In tipccryptokey_rcv of net/tipc/crypto.c , there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with System execution privileges needed. User interaction is not needed for exploitation.
{ "vanir_signatures": [ { "digest": { "length": 1201.0, "function_hash": "165025846641989750361407003519146692212" }, "id": "PUB-A-205243414-6de32fcc", "source": "https://android.googlesource.com/kernel/common/+/fa40d9734a57bcbfa79a280189799f76c88f7bb0", "deprecated": false, "signature_version": "v1", "target": { "file": "net/tipc/crypto.c", "function": "tipc_crypto_key_rcv" }, "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "148155171852493371424624041856807785153", "251639815322727246262081551430150554718", "236213065301705925189794682410425126750", "189101388776756448769729411153813098575", "21197357775156626527837065969831587804", "156464690181593625039806695064042949172", "305612216453868096889630244074880818110", "7159205484659873358207493268605421660", "224483733087741477354263399705811951764", "110317620116586419236171850011157362377", "239176879386071197662795414597419360060", "217849402809423262460670338411833207506", "276771160224978049714307464556808469324", "237323861621972783348797952732886692905", "117932870441413409585873218097619926945", "229408244685073426433921545421070216828", "305663058577997695735688994785410932262", "318190873316587655602615765755039123899", "183364873458001179030282472237893229035", "51459361090268111026017362861264147237", "154433287631908009787769110016703759228", "241126127206920650403030807990663061218", "165348632058685993708535046880941607844", "255345203120634654985333599222764010955", "111004119002526832093968844797934713058", "323872500412702930375096010230137027722", "258359184325326767512782662453220450755", "128846443321212860363422785330189709552", "149966122736841399777004703781664860609", "64458163494698845288487130898041543165", "330247967009766431981889904854917680964" ] }, "id": "PUB-A-205243414-9545b689", "source": "https://android.googlesource.com/kernel/common/+/fa40d9734a57bcbfa79a280189799f76c88f7bb0", "deprecated": false, "signature_version": "v1", "target": { "file": "net/tipc/crypto.c" }, "signature_type": "Line" } ], "fixes": [ "https://android.googlesource.com/kernel/common/+/fa40d9734a57bcbfa79a280189799f76c88f7bb0" ], "spl": "2022-03-05", "severity": "Moderate", "types": [ "RCE" ] }