In clearPropValue of MediaAnalyticsItem.cpp, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the media server with no additional execution privileges needed. User interaction is not needed for exploitation.
{ "vanir_signatures": [ { "digest": { "length": 245.0, "function_hash": "119514076358916030166398816307305096955" }, "id": "ASB-A-151644303-1a868f09", "source": "https://android.googlesource.com/platform/frameworks/av/+/e5767553f55fb30d9d58ba211ec68e64a6266e52", "deprecated": false, "signature_version": "v1", "target": { "file": "media/libmediaplayerservice/nuplayer/NuPlayerDriver.cpp", "function": "NuPlayerDriver::~NuPlayerDriver" }, "signature_type": "Function" }, { "digest": { "length": 2130.0, "function_hash": "19970835269334683979683547178283901791" }, "id": "ASB-A-151644303-614cb9fb", "source": "https://android.googlesource.com/platform/frameworks/av/+/e5767553f55fb30d9d58ba211ec68e64a6266e52", "deprecated": false, "signature_version": "v1", "target": { "file": "media/libmediaplayerservice/nuplayer/NuPlayerDriver.cpp", "function": "NuPlayerDriver::updateMetrics" }, "signature_type": "Function" }, { "digest": { "length": 594.0, "function_hash": "16733455476364751386489623831865073483" }, "id": "ASB-A-151644303-66081494", "source": "https://android.googlesource.com/platform/frameworks/av/+/e5767553f55fb30d9d58ba211ec68e64a6266e52", "deprecated": false, "signature_version": "v1", "target": { "file": "media/libmediaplayerservice/nuplayer/NuPlayerDriver.cpp", "function": "NuPlayerDriver::logMetrics" }, "signature_type": "Function" }, { "digest": { "length": 181.0, "function_hash": "229611388859470585784565905170352380863" }, "id": "ASB-A-151644303-92f3590f", "source": "https://android.googlesource.com/platform/frameworks/av/+/e5767553f55fb30d9d58ba211ec68e64a6266e52", "deprecated": false, "signature_version": "v1", "target": { "file": "media/libmediaplayerservice/nuplayer/NuPlayerDriver.cpp", "function": "NuPlayerDriver::setUID" }, "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "285693742590668977864572485398167092788", "163354062488960643812532540975635500944", "149807217642544446754387382624414796857", "122005495037328633938150858824226178426" ] }, "id": "ASB-A-151644303-a6c8ee1f", "source": "https://android.googlesource.com/platform/frameworks/av/+/e5767553f55fb30d9d58ba211ec68e64a6266e52", "deprecated": false, "signature_version": "v1", "target": { "file": "media/libmediaplayerservice/nuplayer/NuPlayerDriver.h" }, "signature_type": "Line" }, { "digest": { "length": 1372.0, "function_hash": "338517978009753270771075971955006194024" }, "id": "ASB-A-151644303-cd553dfd", "source": "https://android.googlesource.com/platform/frameworks/av/+/e5767553f55fb30d9d58ba211ec68e64a6266e52", "deprecated": false, "signature_version": "v1", "target": { "file": "media/libmediaplayerservice/nuplayer/NuPlayerDriver.cpp", "function": "NuPlayerDriver::notifyListener_l" }, "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "68762050946771697909153949919300292353", "115136153507478749229531670102787782968", "57975181769065734848698804904215535020", "94985156930797785515687696151323669870", "215130344324707041168855055689814716577", "149444718171788907227940664294514945932", "283109304772066993894798419244945953654", "75540971250215794128160525218375513470", "79184933469946688309994126175862956930", "284370207654256253207498251055580374605", "158764811638399078070390527706018330785", "132960497475179756936280411028795213029", "90231484915474161111665324090744072697", "171434388312040294206175305564639900192", "317051119088722702455309269789605940045", "230375219837531452191070182776909129162", "203429538992895337513326144881183564460", "167553722907564739993014628430888159571", "201734540577200677347955937809129639032", "84837435922442434991123958438193803019", "332329815085618130380038266150578484591", "231641427403628256543074046836237567694", "285632608063057880088894693718025176312", "72957773220694104424787652424373743582", "276658915807023810039989049567380792692", "310914620801247333527217062202233634882", "29596156925072181809153800740039148252", "326618135817771068816859199940112541631", "132373818188828183485415184249574358212", "162270660663605029679584607000692223331", "223880047302031816845651769514361294768", "135582123997148526978912225769921059129", "94682963605914528154339593602898404304", "294781077198013897192040493756506891373", "162107980502403396874032718139266553473", "213717078337946846992035212692571629749", "329290485897673505570119194292763190506", "85005565345317875519306389160181804954", "103008366326069690208917903507325086265", "291842477210511642350752805904168934404", "335509452559260605908244674348832981680", "312074861960969291741538384139257579035", "256383471407669284505191812758180168435", "16851598889783919493885661792046389938" ] }, "id": "ASB-A-151644303-d43e41cd", "source": "https://android.googlesource.com/platform/frameworks/av/+/e5767553f55fb30d9d58ba211ec68e64a6266e52", "deprecated": false, "signature_version": "v1", "target": { "file": "media/libmediaplayerservice/nuplayer/NuPlayerDriver.cpp" }, "signature_type": "Line" }, { "digest": { "length": 257.0, "function_hash": "284467511168557220306610799003606564379" }, "id": "ASB-A-151644303-e2b472e6", "source": "https://android.googlesource.com/platform/frameworks/av/+/e5767553f55fb30d9d58ba211ec68e64a6266e52", "deprecated": false, "signature_version": "v1", "target": { "file": "media/libmediaplayerservice/nuplayer/NuPlayerDriver.cpp", "function": "NuPlayerDriver::getParameter" }, "signature_type": "Function" } ], "fixes": [ "https://android.googlesource.com/platform/frameworks/av/+/36a66d535b38245d386f2b5fd3ffbdcbbd0f3289", "https://android.googlesource.com/platform/frameworks/av/+/e5767553f55fb30d9d58ba211ec68e64a6266e52" ], "spl": "2020-08-01", "severity": "High", "types": [ "EoP" ] }
{ "vanir_signatures": [ { "digest": { "length": 245.0, "function_hash": "119514076358916030166398816307305096955" }, "id": "ASB-A-151644303-07b59800", "source": "https://android.googlesource.com/platform/frameworks/av/+/e5767553f55fb30d9d58ba211ec68e64a6266e52", "deprecated": false, "signature_version": "v1", "target": { "file": "media/libmediaplayerservice/nuplayer/NuPlayerDriver.cpp", "function": "NuPlayerDriver::~NuPlayerDriver" }, "signature_type": "Function" }, { "digest": { "length": 594.0, "function_hash": "16733455476364751386489623831865073483" }, "id": "ASB-A-151644303-41b89128", "source": "https://android.googlesource.com/platform/frameworks/av/+/e5767553f55fb30d9d58ba211ec68e64a6266e52", "deprecated": false, "signature_version": "v1", "target": { "file": "media/libmediaplayerservice/nuplayer/NuPlayerDriver.cpp", "function": "NuPlayerDriver::logMetrics" }, "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "285693742590668977864572485398167092788", "163354062488960643812532540975635500944", "149807217642544446754387382624414796857", "122005495037328633938150858824226178426" ] }, "id": "ASB-A-151644303-5527fbcc", "source": "https://android.googlesource.com/platform/frameworks/av/+/e5767553f55fb30d9d58ba211ec68e64a6266e52", "deprecated": false, "signature_version": "v1", "target": { "file": "media/libmediaplayerservice/nuplayer/NuPlayerDriver.h" }, "signature_type": "Line" }, { "digest": { "length": 1372.0, "function_hash": "338517978009753270771075971955006194024" }, "id": "ASB-A-151644303-8ddba030", "source": "https://android.googlesource.com/platform/frameworks/av/+/e5767553f55fb30d9d58ba211ec68e64a6266e52", "deprecated": false, "signature_version": "v1", "target": { "file": "media/libmediaplayerservice/nuplayer/NuPlayerDriver.cpp", "function": "NuPlayerDriver::notifyListener_l" }, "signature_type": "Function" }, { "digest": { "length": 