In SPDIFEncoder::writeBurstBufferBytes and related methods of SPDIFEncoder.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.
{ "vanir_signatures": [ { "digest": { "length": 558.0, "function_hash": "40283338500318352106057796562783840058" }, "id": "ASB-A-160265164-022a8b9e", "source": "https://android.googlesource.com/platform/system/media/+/1f73a728ef4b6d7d350c0715bdb10d59e5b5f9be", "deprecated": false, "signature_version": "v1", "target": { "file": "audio_utils/spdif/SPDIFEncoder.cpp", "function": "SPDIFEncoder::writeBurstBufferBytes" }, "signature_type": "Function" }, { "digest": { "length": 346.0, "function_hash": "152344411935269315469663959082721260705" }, "id": "ASB-A-160265164-028efb4f", "source": "https://android.googlesource.com/platform/system/media/+/1f73a728ef4b6d7d350c0715bdb10d59e5b5f9be", "deprecated": false, "signature_version": "v1", "target": { "file": "audio_utils/spdif/FrameScanner.cpp", "function": "FrameScanner::FrameScanner" }, "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "315301970555212661788859622139306500805", "168697204251568400354506960495179210678", "80895717045175310121526219255663519912", "146924628090277811717398141731488444775" ] }, "id": "ASB-A-160265164-5e9e8a01", "source": "https://android.googlesource.com/platform/system/media/+/1f73a728ef4b6d7d350c0715bdb10d59e5b5f9be", "deprecated": false, "signature_version": "v1", "target": { "file": "audio_utils/spdif/AC3FrameScanner.cpp" }, "signature_type": "Line" }, { "digest": { "threshold": 0.9, "line_hashes": [ "259647612143021780756864891114490422070", "338966583500271550645993095945280475714", "166975676725632283786507085152741521388", "72542598289547325216051972627738719884" ] }, "id": "ASB-A-160265164-6a005e59", "source": "https://android.googlesource.com/platform/system/media/+/1f73a728ef4b6d7d350c0715bdb10d59e5b5f9be", "deprecated": false, "signature_version": "v1", "target": { "file": "audio_utils/spdif/FrameScanner.cpp" }, "signature_type": "Line" }, { "digest": { "length": 463.0, "function_hash": "198867948338260688667640693224304378116" }, "id": "ASB-A-160265164-6b82cf4d", "source": "https://android.googlesource.com/platform/system/media/+/1f73a728ef4b6d7d350c0715bdb10d59e5b5f9be", "deprecated": false, "signature_version": "v1", "target": { "file": "audio_utils/spdif/SPDIFEncoder.cpp", "function": "SPDIFEncoder::writeBurstBufferShorts" }, "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "187679534532922003488298009691619337962", "225568408312939496901254825816681984755", "54222241606213111868796631204216806726", "243491401206640026402001190439209616008" ] }, "id": "ASB-A-160265164-79cd6c81", "source": "https://android.googlesource.com/platform/system/media/+/1f73a728ef4b6d7d350c0715bdb10d59e5b5f9be", "deprecated": false, "signature_version": "v1", "target": { "file": "audio_utils/include/audio_utils/spdif/SPDIFEncoder.h" }, "signature_type": "Line" }, { "digest": { "threshold": 0.9, "line_hashes": [ "116260180557445152731375372260927407938", "240999438553051720422268165278963468858", "220454328048295003184939511476228529520", "122955241082936821703367825662335229870", "71440399534359075937454879324136479251", "153523124046872016221664299656387230368", "320787894413464901052806841291873545196", "305031154763767434497816781494489983739", "93855270680209134863646048469163735340", "231358582525871025274494118826583420282", "27932655956250264040654885415766795151", "117773412660877069179545257722081461451", "116072856469804973247980868881193873077", "96364832259155400500614241341566879589", "91763413602741681499901869674687381830", "294650949