In decrypt12 of CryptoPlugin.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
{ "vanir_signatures": [ { "digest": { "threshold": 0.9, "line_hashes": [ "137378813570596590094778362080755671176", "90106377484174975455564131918402057136", "246524809232248934677036880304414481783", "154143101464377361727192659246603798336", "113084945922290690774573775275858985920", "331628084900826418848421835281485859915", "68990439568804655583011682940077539403", "152327495164168164380241693940353026773" ] }, "id": "ASB-A-176444622-725c17ef", "source": "https://android.googlesource.com/platform/hardware/interfaces/+/d468101f149e30bc4ec5105555973d4ed8b4e009", "deprecated": false, "signature_version": "v1", "target": { "file": "drm/1.0/default/CryptoPlugin.cpp" }, "signature_type": "Line" } ], "fixes": [ "https://android.googlesource.com/platform/hardware/interfaces/+/d468101f149e30bc4ec5105555973d4ed8b4e009" ], "spl": "2021-06-01", "severity": "High", "types": [ "EoP" ] }
{ "vanir_signatures": [ { "digest": { "length": 4173.0, "function_hash": "68259926958128311778129082746027067165" }, "id": "ASB-A-176444622-a29c37fd", "source": "https://android.googlesource.com/platform/frameworks/av/+/a44d24476226d92ab66e3573ed613ddc555172ff", "deprecated": false, "signature_version": "v1", "target": { "file": "drm/mediadrm/plugins/clearkey/hidl/CryptoPlugin.cpp", "function": "CryptoPlugin::decrypt" }, "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "224106305415867355946096070495053294470", "152429897004112786606571710302394375068", "134883749357658149370915030570652469906", "152327495164168164380241693940353026773", "179954984451917713031089792380648662350", "264298949911011163485260866338663751604", "182509013215656757272313039702013762214", "79868785389749169529183912015347522416" ] }, "id": "ASB-A-176444622-ac06fda4", "source": "https://android.googlesource.com/platform/frameworks/av/+/a44d24476226d92ab66e3573ed613ddc555172ff", "deprecated": false, "signature_version": "v1", "target": { "file": "drm/mediadrm/plugins/clearkey/hidl/CryptoPlugin.cpp" }, "signature_type": "Line" } ], "fixes": [ "https://android.googlesource.com/platform/frameworks/av/+/a44d24476226d92ab66e3573ed613ddc555172ff" ], "spl": "2021-06-01", "severity": "High", "types": [ "EoP" ] }
{ "vanir_signatures": [ { "digest": { "threshold": 0.9, "line_hashes": [ "137378813570596590094778362080755671176", "90106377484174975455564131918402057136", "246524809232248934677036880304414481783", "154143101464377361727192659246603798336", "113084945922290690774573775275858985920", "331628084900826418848421835281485859915", "68990439568804655583011682940077539403", "152327495164168164380241693940353026773", "326535734156762876726196237194443882500", "335596279074292283518826108667747081538", "75913187668697301781522012737457200670", "128321274538814115532472178115114263168" ] }, "id": "ASB-A-176444622-49bcdb3f", "source": "https://android.googlesource.com/platform/hardware/interfaces/+/ff537c8516e1f8be96264d3c5db3ac084e307566", "deprecated": false, "signature_version": "v1", "target": { "file": "drm/1.0/default/CryptoPlugin.cpp" }, "signature_type": "Line" } ], "fixes": [ "https://android.googlesource.com/platform/hardware/interfaces/+/ff537c8516e1f8be96264d3c5db3ac084e307566" ], "spl": "2021-06-01", "severity": "High", "types": [ "EoP" ] }
{ "vanir_signatures": [ { "digest": { "threshold": 0.9, "line_hashes": [ "224106305415867355946096070495053294470", "61914207677528524866476737762295053136", "234058767390099327305618880344336618187", "298101867695329982703361566339176402876", "206400793694344726629374785358298641053", "264298949911011163485260866338663751604", "182509013215656757272313039702013762214", "79868785389749169529183912015347522416" ] }, "id": "ASB-A-176444622-1d50cb6c", "source": "https://android.googlesource.com/platform/frameworks/av/+/3c9044cdef93c7c611118424f31448d618cc9da3", "deprecated": false, "signature_version": "v1", "target": { "file": "drm/mediadrm/plugins/clearkey/hidl/CryptoPlugin.cpp" }, "signature_type": "Line" }, { "digest": { "length": 4176.0, "function_hash": "33642656514070477647385361666684744139" }, "id": "ASB-A-176444622-2797e8bc", "source": "https://android.googlesource.com/platform/frameworks/av/+/3c9044cdef93c7c611118424f31448d618cc9da3", "deprecated": false, "signature_version": "v1", "target": { "file": "drm/mediadrm/plugins/clearkey/hidl/CryptoPlugin.cpp", "function": "CryptoPlugin::decrypt_1_2" }, "signature_type": "Function" } ], "fixes": [ "https://android.googlesource.com/platform/frameworks/av/+/3c9044cdef93c7c611118424f31448d618cc9da3" ], "spl": "2021-06-01", "severity": "High", "types": [ "EoP" ] }
