In SurfaceFlinger::createLayer of SurfaceFlinger.cpp, there is a possible arbitrary code execution due to improper casting. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
{ "vanir_signatures": [ { "digest": { "threshold": 0.9, "line_hashes": [ "295989999399011492101666861141714915013", "315488111032126050778635536449358085636", "15858448146814839372082332464563811561", "313470107994509140792639498939639838925" ] }, "id": "ASB-A-137284057-76b0a98b", "source": "https://android.googlesource.com/platform/frameworks/native/+/76923a32ab6ea25115b65ff86ade7235ba7b3a33", "deprecated": false, "signature_version": "v1", "target": { "file": "services/surfaceflinger/SurfaceFlinger.cpp" }, "signature_type": "Line" }, { "digest": { "length": 445.0, "function_hash": "117679393179474112100511435737374720560" }, "id": "ASB-A-137284057-def13afe", "source": "https://android.googlesource.com/platform/frameworks/native/+/76923a32ab6ea25115b65ff86ade7235ba7b3a33", "deprecated": false, "signature_version": "v1", "target": { "file": "services/surfaceflinger/SurfaceFlinger.cpp", "function": "SurfaceFlinger::onLayerRemoved" }, "signature_type": "Function" } ], "fixes": [ "https://android.googlesource.com/platform/frameworks/native/+/76923a32ab6ea25115b65ff86ade7235ba7b3a33" ], "spl": "2020-10-01", "severity": "Moderate", "types": [ "EoP" ] }