In selinuxnetlinksend of hooks.c, there is a possible permission bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
{ "vanir_signatures": [ { "digest": { "threshold": 0.9, "line_hashes": [ "104471994260832224149867289291702729437", "15427858976643449928959236234597610935", "186273446759242020169706550879420399166", "260311420903135200131097256487986536940", "30316534737031797741665498459727086440", "59768788526619064205587924327545158311", "94873596465578995111353778953133629938", "303585053866067647902247540128843569967", "56390283915181291686015259113854169434", "101309589515819082738420247379541418092", "21331451479343323602527690615506825377", "137404570670346265436578355353855434061", "1089271003591064136852337787482746097", "147502935350520673131192937122125799028", "199067455425575587313322804101258795374", "306070861118505855178740525639601206601", "2044340355788310802725872039369865993", "240875287783363983639426169977464501507", "113481057044383204032358442910482441172", "316480780260237664049813370448149755763", "159499630207422466502666139146903776809", "284912077553191078609392431994033671118", "175944036750446049110050443385001942004", "64887305713650589439865403011214221170", "222298714953219898015816211759041773966", "149236663775179910675331326154544392915", "278206329369051238110270538459026182213", "258793471022636976607956655174183376240", "23018173293669035097053308146826687343", "335710941357812959271003027944281607194", "32258447577084968825761457825511118090" ] }, "id": "ASB-A-155485360-00b5d460", "source": "http://android.googlesource.com/kernel/common/+/fb73974172ff", "deprecated": false, "signature_version": "v1", "target": { "file": "security/selinux/hooks.c" }, "signature_type": "Line" }, { "digest": { "length": 778.0, "function_hash": "333914485971026804027125169973024446332" }, "id": "ASB-A-155485360-3d22c22a", "source": "http://android.googlesource.com/kernel/common/+/fb73974172ff", "deprecated": false, "signature_version": "v1", "target": { "file": "security/selinux/hooks.c", "function": "selinux_netlink_send" }, "signature_type": "Function" } ], "fixes": [ "http://android.googlesource.com/kernel/common/+/fb73974172ff" ], "spl": "2020-08-05", "severity": "High", "types": [ "EoP" ] }