In llcpsockbind/connect of llcp_sock.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
{ "vanir_signatures": [ { "digest": { "threshold": 0.9, "line_hashes": [ "311094159527864628640556853982591429526", "203292252911839515088011983804166653463", "308573746362083104035073468352641602010", "5279465986961289992332284036729216628", "85575399929900907337989227198497564042", "126171394193079237581312123621842699727", "288547535770063650017500347390234957222", "149409826401548706840558205560670734961", "166002976706544160484421132193625339354", "44404290750259019290273165593457701535", "84182691138410624671421697158134401692", "136914315875162032102166272494007540277", "38929964334056905252990502398175936064", "5279465986961289992332284036729216628", "53389377917570243283987578637839388379", "98390281507922327696085971841354854994", "175263582922151470655635921516058473873", "137566750082232521716198589159339969188" ] }, "id": "PUB-A-188883590-2a529ed9", "source": "https://android.googlesource.com/kernel/common/+/c61760e6940d", "deprecated": false, "signature_version": "v1", "target": { "file": "net/nfc/llcp_sock.c" }, "signature_type": "Line" }, { "digest": { "length": 1641.0, "function_hash": "257256339786181560469811602584949137300" }, "id": "PUB-A-188883590-5fd903ce", "source": "https://android.googlesource.com/kernel/common/+/c61760e6940d", "deprecated": false, "signature_version": "v1", "target": { "file": "net/nfc/llcp_sock.c", "function": "llcp_sock_bind" }, "signature_type": "Function" }, { "digest": { "length": 2419.0, "function_hash": "156832375398182454174429829983129193647" }, "id": "PUB-A-188883590-965cb533", "source": "https://android.googlesource.com/kernel/common/+/c61760e6940d", "deprecated": false, "signature_version": "v1", "target": { "file": "net/nfc/llcp_sock.c", "function": "llcp_sock_connect" }, "signature_type": "Function" } ], "fixes": [ "https://android.googlesource.com/kernel/common/+/c61760e6940d" ], "spl": "2021-12-05", "severity": "Moderate", "types": [ "EoP" ] }