181.0, "function_hash": "229611388859470585784565905170352380863" }, "id": "ASB-A-151644303-9e77a067", "source": "https://android.googlesource.com/platform/frameworks/av/+/e5767553f55fb30d9d58ba211ec68e64a6266e52", "deprecated": false, "signature_version": "v1", "target": { "file": "media/libmediaplayerservice/nuplayer/NuPlayerDriver.cpp", "function": "NuPlayerDriver::setUID" }, "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "68762050946771697909153949919300292353", "115136153507478749229531670102787782968", "57975181769065734848698804904215535020", "94985156930797785515687696151323669870", "215130344324707041168855055689814716577", "149444718171788907227940664294514945932", "283109304772066993894798419244945953654", "75540971250215794128160525218375513470", "79184933469946688309994126175862956930", "284370207654256253207498251055580374605", "158764811638399078070390527706018330785", "132960497475179756936280411028795213029", "90231484915474161111665324090744072697", "171434388312040294206175305564639900192", "317051119088722702455309269789605940045", "230375219837531452191070182776909129162", "203429538992895337513326144881183564460", "167553722907564739993014628430888159571", "201734540577200677347955937809129639032", "84837435922442434991123958438193803019", "332329815085618130380038266150578484591", "231641427403628256543074046836237567694", "285632608063057880088894693718025176312", "72957773220694104424787652424373743582", "276658915807023810039989049567380792692", "310914620801247333527217062202233634882", "29596156925072181809153800740039148252", "326618135817771068816859199940112541631", "132373818188828183485415184249574358212", "162270660663605029679584607000692223331", "223880047302031816845651769514361294768", "135582123997148526978912225769921059129", "94682963605914528154339593602898404304", "294781077198013897192040493756506891373", "162107980502403396874032718139266553473", "213717078337946846992035212692571629749", "329290485897673505570119194292763190506", "85005565345317875519306389160181804954", "103008366326069690208917903507325086265", "291842477210511642350752805904168934404", "335509452559260605908244674348832981680", "312074861960969291741538384139257579035", "256383471407669284505191812758180168435", "16851598889783919493885661792046389938" ] }, "id": "ASB-A-151644303-aa9ed9ba", "source": "https://android.googlesource.com/platform/frameworks/av/+/e5767553f55fb30d9d58ba211ec68e64a6266e52", "deprecated": false, "signature_version": "v1", "target": { "file": "media/libmediaplayerservice/nuplayer/NuPlayerDriver.cpp" }, "signature_type": "Line" }, { "digest": { "length": 257.0, "function_hash": "284467511168557220306610799003606564379" }, "id": "ASB-A-151644303-b48a8970", "source": "https://android.googlesource.com/platform/frameworks/av/+/e5767553f55fb30d9d58ba211ec68e64a6266e52", "deprecated": false, "signature_version": "v1", "target": { "file": "media/libmediaplayerservice/nuplayer/NuPlayerDriver.cpp", "function": "NuPlayerDriver::getParameter" }, "signature_type": "Function" }, { "digest": { "length": 2130.0, "function_hash": "19970835269334683979683547178283901791" }, "id": "ASB-A-151644303-dd56f3fa", "source": "https://android.googlesource.com/platform/frameworks/av/+/e5767553f55fb30d9d58ba211ec68e64a6266e52", "deprecated": false, "signature_version": "v1", "target": { "file": "media/libmediaplayerservice/nuplayer/NuPlayerDriver.cpp", "function": "NuPlayerDriver::updateMetrics" }, "signature_type": "Function" } ], "fixes": [ "https://android.googlesource.com/platform/frameworks/av/+/36a66d535b38245d386f2b5fd3ffbdcbbd0f3289", "https://android.googlesource.com/platform/frameworks/av/+/e5767553f55fb30d9d58ba211ec68e64a6266e52" ], "spl": "2020-08-01", "severity": "High", "types": [ "EoP" ] }