833413617306493182827969411921", "111231134370134772394636010813498334384", "21389326718305129660984196132099421180", "205101741412141249436009828536965103487", "102777344931951345505008751744690140450", "230914251777198549312521955300391845054", "301505372585215308336311254694392667239", "148793867279999665562700295334991249526", "121927239038078875635368735179720523562", "120664144019293849009686158440562036425", "240666162488096563104071619646642960319", "180635944635502272924575681960554159984" ] }, "id": "ASB-A-160265164-92410e9f", "source": "https://android.googlesource.com/platform/system/media/+/1f73a728ef4b6d7d350c0715bdb10d59e5b5f9be", "deprecated": false, "signature_version": "v1", "target": { "file": "audio_utils/spdif/SPDIFEncoder.cpp" }, "signature_type": "Line" }, { "digest": { "length": 2369.0, "function_hash": "278303449840606457413695327977492702142" }, "id": "ASB-A-160265164-98ef9734", "source": "https://android.googlesource.com/platform/system/media/+/1f73a728ef4b6d7d350c0715bdb10d59e5b5f9be", "deprecated": false, "signature_version": "v1", "target": { "file": "audio_utils/spdif/AC3FrameScanner.cpp", "function": "AC3FrameScanner::parseHeader" }, "signature_type": "Function" }, { "digest": { "length": 193.0, "function_hash": "117908441538651017328085137480633857167" }, "id": "ASB-A-160265164-a8848c21", "source": "https://android.googlesource.com/platform/system/media/+/1f73a728ef4b6d7d350c0715bdb10d59e5b5f9be", "deprecated": false, "signature_version": "v1", "target": { "file": "audio_utils/spdif/SPDIFEncoder.cpp", "function": "SPDIFEncoder::startSyncFrame" }, "signature_type": "Function" } ], "fixes": [ "https://android.googlesource.com/platform/system/media/+/4523a5863f7d8f449600e85e946cfdc9cff408b2", "https://android.googlesource.com/platform/system/media/+/1f73a728ef4b6d7d350c0715bdb10d59e5b5f9be" ], "spl": "2020-12-01", "severity": "Critical", "types": [ "RCE" ] }
{ "vanir_signatures": [ { "digest": { "threshold": 0.9, "line_hashes": [ "187679534532922003488298009691619337962", "225568408312939496901254825816681984755", "54222241606213111868796631204216806726", "243491401206640026402001190439209616008" ] }, "id": "ASB-A-160265164-19f1a923", "source": "https://android.googlesource.com/platform/system/media/+/1f73a728ef4b6d7d350c0715bdb10d59e5b5f9be", "deprecated": false, "signature_version": "v1", "target": { "file": "audio_utils/include/audio_utils/spdif/SPDIFEncoder.h" }, "signature_type": "Line" }, { "digest": { "length": 463.0, "function_hash": "198867948338260688667640693224304378116" }, "id": "ASB-A-160265164-1b30b3ee", "source": "https://android.googlesource.com/platform/system/media/+/1f73a728ef4b6d7d350c0715bdb10d59e5b5f9be", "deprecated": false, "signature_version": "v1", "target": { "file": "audio_utils/spdif/SPDIFEncoder.cpp", "function": "SPDIFEncoder::writeBurstBufferShorts" }, "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "116260180557445152731375372260927407938", "240999438553051720422268165278963468858", "220454328048295003184939511476228529520", "122955241082936821703367825662335229870", "71440399534359075937454879324136479251", "153523124046872016221664299656387230368", "320787894413464901052806841291873545196", "305031154763767434497816781494489983739", "93855270680209134863646048469163735340", "231358582525871025274494118826583420282", "27932655956250264040654885415766795151", "117773412660877069179545257722081461451", "116072856469804973247980868881193873077", "96364832259155400500614241341566879589", "91763413602741681499901869674687381830", "294650949833413617306493182827969411921", "111231