ASB-A-319210610-42fb42e5", "source": "https://android.googlesource.com/platform/system/nfc/+/61e85a0efb40101a67004bbdde92ecb3e2619245", "deprecated": false, "signature_version": "v1", "target": { "file": "src/adaptation/NfcAdaptation.cc", "function": "NfcAdaptation::NfcAdaptation" }, "signature_type": "Function" }, { "digest": { "length": 471.0, "function_hash": "206473967776763770534651317984480610847" }, "id": "ASB-A-319210610-656278f9", "source": "https://android.googlesource.com/platform/system/nfc/+/61e85a0efb40101a67004bbdde92ecb3e2619245", "deprecated": false, "signature_version": "v1", "target": { "file": "src/adaptation/NfcAdaptation.cc", "function": "NfcAdaptation::DeviceShutdown" }, "signature_type": "Function" }, { "match_only_versions": [ "14-next" ], "digest": { "length": 137.0, "function_hash": "193491853004527938573488006896122188623" }, "id": "ASB-A-319210610-6663e3bb", "source": "https://android.googlesource.com/platform/system/nfc/+/61e85a0efb40101a67004bbdde92ecb3e2619245", "deprecated": false, "signature_version": "v1", "target": { "file": "src/adaptation/NfcAdaptation.cc", "function": "NfcAdaptation::HalAidlBinderDied" }, "signature_type": "Function" }, { "match_only_versions": [ "14-next" ], "digest": { "length": 1654.0, "function_hash": "186770298774052502719745853672960304333" }, "id": "ASB-A-319210610-6ea3c4ff", "source": "https://android.googlesource.com/platform/system/nfc/+/61e85a0efb40101a67004bbdde92ecb3e2619245", "deprecated": false, "signature_version": "v1", "target": { "file": "src/adaptation/NfcAdaptation.cc", "function": "NfcAdaptation::InitializeHalDeviceContext" }, "signature_type": "Function" }, { "digest": { "length": 286.0, "function_hash": "101130956226241073284193377342887293132" }, "id": "ASB-A-319210610-dc6e78f0", "source": "https://android.googlesource.com/platform/system/nfc/+/61e85a0efb40101a67004bbdde92ecb3e2619245", "deprecated": false, "signature_version": "v1", "target": { "file": "src/adaptation/NfcAdaptation.cc", "function": "NfcAdaptation::HalAidlBinderDiedImpl" }, "signature_type": "Function" } ], "fixes": [ "https://android.googlesource.com/platform/system/nfc/+/61e85a0efb40101a67004bbdde92ecb3e2619245" ], "spl": "2024-08-01", "severity": "High", "types": [ "EoP" ] }
{ "vanir_signatures": [ { "digest": { "length": 286.0, "function_hash": "101130956226241073284193377342887293132" }, "id": "ASB-A-319210610-2d40b196", "source": "https://android.googlesource.com/platform/system/nfc/+/f81fc62613265a286b8c1b8308c6f742e8329850", "deprecated": false, "signature_version": "v1", "target": { "file": "src/adaptation/NfcAdaptation.cc", "function": "NfcAdaptation::HalAidlBinderDiedImpl" }, "signature_type": "Function" }, { "match_only_versions": [ "14" ], "digest": { "threshold": 0.9, "line_hashes": [ "303452778891494800091258403998038953656", "137546428114884860978136533582394733635", "126430875558707470628829286121584880851" ] }, "id": "ASB-A-319210610-31d72eec", "source": "https://android.googlesource.com/platform/system/nfc/+/f81fc62613265a286b8c1b8308c6f742e8329850", "deprecated": false, "signature_version": "v1", "target": { "file": "src/include/NfcAdaptation.h" }, "signature_type": "Line" }, { "digest": { "threshold": 0.9, "line_hashes": [ "104028522266311521889004705999506643623", "127082361905063097763398242542576551353", "218935215295497389969308849061551022100", "112725002936376826118247831219124605772", "315629282321432520066601751638087295318", "311372477722161480571569393937650103880", "59516521405284473397738158598849423465", "48003345987571918564222640396765794531", "215851773235794087398139712988604266196", "110350937067545084828828457868052249266", "49253200448427155108109172496959456870", "64615238649884678946839418563101009740", "291627558934228775524929618694143331358", "131496948849560617720727457704880192301", "159594610820155054647763233939118712092", "243628573594403179876779806237055224467", "235346677763906315561111664294720855657", "126280323663538771432847191172275044878", "95363894994034707650320095685481294040", "37742344300394356133737241986943478530", "267507793667508155980518100491965652387", "233436731569506537577937498174509142086", "111060060983588290242076065757194420224", "255992413356017998871447720839448546165", "78299317321049500597569524606999950521", "199996685300165119626170241439021258969", "7080525728700124294334265018471705908", "261156534128066911479514342523815796749", "145582176526232354842633462804303542508", "328822235067171455200488434378716138458", "199469426350524965198492051207178331701", "208496187751003204410283777461952364637", "220469665713517378909040572135051572566", "250376403609424910937913110868996989112", "243192816612373850864031527999595355789", "171152750758269589659971471582227422027" ] }, "id": "ASB-A-319210610-3bdf94fc", "source": "https://android.googlesource.com/platform/system/nfc/+/f81fc62613265a286b8c1b8308c6f742e8329850", "deprecated": false, "signature_version": "v1", "target": { "file": "src/adaptation/NfcAdaptation.cc" }, "signature_type": "Line" }, { "digest": { "length": 498.0, "function_hash": "219349076299273082205560848465424477086" }, "id": "ASB-A-319210610-6b1ca363", "source": "https://android.googlesource.com/platform/system/nfc/+/f81fc62613265a286b8c1b8308c6f742e8329850", "deprecated": false, "signature_version": "v1", "target": { "file": "src/adaptation/NfcAdaptation.cc", "function": "NfcAdaptation::Finalize" }, "signature_type": "Function" }, { "match_only_versions": [ "14" ], "digest": { "length": 214.0, "function_hash": "238719037673068852935139253896439006298" }, "id": "ASB-A-319210610-8d45eb12", "source": "https://android.googlesource.com/platform/system/nfc/+/f81fc62613265a286b8c1b8308c6f742e8329850", "deprecated": false, "signature_version": "v1", "target": { "file": "src/adaptation/NfcAdaptation.cc", "function": "NfcAdaptation::NfcAdaptation" }, "signature_type": "Function" }, { "digest": { "length": 471.0, "function_hash": "206473967776763770534651317984480610847" }, "id": "ASB-A-319210610-db2a2c3e", "source": "https://android.googlesource.com/platform/system/nfc/+/f81fc62613265a286b8c1b8308c6f742e8329850", "deprecated": false, "signature_version": "v1", "target": { "file": "src/adaptation/NfcAdaptation.cc", "function": "NfcAdaptation::DeviceShutdown" }, "signature_type": "Function" }, { "match_only_versions": [ "14" ], "digest": { "length": 1654.0, "function_hash": "186770298774052502719745853672960304333" }, "id": "ASB-A-319210610-dd232968", "source": "https://android.googlesource.com/platform/system/nfc/+/f81fc62613265a286b8c1b8308c6f742e8329850", "deprecated": false, "signature_version": "v1", "target": { "file": "src/adaptation/NfcAdaptation.cc", "function": "NfcAdaptation::InitializeHalDeviceContext" }, "signature_type": "Function" }, { "match_only_versions": [ "14" ], "digest": { "length": 137.0, "function_hash": "193491853004527938573488006896122188623" }, "id": "ASB-A-319210610-ec8aadc2", "source": "https://android.googlesource.com/platform/system/nfc/+/f81fc62613265a286b8c1b8308c6f742e8329850", "deprecated": false, "signature_version": "v1", "target": { "file": "src/adaptation/NfcAdaptation.cc", "function": "NfcAdaptation::HalAidlBinderDied" }, "signature_type": "Function" } ], "fixes": [ "https://android.googlesource.com/platform/system/nfc/+/f81fc62613265a286b8c1b8308c6f742e8329850" ], "spl": "2024-08-01", "severity": "High", "types": [ "EoP" ] }