{ "vanir_signatures": [ { "digest": { "length": 245.0, "function_hash": "119514076358916030166398816307305096955" }, "id": "ASB-A-151644303-2ba22008", "source": "https://android.googlesource.com/platform/frameworks/av/+/e5767553f55fb30d9d58ba211ec68e64a6266e52", "deprecated": false, "signature_version": "v1", "target": { "file": "media/libmediaplayerservice/nuplayer/NuPlayerDriver.cpp", "function": "NuPlayerDriver::~NuPlayerDriver" }, "signature_type": "Function" }, { "digest": { "length": 594.0, "function_hash": "16733455476364751386489623831865073483" }, "id": "ASB-A-151644303-4a87abec", "source": "https://android.googlesource.com/platform/frameworks/av/+/e5767553f55fb30d9d58ba211ec68e64a6266e52", "deprecated": false, "signature_version": "v1", "target": { "file": "media/libmediaplayerservice/nuplayer/NuPlayerDriver.cpp", "function": "NuPlayerDriver::logMetrics" }, "signature_type": "Function" }, { "digest": { "length": 181.0, "function_hash": "229611388859470585784565905170352380863" }, "id": "ASB-A-151644303-87f49ea6", "source": "https://android.googlesource.com/platform/frameworks/av/+/e5767553f55fb30d9d58ba211ec68e64a6266e52", "deprecated": false, "signature_version": "v1", "target": { "file": "media/libmediaplayerservice/nuplayer/NuPlayerDriver.cpp", "function": "NuPlayerDriver::setUID" }, "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "285693742590668977864572485398167092788", "163354062488960643812532540975635500944", "149807217642544446754387382624414796857", "122005495037328633938150858824226178426" ] }, "id": "ASB-A-151644303-a06deb34", "source": "https://android.googlesource.com/platform/frameworks/av/+/e5767553f55fb30d9d58ba211ec68e64a6266e52", "deprecated": false, "signature_version": "v1", "target": { "file": "media/libmediaplayerservice/nuplayer/NuPlayerDriver.h" }, "signature_type": "Line" }, { "digest": { "length": 1372.0, "function_hash": "338517978009753270771075971955006194024" }, "id": "ASB-A-151644303-bf097827", "source": "https://android.googlesource.com/platform/frameworks/av/+/e5767553f55fb30d9d58ba211ec68e64a6266e52", "deprecated": false, "signature_version": "v1", "target": { "file": "media/libmediaplayerservice/nuplayer/NuPlayerDriver.cpp", "function": "NuPlayerDriver::notifyListener_l" }, "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "68762050946771697909153949919300292353", "115136153507478749229531670102787782968", "57975181769065734848698804904215535020", "94985156930797785515687696151323669870", "215130344324707041168855055689814716577", "149444718171788907227940664294514945932", "283109304772066993894798419244945953654", "75540971250215794128160525218375513470", "79184933469946688309994126175862956930", "284370207654256253207498251055580374605", "158764811638399078070390527706018330785", "132960497475179756936280411028795213029", "90231484915474161111665324090744072697", "171434388312040294206175305564639900192", "317051119088722702455309269789605940045", "230375219837531452191070182776909129162", "203429538992895337513326144881183564460", "167553722907564739993014628430888159571", "201734540577200677347955937809129639032", "84837435922442434991123958438193803019", "332329815085618130380038266150578484591", "231641427403628256543074046836237567694", "285632608063057880088894693718025176312", "72957773220694104424787652424373743582", "276658915807023810039989049567380792692", "310914620801247333527217062202233634882", "29596156925072181809153800740039148252", "326618135817771068816859199940112541631", "132373818188828183485415184249574358212", "162270660663605029679584607000692223331", "223880047302031816845651769514361294768", "135582123997148526978912225769921059129", "94682963605914528154339593602898404304", "294781077198013897192