In _configfsopen_file of file.c, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the kernel with System execution privileges needed. User interaction is not needed for exploitation.
{ "vanir_signatures": [ { "digest": { "threshold": 0.9, "line_hashes": [ "144261116513192799815408308108193273292", "280781786439567612260994831180360960883", "294553813030166689570977029959468771305", "44940190791430184155033322297531087488", "285552538128918411554703429691707246082", "104919542549789817862532048649785228643", "279827945998338001019451597880694582641", "6595587290564947242546059497818810327", "190916364920762292293447845892620409137", "162921567346689495062851703827226368764", "301267022441689315400425846168886330072", "156405275566311389306309063316725664667", "279740195975143045432302307182040504197" ] }, "id": "PUB-A-174049066-039f667e", "source": "https://android.googlesource.com/kernel/common/+/14fbbc8297728e880070f7b077b3301a8c698ef9", "deprecated": false, "signature_version": "v1", "target": { "file": "fs/configfs/file.c" }, "signature_type": "Line" }, { "digest": { "length": 1865.0, "function_hash": "104396315799143217044677248812266308073" }, "id": "PUB-A-174049066-ce7dfc4d", "source": "https://android.googlesource.com/kernel/common/+/14fbbc8297728e880070f7b077b3301a8c698ef9", "deprecated": false, "signature_version": "v1", "target": { "file": "fs/configfs/file.c", "function": "__configfs_open_file" }, "signature_type": "Function" } ], "fixes": [ "https://android.googlesource.com/kernel/common/+/14fbbc8297728e880070f7b077b3301a8c698ef9" ], "spl": "2021-12-05", "severity": "Moderate", "types": [ "EoP" ] }