134370134772394636010813498334384", "21389326718305129660984196132099421180", "205101741412141249436009828536965103487", "102777344931951345505008751744690140450", "230914251777198549312521955300391845054", "301505372585215308336311254694392667239", "148793867279999665562700295334991249526", "121927239038078875635368735179720523562", "120664144019293849009686158440562036425", "240666162488096563104071619646642960319", "180635944635502272924575681960554159984" ] }, "id": "ASB-A-160265164-2fbe9097", "source": "https://android.googlesource.com/platform/system/media/+/1f73a728ef4b6d7d350c0715bdb10d59e5b5f9be", "deprecated": false, "signature_version": "v1", "target": { "file": "audio_utils/spdif/SPDIFEncoder.cpp" }, "signature_type": "Line" }, { "digest": { "length": 193.0, "function_hash": "117908441538651017328085137480633857167" }, "id": "ASB-A-160265164-2fdcc2b6", "source": "https://android.googlesource.com/platform/system/media/+/1f73a728ef4b6d7d350c0715bdb10d59e5b5f9be", "deprecated": false, "signature_version": "v1", "target": { "file": "audio_utils/spdif/SPDIFEncoder.cpp", "function": "SPDIFEncoder::startSyncFrame" }, "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "259647612143021780756864891114490422070", "338966583500271550645993095945280475714", "166975676725632283786507085152741521388", "72542598289547325216051972627738719884" ] }, "id": "ASB-A-160265164-3191c5b0", "source": "https://android.googlesource.com/platform/system/media/+/1f73a728ef4b6d7d350c0715bdb10d59e5b5f9be", "deprecated": false, "signature_version": "v1", "target": { "file": "audio_utils/spdif/FrameScanner.cpp" }, "signature_type": "Line" }, { "digest": { "length": 346.0, "function_hash": "152344411935269315469663959082721260705" }, "id": "ASB-A-160265164-460eba28", "source": "https://android.googlesource.com/platform/system/media/+/1f73a728ef4b6d7d350c0715bdb10d59e5b5f9be", "deprecated": false, "signature_version": "v1", "target": { "file": "audio_utils/spdif/FrameScanner.cpp", "function": "FrameScanner::FrameScanner" }, "signature_type": "Function" }, { "digest": { "length": 2369.0, "function_hash": "278303449840606457413695327977492702142" }, "id": "ASB-A-160265164-4f9f1649", "source": "https://android.googlesource.com/platform/system/media/+/1f73a728ef4b6d7d350c0715bdb10d59e5b5f9be", "deprecated": false, "signature_version": "v1", "target": { "file": "audio_utils/spdif/AC3FrameScanner.cpp", "function": "AC3FrameScanner::parseHeader" }, "signature_type": "Function" }, { "digest": { "length": 558.0, "function_hash": "40283338500318352106057796562783840058" }, "id": "ASB-A-160265164-b9b7da6b", "source": "https://android.googlesource.com/platform/system/media/+/1f73a728ef4b6d7d350c0715bdb10d59e5b5f9be", "deprecated": false, "signature_version": "v1", "target": { "file": "audio_utils/spdif/SPDIFEncoder.cpp", "function": "SPDIFEncoder::writeBurstBufferBytes" }, "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "315301970555212661788859622139306500805", "168697204251568400354506960495179210678", "80895717045175310121526219255663519912", "146924628090277811717398141731488444775" ] }, "id": "ASB-A-160265164-da49bae2", "source": "https://android.googlesource.com/platform/system/media/+/1f73a728ef4b6d7d350c0715bdb10d59e5b5f9be", "deprecated": false, "signature_version": "v1", "target": { "file": "audio_utils/spdif/AC3FrameScanner.cpp" }, "signature_type": "Line" } ], "fixes": [ "https://android.googlesource.com/platform/system/media/+/4523a5863f7d8f449600e85e946cfdc9cff408b2", "https://android.googlesource.com/platform/system/media/+/1f73a728ef4b6d7d350c0715bdb10d59e5b5f9be" ], "spl": "2020-12-01", "severity": "Critical", "types": [ "RCE" ] }