040493756506891373", "162107980502403396874032718139266553473", "213717078337946846992035212692571629749", "329290485897673505570119194292763190506", "85005565345317875519306389160181804954", "103008366326069690208917903507325086265", "291842477210511642350752805904168934404", "335509452559260605908244674348832981680", "312074861960969291741538384139257579035", "256383471407669284505191812758180168435", "16851598889783919493885661792046389938" ] }, "id": "ASB-A-151644303-cd5dd994", "source": "https://android.googlesource.com/platform/frameworks/av/+/e5767553f55fb30d9d58ba211ec68e64a6266e52", "deprecated": false, "signature_version": "v1", "target": { "file": "media/libmediaplayerservice/nuplayer/NuPlayerDriver.cpp" }, "signature_type": "Line" }, { "digest": { "length": 2130.0, "function_hash": "19970835269334683979683547178283901791" }, "id": "ASB-A-151644303-e08b6140", "source": "https://android.googlesource.com/platform/frameworks/av/+/e5767553f55fb30d9d58ba211ec68e64a6266e52", "deprecated": false, "signature_version": "v1", "target": { "file": "media/libmediaplayerservice/nuplayer/NuPlayerDriver.cpp", "function": "NuPlayerDriver::updateMetrics" }, "signature_type": "Function" }, { "digest": { "length": 257.0, "function_hash": "284467511168557220306610799003606564379" }, "id": "ASB-A-151644303-f4a1b189", "source": "https://android.googlesource.com/platform/frameworks/av/+/e5767553f55fb30d9d58ba211ec68e64a6266e52", "deprecated": false, "signature_version": "v1", "target": { "file": "media/libmediaplayerservice/nuplayer/NuPlayerDriver.cpp", "function": "NuPlayerDriver::getParameter" }, "signature_type": "Function" } ], "fixes": [ "https://android.googlesource.com/platform/frameworks/av/+/36a66d535b38245d386f2b5fd3ffbdcbbd0f3289", "https://android.googlesource.com/platform/frameworks/av/+/e5767553f55fb30d9d58ba211ec68e64a6266e52" ], "spl": "2020-08-01", "severity": "High", "types": [ "EoP" ] }
{ "vanir_signatures": [ { "digest": { "threshold": 0.9, "line_hashes": [ "285693742590668977864572485398167092788", "163354062488960643812532540975635500944", "149807217642544446754387382624414796857", "122005495037328633938150858824226178426" ] }, "id": "ASB-A-151644303-0dff7818", "source": "https://android.googlesource.com/platform/frameworks/av/+/e5767553f55fb30d9d58ba211ec68e64a6266e52", "deprecated": false, "signature_version": "v1", "target": { "file": "media/libmediaplayerservice/nuplayer/NuPlayerDriver.h" }, "signature_type": "Line" }, { "digest": { "threshold": 0.9, "line_hashes": [ "68762050946771697909153949919300292353", "115136153507478749229531670102787782968", "57975181769065734848698804904215535020", "94985156930797785515687696151323669870", "215130344324707041168855055689814716577", "149444718171788907227940664294514945932", "283109304772066993894798419244945953654", "75540971250215794128160525218375513470", "79184933469946688309994126175862956930", "284370207654256253207498251055580374605", "158764811638399078070390527706018330785", "132960497475179756936280411028795213029", "90231484915474161111665324090744072697", "171434388312040294206175305564639900192", "317051119088722702455309269789605940045", "230375219837531452191070182776909129162", "203429538992895337513326144881183564460", "167553722907564739993014628430888159571", "201734540577200677347955937809129639032", "84837435922442434991123958438193803019", "332329815085618130380038266150578484591", "231641427403628256543074046836237567694", "285632608063057880088894693718025176312", "72957773220694104424787652424373743582", "276658915807023810039989049567380792692", "310914620801247333527217062202233634882", "29596156925072181809153800740039148252", "326618135817771068816859199940112541631", "132373818188828183485415184249574358212", "162270660663605029679584607000692223331", "223880047302031816845