In legacyparseparam of fs_context.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
{ "fixes": [ "https://android.googlesource.com/kernel/common/+/a32e89883a535", "https://android.googlesource.com/kernel/common/+/eadde287a62e6" ], "severity": "Moderate", "types": [ "EoP" ], "spl": "2022-06-05", "vanir_signatures": [ { "target": { "file": "fs/fs_context.c" }, "id": "PUB-A-213172369-44cea301", "deprecated": false, "digest": { "threshold": 0.9, "line_hashes": [ "332611879140404434690152632347982780701", "193005555054335394959908412522152239921", "308843018842959193664841224512432202885", "251322244919373171567936309461685841974" ] }, "source": "https://android.googlesource.com/kernel/common/+/a32e89883a535", "signature_type": "Line", "signature_version": "v1" }, { "target": { "file": "fs/fs_context.c", "function": "legacy_parse_param" }, "id": "PUB-A-213172369-4d2f18b1", "deprecated": false, "digest": { "function_hash": "67543043462929298139978757926468672210", "length": 1796.0 }, "source": "https://android.googlesource.com/kernel/common/+/a32e89883a535", "signature_type": "Function", "signature_version": "v1" }, { "target": { "file": "fs/fs_context.c" }, "id": "PUB-A-213172369-a492c0a0", "deprecated": false, "digest": { "threshold": 0.9, "line_hashes": [ "332611879140404434690152632347982780701", "193005555054335394959908412522152239921", "308843018842959193664841224512432202885", "251322244919373171567936309461685841974" ] }, "source": "https://android.googlesource.com/kernel/common/+/eadde287a62e6", "signature_type": "Line", "signature_version": "v1" }, { "target": { "file": "fs/fs_context.c", "function": "legacy_parse_param" }, "id": "PUB-A-213172369-aad49fbf", "deprecated": false, "digest": { "function_hash": "67543043462929298139978757926468672210", "length": 1796.0 }, "source": "https://android.googlesource.com/kernel/common/+/eadde287a62e6", "signature_type": "Function", "signature_version": "v1" } ] }