{ "vanir_signatures": [ { "digest": { "length": 2369.0, "function_hash": "278303449840606457413695327977492702142" }, "id": "ASB-A-160265164-3ab285cb", "source": "https://android.googlesource.com/platform/system/media/+/1f73a728ef4b6d7d350c0715bdb10d59e5b5f9be", "deprecated": false, "signature_version": "v1", "target": { "file": "audio_utils/spdif/AC3FrameScanner.cpp", "function": "AC3FrameScanner::parseHeader" }, "signature_type": "Function" }, { "digest": { "length": 193.0, "function_hash": "117908441538651017328085137480633857167" }, "id": "ASB-A-160265164-3ac51b11", "source": "https://android.googlesource.com/platform/system/media/+/1f73a728ef4b6d7d350c0715bdb10d59e5b5f9be", "deprecated": false, "signature_version": "v1", "target": { "file": "audio_utils/spdif/SPDIFEncoder.cpp", "function": "SPDIFEncoder::startSyncFrame" }, "signature_type": "Function" }, { "digest": { "length": 346.0, "function_hash": "152344411935269315469663959082721260705" }, "id": "ASB-A-160265164-3ce32501", "source": "https://android.googlesource.com/platform/system/media/+/1f73a728ef4b6d7d350c0715bdb10d59e5b5f9be", "deprecated": false, "signature_version": "v1", "target": { "file": "audio_utils/spdif/FrameScanner.cpp", "function": "FrameScanner::FrameScanner" }, "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "187679534532922003488298009691619337962", "225568408312939496901254825816681984755", "54222241606213111868796631204216806726", "243491401206640026402001190439209616008" ] }, "id": "ASB-A-160265164-6d0f41ba", "source": "https://android.googlesource.com/platform/system/media/+/1f73a728ef4b6d7d350c0715bdb10d59e5b5f9be", "deprecated": false, "signature_version": "v1", "target": { "file": "audio_utils/include/audio_utils/spdif/SPDIFEncoder.h" }, "signature_type": "Line" }, { "digest": { "threshold": 0.9, "line_hashes": [ "116260180557445152731375372260927407938", "240999438553051720422268165278963468858", "220454328048295003184939511476228529520", "122955241082936821703367825662335229870", "71440399534359075937454879324136479251", "153523124046872016221664299656387230368", "320787894413464901052806841291873545196", "305031154763767434497816781494489983739", "93855270680209134863646048469163735340", "231358582525871025274494118826583420282", "27932655956250264040654885415766795151", "117773412660877069179545257722081461451", "116072856469804973247980868881193873077", "96364832259155400500614241341566879589", "91763413602741681499901869674687381830", "294650949833413617306493182827969411921", "111231134370134772394636010813498334384", "21389326718305129660984196132099421180", "205101741412141249436009828536965103487", "102777344931951345505008751744690140450", "230914251777198549312521955300391845054", "301505372585215308336311254694392667239", "148793867279999665562700295334991249526", "121927239038078875635368735179720523562", "120664144019293849009686158440562036425", "240666162488096563104071619646642960319", "180635944635502272924575681960554159984" ] }, "id": "ASB-A-160265164-91d55c6e", "source": "https://android.googlesource.com/platform/system/media/+/1f73a728ef4b6d7d350c0715bdb10d59e5b5f9be", "deprecated": false, "signature_version": "v1", "target": { "file": "audio_utils/spdif/SPDIFEncoder.cpp" }, "signature_type": "Line" }, { "digest": { "length": 