In decrypt12 of CryptoPlugin.cpp, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
{ "vanir_signatures": [ { "digest": { "threshold": 0.9, "line_hashes": [ "72604702727132455093240508622843862530", "285452902553993665142066946687343539874", "218531093682696242280487765664984289807", "216212382440762221775916728536235072685" ] }, "id": "ASB-A-176444786-adfb5c33", "source": "https://android.googlesource.com/platform/hardware/interfaces/+/072cdf233c02d1dc3eb8b2e20498675aea70c21d", "deprecated": false, "signature_version": "v1", "target": { "file": "drm/1.0/default/CryptoPlugin.cpp" }, "signature_type": "Line" } ], "fixes": [ "https://android.googlesource.com/platform/hardware/interfaces/+/072cdf233c02d1dc3eb8b2e20498675aea70c21d" ], "spl": "2021-04-01", "severity": "High", "types": [ "ID" ] }
{ "vanir_signatures": [ { "digest": { "threshold": 0.9, "line_hashes": [ "72604702727132455093240508622843862530", "285452902553993665142066946687343539874", "218531093682696242280487765664984289807", "216212382440762221775916728536235072685" ] }, "id": "ASB-A-176444786-1676ef9a", "source": "https://android.googlesource.com/platform/frameworks/av/+/a7dd68bd2ef09f4e38621e29fea55e59ffbc195b", "deprecated": false, "signature_version": "v1", "target": { "file": "drm/mediadrm/plugins/clearkey/hidl/CryptoPlugin.cpp" }, "signature_type": "Line" }, { "digest": { "length": 4061.0, "function_hash": "306052193088613669448213253568073320311" }, "id": "ASB-A-176444786-dc29ed12", "source": "https://android.googlesource.com/platform/frameworks/av/+/a7dd68bd2ef09f4e38621e29fea55e59ffbc195b", "deprecated": false, "signature_version": "v1", "target": { "file": "drm/mediadrm/plugins/clearkey/hidl/CryptoPlugin.cpp", "function": "CryptoPlugin::decrypt" }, "signature_type": "Function" } ], "fixes": [ "https://android.googlesource.com/platform/frameworks/av/+/a7dd68bd2ef09f4e38621e29fea55e59ffbc195b" ], "spl": "2021-04-01", "severity": "High", "types": [ "ID" ] }
{ "vanir_signatures": [ { "digest": { "threshold": 0.9, "line_hashes": [ "72604702727132455093240508622843862530", "285452902553993665142066946687343539874", "218531093682696242280487765664984289807", "216212382440762221775916728536235072685" ] }, "id": "ASB-A-176444786-cc03fa12", "source": "https://android.googlesource.com/platform/hardware/interfaces/+/c9b5693c7f024a6b0c7fc59123dbc313ecbf6e9b", "deprecated": false, "signature_version": "v1", "target": { "file": "drm/1.0/default/CryptoPlugin.cpp" }, "signature_type": "Line" } ], "fixes": [ "https://android.googlesource.com/platform/hardware/interfaces/+/c9b5693c7f024a6b0c7fc59123dbc313ecbf6e9b" ], "spl": "2021-04-01", "severity": "High", "types": [ "ID" ] }
{ "vanir_signatures": [ { "digest": { "length": 4064.0, "function_hash": "48593166569661308537903166270456012967" }, "id": "ASB-A-176444786-40c9507b", "source": "https://android.googlesource.com/platform/frameworks/av/+/9bae1251cfbc6fde87896bf1264dd0bbded7c5e5", "deprecated": false, "signature_version": "v1", "target": { "file": "drm/mediadrm/plugins/clearkey/hidl/CryptoPlugin.cpp", "function": "CryptoPlugin::decrypt_1_2" }, "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "322851236290323917175235985476814994833", "333424594500798816566744926216353382181", "37501043312926675037699351634321821112", "177838551671140028423684870174218129777" ] }, "id": "ASB-A-176444786-d25e008b", "source": "https://android.googlesource.com/platform/frameworks/av/+/9bae1251cfbc6fde87896bf1264dd0bbded7c5e5", "deprecated": false, "signature_version": "v1", "target": { "file": "drm/mediadrm/plugins/clearkey/hidl/CryptoPlugin.cpp" }, "signature_type": "Line" } ], "fixes": [ "https://android.googlesource.com/platform/frameworks/av/+/9bae1251cfbc6fde87896bf1264dd0bbded7c5e5" ], "spl": "2021-04-01", "severity": "High", "types": [ "ID" ] }
{ "vanir_signatures": [ { "digest": { "threshold": 0.9, "line_hashes": [ "72604702727132455093240508622843862530", "285452902553993665142066946687343539874", "218531093682696242280487765664984289807", "216212382440762221775916728536235072685" ] }, "id": "ASB-A-176444786-3b3ebd8d", "source": "https://android.googlesource.com/platform/hardware/interfaces/+/c14f262876818498b3ca77f1d6df9d4fb7e77b1c", "deprecated": false, "signature_version": "v1", "target": { "file": "drm/1.0/default/CryptoPlugin.cpp" }, "signature_type": "Line" } ], "fixes": [ "https://android.googlesource.com/platform/hardware/interfaces/+/c14f262876818498b3ca77f1d6df9d4fb7e77b1c" ], "spl": "2021-04-01", "severity": "High", "types": [ "ID" ] }
{ "vanir_signatures": [ { "digest": { "length": 4064.0, "function_hash": "48593166569661308537903166270456012967" }, "id": "ASB-A-176444786-4979bd77", "source": "https://android.googlesource.com/platform/frameworks/av/+/9bae1251cfbc6fde87896bf1264dd0bbded7c5e5", "deprecated": false, "signature_version": "v1", "target": { "file": "drm/mediadrm/plugins/clearkey/hidl/CryptoPlugin.cpp", "function": "CryptoPlugin::decrypt_1_2" }, "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "322851236290323917175235985476814994833", "333424594500798816566744926216353382181", "37501043312926675037699351634321821112", "177838551671140028423684870174218129777" ] }, "id": "ASB-A-176444786-91c815ee", "source": "https://android.googlesource.com/platform/frameworks/av/+/9bae1251cfbc6fde87896bf1264dd0bbded7c5e5", "deprecated": false, "signature_version": "v1", "target": { "file": "drm/mediadrm/plugins/clearkey/hidl/CryptoPlugin.cpp" }, "signature_type": "Line" } ], "fixes": [ "https://android.googlesource.com/platform/frameworks/av/+/9bae1251cfbc6fde87896bf1264dd0bbded7c5e5" ], "spl": "2021-04-01", "severity": "High", "types": [ "ID" ] }
{ "vanir_signatures": [ { "digest": { "threshold": 0.9, "line_hashes": [ "72604702727132455093240508622843862530", "285452902553993665142066946687343539874", "218531093682696242280487765664984289807", "216212382440762221775916728536235072685" ] }, "id": "ASB-A-176444786-dd41ed02", "source": "https://android.googlesource.com/platform/hardware/interfaces/+/c14f262876818498b3ca77f1d6df9d4fb7e77b1c", "deprecated": false, "signature_version": "v1", "target": { "file": "drm/1.0/default/CryptoPlugin.cpp" }, "signature_type": "Line" } ], "fixes": [ "https://android.googlesource.com/platform/hardware/interfaces/+/c14f262876818498b3ca77f1d6df9d4fb7e77b1c" ], "spl": "2021-04-01", "severity": "High", "types": [ "ID" ] }