{ "vanir_signatures": [ { "digest": { "threshold": 0.9, "line_hashes": [ "137378813570596590094778362080755671176", "90106377484174975455564131918402057136", "246524809232248934677036880304414481783", "154143101464377361727192659246603798336", "113084945922290690774573775275858985920", "331628084900826418848421835281485859915", "68990439568804655583011682940077539403", "152327495164168164380241693940353026773", "326535734156762876726196237194443882500", "335596279074292283518826108667747081538", "75913187668697301781522012737457200670", "128321274538814115532472178115114263168" ] }, "id": "ASB-A-176444622-df24bb4a", "source": "https://android.googlesource.com/platform/hardware/interfaces/+/a6e551feef4e5faeec9ecc6b287eeade751e7f8b", "deprecated": false, "signature_version": "v1", "target": { "file": "drm/1.0/default/CryptoPlugin.cpp" }, "signature_type": "Line" } ], "fixes": [ "https://android.googlesource.com/platform/hardware/interfaces/+/a6e551feef4e5faeec9ecc6b287eeade751e7f8b" ], "spl": "2021-06-01", "severity": "High", "types": [ "EoP" ] }
{ "vanir_signatures": [ { "digest": { "threshold": 0.9, "line_hashes": [ "224106305415867355946096070495053294470", "61914207677528524866476737762295053136", "234058767390099327305618880344336618187", "298101867695329982703361566339176402876", "206400793694344726629374785358298641053", "264298949911011163485260866338663751604", "182509013215656757272313039702013762214", "79868785389749169529183912015347522416" ] }, "id": "ASB-A-176444622-8e66b279", "source": "https://android.googlesource.com/platform/frameworks/av/+/49c0fe413ceb2e0cef356d2738d63bb873845e04", "deprecated": false, "signature_version": "v1", "target": { "file": "drm/mediadrm/plugins/clearkey/hidl/CryptoPlugin.cpp" }, "signature_type": "Line" }, { "digest": { "length": 4176.0, "function_hash": "33642656514070477647385361666684744139" }, "id": "ASB-A-176444622-b400cf65", "source": "https://android.googlesource.com/platform/frameworks/av/+/49c0fe413ceb2e0cef356d2738d63bb873845e04", "deprecated": false, "signature_version": "v1", "target": { "file": "drm/mediadrm/plugins/clearkey/hidl/CryptoPlugin.cpp", "function": "CryptoPlugin::decrypt_1_2" }, "signature_type": "Function" } ], "fixes": [ "https://android.googlesource.com/platform/frameworks/av/+/49c0fe413ceb2e0cef356d2738d63bb873845e04" ], "spl": "2021-06-01", "severity": "High", "types": [ "EoP" ] }
{ "vanir_signatures": [ { "digest": { "threshold": 0.9, "line_hashes": [ "137378813570596590094778362080755671176", "90106377484174975455564131918402057136", "246524809232248934677036880304414481783", "154143101464377361727192659246603798336", "113084945922290690774573775275858985920", "331628084900826418848421835281485859915", "68990439568804655583011682940077539403", "152327495164168164380241693940353026773", "326535734156762876726196237194443882500", "335596279074292283518826108667747081538", "75913187668697301781522012737457200670", "128321274538814115532472178115114263168" ] }, "id": "ASB-A-176444622-70bab501", "source": "https://android.googlesource.com/platform/hardware/interfaces/+/9191787d0e73712608eff22fca9aea9480d4691e", "deprecated": false, "signature_version": "v1", "target": { "file": "drm/1.0/default/CryptoPlugin.cpp" }, "signature_type": "Line" } ], "fixes": [ "https://android.googlesource.com/platform/hardware/interfaces/+/9191787d0e73712608eff22fca9aea9480d4691e" ], "spl": "2021-06-01", "severity": "High", "types": [ "EoP" ] }