558.0, "function_hash": "40283338500318352106057796562783840058" }, "id": "ASB-A-160265164-a6f74f32", "source": "https://android.googlesource.com/platform/system/media/+/1f73a728ef4b6d7d350c0715bdb10d59e5b5f9be", "deprecated": false, "signature_version": "v1", "target": { "file": "audio_utils/spdif/SPDIFEncoder.cpp", "function": "SPDIFEncoder::writeBurstBufferBytes" }, "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "259647612143021780756864891114490422070", "338966583500271550645993095945280475714", "166975676725632283786507085152741521388", "72542598289547325216051972627738719884" ] }, "id": "ASB-A-160265164-c4b267e7", "source": "https://android.googlesource.com/platform/system/media/+/1f73a728ef4b6d7d350c0715bdb10d59e5b5f9be", "deprecated": false, "signature_version": "v1", "target": { "file": "audio_utils/spdif/FrameScanner.cpp" }, "signature_type": "Line" }, { "digest": { "length": 463.0, "function_hash": "198867948338260688667640693224304378116" }, "id": "ASB-A-160265164-ecbab205", "source": "https://android.googlesource.com/platform/system/media/+/1f73a728ef4b6d7d350c0715bdb10d59e5b5f9be", "deprecated": false, "signature_version": "v1", "target": { "file": "audio_utils/spdif/SPDIFEncoder.cpp", "function": "SPDIFEncoder::writeBurstBufferShorts" }, "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "315301970555212661788859622139306500805", "168697204251568400354506960495179210678", "80895717045175310121526219255663519912", "146924628090277811717398141731488444775" ] }, "id": "ASB-A-160265164-ffd8b14a", "source": "https://android.googlesource.com/platform/system/media/+/1f73a728ef4b6d7d350c0715bdb10d59e5b5f9be", "deprecated": false, "signature_version": "v1", "target": { "file": "audio_utils/spdif/AC3FrameScanner.cpp" }, "signature_type": "Line" } ], "fixes": [ "https://android.googlesource.com/platform/system/media/+/4523a5863f7d8f449600e85e946cfdc9cff408b2", "https://android.googlesource.com/platform/system/media/+/1f73a728ef4b6d7d350c0715bdb10d59e5b5f9be" ], "spl": "2020-12-01", "severity": "Critical", "types": [ "RCE" ] }
{ "vanir_signatures": [ { "digest": { "threshold": 0.9, "line_hashes": [ "116260180557445152731375372260927407938", "240999438553051720422268165278963468858", "220454328048295003184939511476228529520", "122955241082936821703367825662335229870", "71440399534359075937454879324136479251", "153523124046872016221664299656387230368", "320787894413464901052806841291873545196", "305031154763767434497816781494489983739", "93855270680209134863646048469163735340", "231358582525871025274494118826583420282", "27932655956250264040654885415766795151", "117773412660877069179545257722081461451", "116072856469804973247980868881193873077", "96364832259155400500614241341566879589", "91763413602741681499901869674687381830", "294650949833413617306493182827969411921", "111231134370134772394636010813498334384", "21389326718305129660984196132099421180", "205101741412141249436009828536965103487", "102777344931951345505008751744690140450", "230914251777198549312521955300391845054", "301505372585215308336311254694392667239", "148793867279999665562700295334991249526", "121927239038078875635368735179720523562", "120664144019293849009686158440562036425", "240666162488096563104071619646642960319", "180635944635502272924575681960554159984" ] }, "id": "ASB-A-160265164-00608e33", "source": "https://android.googlesource.com/platform/system/media/+/1f73a728ef4b6d7d350c0715bdb10d59e5b5f9be", "deprecated": false, "signature_version": "v1", "target": { "file": "audio_utils/spdif/SPDIFEncoder.cpp" }, "signature_type": "Line" }, { "digest": { "length": 