In _htabmaplookupanddeletebatch of hashtab.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
{ "vanir_signatures": [ { "digest": { "length": 3574.0, "function_hash": "127331074739203562560229732259510439617" }, "id": "PUB-A-197155069-5385d91f", "source": "https://android.googlesource.com/kernel/common/+/c4eb1f403243fc7bbb7de644db8587c03de36da6", "deprecated": false, "signature_version": "v1", "target": { "file": "kernel/bpf/hashtab.c", "function": "__htab_map_lookup_and_delete_batch" }, "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "212658755389406059833830562300516653499", "201381836538477114258617779280796146030", "302285419246911275932144487388570272238", "262131155964030128750198698395094825846", "120523421720983727123488074848466022665" ] }, "id": "PUB-A-197155069-dd80b817", "source": "https://android.googlesource.com/kernel/common/+/c4eb1f403243fc7bbb7de644db8587c03de36da6", "deprecated": false, "signature_version": "v1", "target": { "file": "kernel/bpf/hashtab.c" }, "signature_type": "Line" } ], "fixes": [ "https://android.googlesource.com/kernel/common/+/c4eb1f403243fc7bbb7de644db8587c03de36da6" ], "spl": "2021-10-05", "severity": "Moderate", "types": [ "EoP" ] }