In NewFixedDoubleArray of factory.cc, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.
{ "vanir_signatures": [ { "digest": { "threshold": 0.9, "line_hashes": [ "257503698769316166642687185679505310528", "75799377391045390319712277837338821917", "200337686004425812197578443623868861234", "4030913443801306677836772240222040839" ] }, "id": "ASB-A-150706594-b696e83f", "source": "https://android.googlesource.com/platform/external/v8/+/cb30bc6720cb3864d1a9f9c55b7d53ab2d9a5f7a", "deprecated": false, "signature_version": "v1", "target": { "file": "src/heap/factory.cc" }, "signature_type": "Line" }, { "digest": { "length": 520.0, "function_hash": "7192812031616359559326099721272054014" }, "id": "ASB-A-150706594-d11d3b6d", "source": "https://android.googlesource.com/platform/external/v8/+/cb30bc6720cb3864d1a9f9c55b7d53ab2d9a5f7a", "deprecated": false, "signature_version": "v1", "target": { "file": "src/heap/factory.cc", "function": "Factory::NewFixedDoubleArray" }, "signature_type": "Function" } ], "fixes": [ "https://android.googlesource.com/platform/external/v8/+/cb30bc6720cb3864d1a9f9c55b7d53ab2d9a5f7a" ], "spl": "2020-08-01", "severity": "High", "types": [ "RCE" ] }