651769514361294768", "135582123997148526978912225769921059129", "94682963605914528154339593602898404304", "294781077198013897192040493756506891373", "162107980502403396874032718139266553473", "213717078337946846992035212692571629749", "329290485897673505570119194292763190506", "85005565345317875519306389160181804954", "103008366326069690208917903507325086265", "291842477210511642350752805904168934404", "335509452559260605908244674348832981680", "312074861960969291741538384139257579035", "256383471407669284505191812758180168435", "16851598889783919493885661792046389938" ] }, "id": "ASB-A-151644303-561ed419", "source": "https://android.googlesource.com/platform/frameworks/av/+/e5767553f55fb30d9d58ba211ec68e64a6266e52", "deprecated": false, "signature_version": "v1", "target": { "file": "media/libmediaplayerservice/nuplayer/NuPlayerDriver.cpp" }, "signature_type": "Line" }, { "digest": { "length": 257.0, "function_hash": "284467511168557220306610799003606564379" }, "id": "ASB-A-151644303-56b003c2", "source": "https://android.googlesource.com/platform/frameworks/av/+/e5767553f55fb30d9d58ba211ec68e64a6266e52", "deprecated": false, "signature_version": "v1", "target": { "file": "media/libmediaplayerservice/nuplayer/NuPlayerDriver.cpp", "function": "NuPlayerDriver::getParameter" }, "signature_type": "Function" }, { "digest": { "length": 594.0, "function_hash": "16733455476364751386489623831865073483" }, "id": "ASB-A-151644303-666e5814", "source": "https://android.googlesource.com/platform/frameworks/av/+/e5767553f55fb30d9d58ba211ec68e64a6266e52", "deprecated": false, "signature_version": "v1", "target": { "file": "media/libmediaplayerservice/nuplayer/NuPlayerDriver.cpp", "function": "NuPlayerDriver::logMetrics" }, "signature_type": "Function" }, { "digest": { "length": 245.0, "function_hash": "119514076358916030166398816307305096955" }, "id": "ASB-A-151644303-73803652", "source": "https://android.googlesource.com/platform/frameworks/av/+/e5767553f55fb30d9d58ba211ec68e64a6266e52", "deprecated": false, "signature_version": "v1", "target": { "file": "media/libmediaplayerservice/nuplayer/NuPlayerDriver.cpp", "function": "NuPlayerDriver::~NuPlayerDriver" }, "signature_type": "Function" }, { "digest": { "length": 181.0, "function_hash": "229611388859470585784565905170352380863" }, "id": "ASB-A-151644303-d0375e91", "source": "https://android.googlesource.com/platform/frameworks/av/+/e5767553f55fb30d9d58ba211ec68e64a6266e52", "deprecated": false, "signature_version": "v1", "target": { "file": "media/libmediaplayerservice/nuplayer/NuPlayerDriver.cpp", "function": "NuPlayerDriver::setUID" }, "signature_type": "Function" }, { "digest": { "length": 2130.0, "function_hash": "19970835269334683979683547178283901791" }, "id": "ASB-A-151644303-dfef53e5", "source": "https://android.googlesource.com/platform/frameworks/av/+/e5767553f55fb30d9d58ba211ec68e64a6266e52", "deprecated": false, "signature_version": "v1", "target": { "file": "media/libmediaplayerservice/nuplayer/NuPlayerDriver.cpp", "function": "NuPlayerDriver::updateMetrics" }, "signature_type": "Function" }, { "digest": { "length": 1372.0, "function_hash": "338517978009753270771075971955006194024" }, "id": "ASB-A-151644303-fef864b9", "source": "https://android.googlesource.com/platform/frameworks/av/+/e5767553f55fb30d9d58ba211ec68e64a6266e52", "deprecated": false, "signature_version": "v1", "target": { "file": "media/libmediaplayerservice/nuplayer/NuPlayerDriver.cpp", "function": "NuPlayerDriver::notifyListener_l" }, "signature_type": "Function" } ], "fixes": [ "https://android.googlesource.com/platform/frameworks/av/+/36a66d535b38245d386f2b5fd3ffbdcbbd0f3289", "https://android.googlesource.com/platform/frameworks/av/+/e5767553f55fb30d9d58ba211ec68e64a6266e52" ], "spl": "2020-08-01", "severity": "High", "types": [ "EoP" ] }