In parseExclusiveStateAnnotation of LogEvent.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
{ "vanir_signatures": [ { "digest": { "length": 360.0, "function_hash": "188024527720341225668169443149594420673" }, "id": "ASB-A-174488848-1b169a3f", "source": "https://android.googlesource.com/platform/frameworks/base/+/53251a491faab1fb88e28b7cafe5913842b8d71d", "deprecated": false, "signature_version": "v1", "target": { "file": "cmds/statsd/src/logd/LogEvent.cpp", "function": "LogEvent::parseIsUidAnnotation" }, "signature_type": "Function" }, { "digest": { "length": 308.0, "function_hash": "175558666796953796107220613602050330302" }, "id": "ASB-A-174488848-407af62f", "source": "https://android.googlesource.com/platform/frameworks/base/+/53251a491faab1fb88e28b7cafe5913842b8d71d", "deprecated": false, "signature_version": "v1", "target": { "file": "cmds/statsd/src/logd/LogEvent.cpp", "function": "LogEvent::parsePrimaryFieldFirstUidAnnotation" }, "signature_type": "Function" }, { "digest": { "length": 728.0, "function_hash": "27933596714342811403091895685666575677" }, "id": "ASB-A-174488848-55386cee", "source": "https://android.googlesource.com/platform/frameworks/base/+/53251a491faab1fb88e28b7cafe5913842b8d71d", "deprecated": false, "signature_version": "v1", "target": { "file": "cmds/statsd/src/logd/LogEvent.cpp", "function": "LogEvent::parseAttributionChain" }, "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "45749945900986651682789447668107471330", "28869259496116186635508926806468558931", "160834301108951043881162725229594969326", "18874651716543263524434139933451271809", "203918327907375847094678183796057978731", "329971401263944470619549188024000808606", "55934563699274621057207141966045347719", "207866826045089815824017946649784574558", "110556709531097063407242079472807619929", "277499338303590650957135787045604223637", "146807033573007738003213150918496229092", "156380502050762537571943980764666516149", "280594966967257434157700784230914616702", "308198527780794404026347645098229454075", "73417190750867575356364092400627357371", "86096920714566775930946761854421095523", "248627709479850686139320298113134961657", "265510423570908768279337265549062139462", "199349127725739113474365462728514023771", "204757152196314333857303319276180467059", "229686488660786311839501590523233361937" ] }, "id": "ASB-A-174488848-6fe2a9fc", "source": "https://android.googlesource.com/platform/frameworks/base/+/53251a491faab1fb88e28b7cafe5913842b8d71d", "deprecated": false, "signature_version": "v1", "target": { "file": "cmds/statsd/src/logd/LogEvent.cpp" }, "signature_type": "Line" }, { "digest": { "threshold": 0.9, "line_hashes": [ "47235136532193763404419238827143392553", "53250033784873243882588688827608939735", "108587633537507210242609878158511307392" ] }, "id": "ASB-A-174488848-96e690e7", "source": "https://android.googlesource.com/platform/frameworks/base/+/53251a491faab1fb88e28b7cafe5913842b8d71d", "deprecated": false, "signature_version": "v1", "target": { "file": "cmds/statsd/tests/LogEvent_test.cpp" }, "signature_type": "Line" }, { "digest": { "length": 365.0, "function_hash": "26104577300647160386060994418956620013" }, "id": "ASB-A-174488848-c3ee23f3", "source": "https://android.googlesource.com/platform/frameworks/base/+/53251a491faab1fb88e28b7cafe5913842b8d71d", "deprecated": false, "signature_version": "v1", "target": { "file": "cmds/statsd/src/logd/LogEvent.cpp", "function": "LogEvent::parseExclusiveStateAnnotation" }, "signature_type": "Function" } ], "fixes": [ "https://android.googlesource.com/platform/frameworks/base/+/53251a491faab1fb88e28b7cafe5913842b8d71d" ], "spl": "2021-04-01", "severity": "High", "types": [ "EoP" ] }