In initiateTdlsTeardownInternal of sta_iface.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure in the wifi server with System execution privileges needed. User interaction is not needed for exploitation.
{ "vanir_signatures": [ { "match_only_versions": [ "13-next" ], "digest": { "length": 424.0, "function_hash": "302268144275723282215237474613964667341" }, "id": "PUB-A-262235951-47b0e1ac", "source": "https://android.googlesource.com/platform/external/wpa_supplicant_8/+/40e0dc8763a833a0bfe835843000f644be48ca20", "deprecated": false, "signature_version": "v1", "target": { "file": "wpa_supplicant/aidl/sta_iface.cpp", "function": "StaIface::initiateHs20IconQueryInternal" }, "signature_type": "Function" }, { "digest": { "length": 1567.0, "function_hash": "257355276165712963944831835492749907205" }, "id": "PUB-A-262235951-5cd64147", "source": "https://android.googlesource.com/platform/external/wpa_supplicant_8/+/40e0dc8763a833a0bfe835843000f644be48ca20", "deprecated": false, "signature_version": "v1", "target": { "file": "wpa_supplicant/aidl/p2p_iface.cpp", "function": "P2pIface::addGroupWithConfigInternal" }, "signature_type": "Function" }, { "match_only_versions": [ "13-next" ], "digest": { "length": 286.0, "function_hash": "187077103001751572314279034052689728383" }, "id": "PUB-A-262235951-6d5fa3db", "source": "https://android.googlesource.com/platform/external/wpa_supplicant_8/+/40e0dc8763a833a0bfe835843000f644be48ca20", "deprecated": false, "signature_version": "v1", "target": { "file": "wpa_supplicant/aidl/sta_iface.cpp", "function": "StaIface::startWpsRegistrarInternal" }, "signature_type": "Function" }, { "match_only_versions": [ "13-next" ], "digest": { "length": 397.0, "function_hash": "59139949819330265023457171034052804893" }, "id": "PUB-A-262235951-8c1a6e95", "source": "https://android.googlesource.com/platform/external/wpa_supplicant_8/+/40e0dc8763a833a0bfe835843000f644be48ca20", "deprecated": false, "signature_version": "v1", "target": { "file": "wpa_supplicant/aidl/sta_iface.cpp", "function": "StaIface::initiateTdlsDiscoverInternal" }, "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "282443825160230321450963843298545080728", "240013557668857853334420540261787923890", "62429178238551276205184415105404761893", "46560374957961384603586640630652171945", "336419216446644093182773684234698415035", "327041791035341145435564724994982404898", "78343065902290284737465664672312973572", "255724180623786242402920462074245142357" ] }, "id": "PUB-A-262235951-8e3c7fd2", "source": "https://android.googlesource.com/platform/external/wpa_supplicant_8/+/40e0dc8763a833a0bfe835843000f644be48ca20", "deprecated": false, "signature_version": "v1", "target": { "file": "wpa_supplicant/aidl/p2p_iface.cpp" }, "signature_type": "Line" }, { "match_only_versions": [ "13-next" ], "digest": { "length": 478.0, "function_hash": "270479948021175522507269756789778107231" }, "id": "PUB-A-262235951-b0a148ea", "source": "https://android.googlesource.com/platform/external/wpa_supplicant_8/+/40e0dc8763a833a0bfe835843000f644be48ca20", "deprecated": false, "signature_version": "v1", "target": { "file": "wpa_supplicant/aidl/sta_iface.cpp", "function": "StaIface::initiateTdlsTeardownInternal" }, "signature_type": "Function" }, { "match_only_versions": [ "13-next" ], "digest": { "length": 1417.0, "function_hash": "23404326539921386207545272978027900169" }, "id": "PUB-A-262235951-b3186f45", "source": "https://android.googlesource.com/platform/external/wpa_supplicant_8/+/40e0dc8763a833a0bfe835843000f644be48ca20", "deprecated": false, "signature_version": "v1", "target": { "file": "wpa_supplicant/aidl/sta_iface.cpp", "function": "StaIface::generateDppBootstrapInfoForResponderInternal" }, "signature_type": "Function" }, { "match_only_versions": [ "13-next" ], "digest": { "length": 444.0, "function_hash": "8104615961089294009968361479877306241" }, "id": "PUB-A-262235951-b3d70c20", "source": "https://android.googlesource.com/platform/external/wpa_supplicant_8/+/40e0dc8763a833a0bfe835843000f644be48ca20", "deprecated": false, "signature_version": "v1", "target": { "file": "wpa_supplicant/aidl/sta_iface.cpp", "function": "StaIface::setCountryCodeInternal" }, "signature_type": "Function" }, { "match_only_versions": [ "13-next" ], "digest": { "length": 461.0, "function_hash": "9612674215676627984640536271814398902" }, "id": "PUB-A-262235951-b64d3488", "source": "https://android.googlesource.com/platform/external/wpa_supplicant_8/+/40e0dc8763a833a0bfe835843000f644be48ca20", "deprecated": false, "signature_version": "v1", "target": { "file": "wpa_supplicant/aidl/sta_iface.cpp", "function": "StaIface::initiateTdlsSetupInternal" }, "signature_type": "Function" }, { "match_only_versions": [ "13-next" ], "digest": { "length": 428.0, "function_hash": "57178098856143511217138945353437811603" }, "id": "PUB-A-262235951-b862ad89", "source": "https://android.googlesource.com/platform/external/wpa_supplicant_8/+/40e0dc8763a833a0bfe835843000f644be48ca20", "deprecated": false, "signature_version": "v1", "target": { "file": "wpa_supplicant/aidl/sta_iface.cpp", "function": "StaIface::startWpsPinDisplayInternal" }, "signature_type": "Function" }, { "match_only_versions": [ "13-next" ], "digest": { "length": 303.0, "function_hash": "291459334106095460708774590590163935140" }, "id": "PUB-A-262235951-cfb25b2f", "source": "https://android.googlesource.com/platform/external/wpa_supplicant_8/+/40e0dc8763a833a0bfe835843000f644be48ca20", "deprecated": false, "signature_version": "v1", "target": { "file": "wpa_supplicant/aidl/sta_iface.cpp", "function": "StaIface::initiateVenueUrlAnqpQueryInternal" }, "signature_type": "Function" }, { "match_only_versions": [ "13-next" ], "digest": { "length": 672.0, "function_hash": "222888601949521659693169645706244661099" }, "id": "PUB-A-262235951-d48eb61f", "source": "https://android.googlesource.com/platform/external/wpa_supplicant_8/+/40e0dc8763a833a0bfe835843000f644be48ca20", "deprecated": false, "signature_version": "v1", "target": { "file": "wpa_supplicant/aidl/sta_iface.cpp", "function": "StaIface::initiateAnqpQueryInternal" }, "signature_type": "Function" }, { "match_only_versions": [ "13-next" ], "digest": { "length": 537.0, "function_hash": "251277092963258719819988234584216547557" }, "id": "PUB-A-262235951-e6ded3c4", "source": "https://android.googlesource.com/platform/external/wpa_supplicant_8/+/40e0dc8763a833a0bfe835843000f644be48ca20", "deprecated": false, "signature_version": "v1", "target": { "file": "wpa_supplicant/aidl/p2p_iface.cpp", "function": "P2pIface::provisionDiscoveryInternal" }, "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "108313089334327937595636589997524737905", "66840887000484404323921320035452788215", "219717861291424890984424019376547388571", "44896243708100406615835794888652299551", "108313089334327937595636589997524737905", "66840887000484404323921320035452788215", "119966804988596060753854524323008774240", "153604098853226158544591461503264384829", "108313089334327937595636589997524737905", "66840887000484404323921320035452788215", "119966804988596060753854524323008774240", "153604098853226158544591461503264384829", "213776302724071626336886735033271865367", "111127769627793226434270712715727975740", "185587857298398648800638886100378496896", "11051987560156314982525484614039640730", "138136018535094028760656810696393132256", "242559769715913450717656652795026906173", "220163884289595045272493767027284266292", "186159613295524858348311536973943924232", "97920612003950030480333138944478168364", "106416219480024751751259025809335167026", "98678616116437698904132115913139234778", "262093932907482226702908105462070957040", "179785536207578963771599860683453035709", "306454131221479826909148403651925784495", "94508611683518420978877184414880182032", "198629720058014996525008381472581916452", "83757367880493119121683389931198569683", "31274133583577273158273533047343986777", "19101203741728346271706693008717644004", "210125636254096168817574411616794081904", "321029893561082877086623895468503904177", "74013402360008246287580570831392352661", "140269204791012767623566618777651021530", "123308398843050064060681011537122893696", "265977110554366842733255150657799530232", "74013402360008246287580570831392352661", "140269204791012767623566618777651021530", "108028509933157452795677691037514741083", "16645525397261761350351177096480169880", "257760521617479987513025030407880082978", "14183314491399266848601277807740484092" ] }, "id": "PUB-A-262235951-eba4b300", "source": "https://android.googlesource.com/platform/external/wpa_supplicant_8/+/40e0dc8763a833a0bfe835843000f644be48ca20", "deprecated": false, "signature_version": "v1", "target": { "file": "wpa_supplicant/aidl/sta_iface.cpp" }, "signature_type": "Line" }, { "match_only_versions": [ "13-next" ], "digest": { "length": 304.0, "function_hash": "264951205164416993651860207899884527381" }, "id": "PUB-A-262235951-fdcf15c9", "source": "https://android.googlesource.com/platform/external/wpa_supplicant_8/+/40e0dc8763a833a0bfe835843000f644be48ca20", "deprecated": false, "signature_version": "v1", "target": { "file": "wpa_supplicant/aidl/sta_iface.cpp", "function": "StaIface::startWpsPbcInternal" }, "signature_type": "Function" } ], "fixes": [ "https://android.googlesource.com/platform/external/wpa_supplicant_8/+/40e0dc8763a833a0bfe835843000f644be48ca20" ], "spl": "2023-06-01", "severity": "Moderate", "types": [ "ID" ] }