In CryptoPlugin::decrypt of CryptoPlugin.cpp, there is a possible out of bounds read due to integer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
{ "vanir_signatures": [ { "digest": { "threshold": 0.9, "line_hashes": [ "72604702727132455093240508622843862530", "285452902553993665142066946687343539874", "218531093682696242280487765664984289807", "216212382440762221775916728536235072685" ] }, "id": "ASB-A-176496160-32ddba8e", "source": "https://android.googlesource.com/platform/hardware/interfaces/+/072cdf233c02d1dc3eb8b2e20498675aea70c21d", "deprecated": false, "signature_version": "v1", "target": { "file": "drm/1.0/default/CryptoPlugin.cpp" }, "signature_type": "Line" } ], "fixes": [ "https://android.googlesource.com/platform/hardware/interfaces/+/072cdf233c02d1dc3eb8b2e20498675aea70c21d" ], "spl": "2021-04-01", "severity": "High", "types": [ "ID" ] }
{ "vanir_signatures": [ { "digest": { "length": 4061.0, "function_hash": "306052193088613669448213253568073320311" }, "id": "ASB-A-176496160-5babbc60", "source": "https://android.googlesource.com/platform/frameworks/av/+/a7dd68bd2ef09f4e38621e29fea55e59ffbc195b", "deprecated": false, "signature_version": "v1", "target": { "file": "drm/mediadrm/plugins/clearkey/hidl/CryptoPlugin.cpp", "function": "CryptoPlugin::decrypt" }, "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "72604702727132455093240508622843862530", "285452902553993665142066946687343539874", "218531093682696242280487765664984289807", "216212382440762221775916728536235072685" ] }, "id": "ASB-A-176496160-7ef6a42f", "source": "https://android.googlesource.com/platform/frameworks/av/+/a7dd68bd2ef09f4e38621e29fea55e59ffbc195b", "deprecated": false, "signature_version": "v1", "target": { "file": "drm/mediadrm/plugins/clearkey/hidl/CryptoPlugin.cpp" }, "signature_type": "Line" } ], "fixes": [ "https://android.googlesource.com/platform/frameworks/av/+/a7dd68bd2ef09f4e38621e29fea55e59ffbc195b" ], "spl": "2021-04-01", "severity": "High", "types": [ "ID" ] }
{ "vanir_signatures": [ { "digest": { "threshold": 0.9, "line_hashes": [ "72604702727132455093240508622843862530", "285452902553993665142066946687343539874", "218531093682696242280487765664984289807", "216212382440762221775916728536235072685" ] }, "id": "ASB-A-176496160-9eefa05b", "source": "https://android.googlesource.com/platform/hardware/interfaces/+/c9b5693c7f024a6b0c7fc59123dbc313ecbf6e9b", "deprecated": false, "signature_version": "v1", "target": { "file": "drm/1.0/default/CryptoPlugin.cpp" }, "signature_type": "Line" } ], "fixes": [ "https://android.googlesource.com/platform/hardware/interfaces/+/c9b5693c7f024a6b0c7fc59123dbc313ecbf6e9b" ], "spl": "2021-04-01", "severity": "High", "types": [ "ID" ] }
{ "vanir_signatures": [ { "digest": { "threshold": 0.9, "line_hashes": [ "322851236290323917175235985476814994833", "333424594500798816566744926216353382181", "37501043312926675037699351634321821112", "177838551671140028423684870174218129777" ] }, "id": "ASB-A-176496160-8aab6022", "source": "https://android.googlesource.com/platform/frameworks/av/+/9bae1251cfbc6fde87896bf1264dd0bbded7c5e5", "deprecated": false, "signature_version": "v1", "target": { "file": "drm/mediadrm/plugins/clearkey/hidl/CryptoPlugin.cpp" }, "signature_type": "Line" }, { "digest": { "length": 4064.0, "function_hash": "48593166569661308537903166270456012967" }, "id": "ASB-A-176496160-fbb23613", "source": "https://android.googlesource.com/platform/frameworks/av/+/9bae1251cfbc6fde87896bf1264dd0bbded7c5e5", "deprecated": false, "signature_version": "v1", "target": { "file": "drm/mediadrm/plugins/clearkey/hidl/CryptoPlugin.cpp", "function": "CryptoPlugin::decrypt_1_2" }, "signature_type": "Function" } ], "fixes": [ "https://android.googlesource.com/platform/frameworks/av/+/9bae1251cfbc6fde87896bf1264dd0bbded7c5e5" ], "spl": "2021-04-01", "severity": "High", "types": [ "ID" ] }
{ "vanir_signatures": [ { "digest": { "threshold": 0.9, "line_hashes": [ "72604702727132455093240508622843862530", "285452902553993665142066946687343539874", "218531093682696242280487765664984289807", "216212382440762221775916728536235072685" ] }, "id": "ASB-A-176496160-0bf29b56", "source": "https://android.googlesource.com/platform/hardware/interfaces/+/c14f262876818498b3ca77f1d6df9d4fb7e77b1c", "deprecated": false, "signature_version": "v1", "target": { "file": "drm/1.0/default/CryptoPlugin.cpp" }, "signature_type": "Line" } ], "fixes": [ "https://android.googlesource.com/platform/hardware/interfaces/+/c14f262876818498b3ca77f1d6df9d4fb7e77b1c" ], "spl": "2021-04-01", "severity": "High", "types": [ "ID" ] }
{ "vanir_signatures": [ { "digest": { "threshold": 0.9, "line_hashes": [ "322851236290323917175235985476814994833", "333424594500798816566744926216353382181", "37501043312926675037699351634321821112", "177838551671140028423684870174218129777" ] }, "id": "ASB-A-176496160-5c8b2f43", "source": "https://android.googlesource.com/platform/frameworks/av/+/9bae1251cfbc6fde87896bf1264dd0bbded7c5e5", "deprecated": false, "signature_version": "v1", "target": { "file": "drm/mediadrm/plugins/clearkey/hidl/CryptoPlugin.cpp" }, "signature_type": "Line" }, { "digest": { "length": 4064.0, "function_hash": "48593166569661308537903166270456012967" }, "id": "ASB-A-176496160-7fe20305", "source": "https://android.googlesource.com/platform/frameworks/av/+/9bae1251cfbc6fde87896bf1264dd0bbded7c5e5", "deprecated": false, "signature_version": "v1", "target": { "file": "drm/mediadrm/plugins/clearkey/hidl/CryptoPlugin.cpp", "function": "CryptoPlugin::decrypt_1_2" }, "signature_type": "Function" } ], "fixes": [ "https://android.googlesource.com/platform/frameworks/av/+/9bae1251cfbc6fde87896bf1264dd0bbded7c5e5" ], "spl": "2021-04-01", "severity": "High", "types": [ "ID" ] }
{ "vanir_signatures": [ { "digest": { "threshold": 0.9, "line_hashes": [ "72604702727132455093240508622843862530", "285452902553993665142066946687343539874", "218531093682696242280487765664984289807", "216212382440762221775916728536235072685" ] }, "id": "ASB-A-176496160-f078ea71", "source": "https://android.googlesource.com/platform/hardware/interfaces/+/c14f262876818498b3ca77f1d6df9d4fb7e77b1c", "deprecated": false, "signature_version": "v1", "target": { "file": "drm/1.0/default/CryptoPlugin.cpp" }, "signature_type": "Line" } ], "fixes": [ "https://android.googlesource.com/platform/hardware/interfaces/+/c14f262876818498b3ca77f1d6df9d4fb7e77b1c" ], "spl": "2021-04-01", "severity": "High", "types": [ "ID" ] }