In hidoutputreport of hid-core.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
{ "vanir_signatures": [ { "digest": { "threshold": 0.9, "line_hashes": [ "59279288054240772512122037148835217342", "211880442018003413039781699765869659646", "214310009365619240478923272630953271789", "321971145287701039621919956120198388347", "207959965809916909403245645649888378685", "188374904451562885539951987849272656462", "319458721325611379528885337716549284009", "104733734344321184961195836625682850135", "31016265555568093321704658062067679381", "122010839418486169462622783824556336648", "107437023064454477683088389321012772659" ] }, "id": "PUB-A-160818461-4606e0d5", "source": "https://android.googlesource.com/kernel/common/+/bce1305c0ece3", "deprecated": false, "signature_version": "v1", "target": { "file": "drivers/hid/hid-core.c", "truncated_path_level": 1.0 }, "signature_type": "Line" }, { "digest": { "length": 300.0, "function_hash": "302779128589865924941927860846474042040" }, "id": "PUB-A-160818461-482eb047", "source": "https://android.googlesource.com/kernel/common/+/bce1305c0ece3", "deprecated": false, "signature_version": "v1", "target": { "file": "drivers/hid/hid-core.c", "truncated_path_level": 1.0, "function": "hid_output_report" }, "signature_type": "Function" }, { "digest": { "length": 1264.0, "function_hash": "86180056594490316600717451057640403042" }, "id": "PUB-A-160818461-95d3f56d", "source": "https://android.googlesource.com/kernel/common/+/bce1305c0ece3", "deprecated": false, "signature_version": "v1", "target": { "file": "drivers/hid/hid-core.c", "truncated_path_level": 1.0, "function": "hid_report_raw_event" }, "signature_type": "Function" } ], "fixes": [ "https://android.googlesource.com/kernel/common/+/bce1305c0ece3" ], "spl": "2022-12-05", "severity": "Moderate", "types": [ "EoP" ] }