558.0, "function_hash": "40283338500318352106057796562783840058" }, "id": "ASB-A-160265164-07acacec", "source": "https://android.googlesource.com/platform/system/media/+/1f73a728ef4b6d7d350c0715bdb10d59e5b5f9be", "deprecated": false, "signature_version": "v1", "target": { "file": "audio_utils/spdif/SPDIFEncoder.cpp", "function": "SPDIFEncoder::writeBurstBufferBytes" }, "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "187679534532922003488298009691619337962", "225568408312939496901254825816681984755", "54222241606213111868796631204216806726", "243491401206640026402001190439209616008" ] }, "id": "ASB-A-160265164-0c39ec8e", "source": "https://android.googlesource.com/platform/system/media/+/1f73a728ef4b6d7d350c0715bdb10d59e5b5f9be", "deprecated": false, "signature_version": "v1", "target": { "file": "audio_utils/include/audio_utils/spdif/SPDIFEncoder.h" }, "signature_type": "Line" }, { "digest": { "length": 2369.0, "function_hash": "278303449840606457413695327977492702142" }, "id": "ASB-A-160265164-1f34c90d", "source": "https://android.googlesource.com/platform/system/media/+/1f73a728ef4b6d7d350c0715bdb10d59e5b5f9be", "deprecated": false, "signature_version": "v1", "target": { "file": "audio_utils/spdif/AC3FrameScanner.cpp", "function": "AC3FrameScanner::parseHeader" }, "signature_type": "Function" }, { "digest": { "length": 193.0, "function_hash": "117908441538651017328085137480633857167" }, "id": "ASB-A-160265164-3ad9c279", "source": "https://android.googlesource.com/platform/system/media/+/1f73a728ef4b6d7d350c0715bdb10d59e5b5f9be", "deprecated": false, "signature_version": "v1", "target": { "file": "audio_utils/spdif/SPDIFEncoder.cpp", "function": "SPDIFEncoder::startSyncFrame" }, "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "315301970555212661788859622139306500805", "168697204251568400354506960495179210678", "80895717045175310121526219255663519912", "146924628090277811717398141731488444775" ] }, "id": "ASB-A-160265164-6ea51a29", "source": "https://android.googlesource.com/platform/system/media/+/1f73a728ef4b6d7d350c0715bdb10d59e5b5f9be", "deprecated": false, "signature_version": "v1", "target": { "file": "audio_utils/spdif/AC3FrameScanner.cpp" }, "signature_type": "Line" }, { "digest": { "length": 463.0, "function_hash": "198867948338260688667640693224304378116" }, "id": "ASB-A-160265164-71a98843", "source": "https://android.googlesource.com/platform/system/media/+/1f73a728ef4b6d7d350c0715bdb10d59e5b5f9be", "deprecated": false, "signature_version": "v1", "target": { "file": "audio_utils/spdif/SPDIFEncoder.cpp", "function": "SPDIFEncoder::writeBurstBufferShorts" }, "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "259647612143021780756864891114490422070", "338966583500271550645993095945280475714", "166975676725632283786507085152741521388", "72542598289547325216051972627738719884" ] }, "id": "ASB-A-160265164-bc914504", "source": "https://android.googlesource.com/platform/system/media/+/1f73a728ef4b6d7d350c0715bdb10d59e5b5f9be", "deprecated": false, "signature_version": "v1", "target": { "file": "audio_utils/spdif/FrameScanner.cpp" }, "signature_type": "Line" }, { "digest": { "length": 346.0, "function_hash": "152344411935269315469663959082721260705" }, "id": "ASB-A-160265164-d24acb85", "source": "https://android.googlesource.com/platform/system/media/+/1f73a728ef4b6d7d350c0715bdb10d59e5b5f9be", "deprecated": false, "signature_version": "v1", "target": { "file": "audio_utils/spdif/FrameScanner.cpp", "function": "FrameScanner::FrameScanner" }, "signature_type": "Function" } ], "fixes": [ "https://android.googlesource.com/platform/system/media/+/4523a5863f7d8f449600e85e946cfdc9cff408b2", "https://android.googlesource.com/platform/system/media/+/1f73a728ef4b6d7d350c0715bdb10d59e5b5f9be" ], "spl": "2020-12-01", "severity": "Critical", "types": [ "RCE" ] }