In StreamOut::prepareForWriting of StreamOut.cpp, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
{ "vanir_signatures": [ { "digest": { "length": 2677.0, "function_hash": "150287074750092993895519176907219701872" }, "id": "ASB-A-185259758-0fbdebc6", "source": "https://android.googlesource.com/platform/hardware/interfaces/+/bd78085f08d5e342a1e0b02dde7a25832c2dd62e", "deprecated": false, "signature_version": "v1", "target": { "file": "audio/2.0/default/StreamIn.cpp", "function": "StreamIn::prepareForReading" }, "signature_type": "Function" }, { "digest": { "length": 2682.0, "function_hash": "254011858101809659284666545372006760443" }, "id": "ASB-A-185259758-8f302fcd", "source": "https://android.googlesource.com/platform/hardware/interfaces/+/bd78085f08d5e342a1e0b02dde7a25832c2dd62e", "deprecated": false, "signature_version": "v1", "target": { "file": "audio/2.0/default/StreamOut.cpp", "function": "StreamOut::prepareForWriting" }, "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "48444534803010304391178084107537918840", "120361034126201748981816090137706395303", "268632988093653491463288490963889884234", "57266829813809952502325317997264172566", "249956254231897287438454395230771906409", "8506609035840382798536621936751063676", "329410127137314649785162139202405352179", "101519279898043915004061375592926133028", "192467788290305551192862302864771667757", "336315337574927840822360651599599001216" ] }, "id": "ASB-A-185259758-a1dab2f8", "source": "https://android.googlesource.com/platform/hardware/interfaces/+/bd78085f08d5e342a1e0b02dde7a25832c2dd62e", "deprecated": false, "signature_version": "v1", "target": { "file": "audio/2.0/default/StreamOut.cpp" }, "signature_type": "Line" }, { "digest": { "threshold": 0.9, "line_hashes": [ "224965953965169143226339804704780514565", "166011243923715033453011681497686537519", "303399984315541761526670568588381923848", "244351529794255956041340714409172066737", "216049005460785330984390579428076912687", "119281494285972587425045203610991021920", "334832371707430806692781220287826763587", "212523963463534970698245507789945341767", "11978392291396371860852053166186842964", "238558191351021168489765734321552550785" ] }, "id": "ASB-A-185259758-b0093308", "source": "https://android.googlesource.com/platform/hardware/interfaces/+/bd78085f08d5e342a1e0b02dde7a25832c2dd62e", "deprecated": false, "signature_version": "v1", "target": { "file": "audio/2.0/default/StreamIn.cpp" }, "signature_type": "Line" } ], "fixes": [ "https://android.googlesource.com/platform/hardware/interfaces/+/bd78085f08d5e342a1e0b02dde7a25832c2dd62e" ], "spl": "2021-07-01", "severity": "High", "types": [ "EoP" ] }
{ "vanir_signatures": [ { "digest": { "length": 2675.0, "function_hash": "255918426354636318680628364790253046642" }, "id": "ASB-A-185259758-42ff3755", "source": "https://android.googlesource.com/platform/hardware/interfaces/+/9f6d6ae26c1f0a6d03fb8c035565a25104aa3c6d", "deprecated": false, "signature_version": "v1", "target": { "file": "audio/core/all-versions/default/include/core/all-versions/default/StreamOut.impl.h", "function": "StreamOut::prepareForWriting" }, "signature_type": "Function" }, { "digest": { "length": 2670.0, "function_hash": "211883823323125091210163251822555335533" }, "id": "ASB-A-185259758-826a9129", "source": "https://android.googlesource.com/platform/hardware/interfaces/+/9f6d6ae26c1f0a6d03fb8c035565a25104aa3c6d", "deprecated": false, "signature_version": "v1", "target": { "file": "audio/core/all-versions/default/include/core/all-versions/default/StreamIn.impl.h", "function": "StreamIn::prepareForReading" }, "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "82049381686152361061614341064218419157", "150153266414077831987376832035850089296", "303399984315541761526670568588381923848", "244351529794255956041340714409172066737", "241450331098341300467714119809573614805", "232598074563814131137107305157821442624", "334832371707430806692781220287826763587", "212523963463534970698245507789945341767", "11978392291396371860852053166186842964", "238558191351021168489765734321552550785" ] }, "id": "ASB-A-185259758-a6ca88ec", "source": "https://android.googlesource.com/platform/hardware/interfaces/+/9f6d6ae26c1f0a6d03fb8c035565a25104aa3c6d", "deprecated": false, "signature_version": "v1", "target": { "file": "audio/core/all-versions/default/include/core/all-versions/default/StreamIn.impl.h" }, "signature_type": "Line" }, { "digest": { "threshold": 0.9, "line_hashes": [ "8052375145255489442672186172377949482", "89668748256686807740687131430442492588", "268632988093653491463288490963889884234", "57266829813809952502325317997264172566", "149347499663769153555368385546620669734", "190291235200606783331785644866240337398", "329410127137314649785162139202405352179", "101519279898043915004061375592926133028", "192467788290305551192862302864771667757", "336315337574927840822360651599599001216" ] }, "id": "ASB-A-185259758-ed144c30", "source": "https://android.googlesource.com/platform/hardware/interfaces/+/9f6d6ae26c1f0a6d03fb8c035565a25104aa3c6d", "deprecated": false, "signature_version": "v1", "target": { "file": "audio/core/all-versions/default/include/core/all-versions/default/StreamOut.impl.h" }, "signature_type": "Line" } ], "fixes": [ "https://android.googlesource.com/platform/hardware/interfaces/+/9f6d6ae26c1f0a6d03fb8c035565a25104aa3c6d" ], "spl": "2021-07-01", "severity": "High", "types": [ "EoP" ] }
{ "vanir_signatures": [ { "digest": { "length": 2675.0, "function_hash": "255918426354636318680628364790253046642" }, "id": "ASB-A-185259758-0f6ce0a8", "source": "https://android.googlesource.com/platform/hardware/interfaces/+/7283cbe8cbb250fc42f0358d4ca4c94f3c32b344", "deprecated": false, "signature_version": "v1", "target": { "file": "audio/core/all-versions/default/StreamOut.cpp", "function": "StreamOut::prepareForWriting" }, "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "82049381686152361061614341064218419157", "150153266414077831987376832035850089296", "303399984315541761526670568588381923848", "244351529794255956041340714409172066737", "241450331098341300467714119809573614805", "232598074563814131137107305157821442624", "334832371707430806692781220287826763587", "212523963463534970698245507789945341767", "11978392291396371860852053166186842964", "238558191351021168489765734321552550785" ] }, "id": "ASB-A-185259758-6fbed97e", "source": "https://android.googlesource.com/platform/hardware/interfaces/+/7283cbe8cbb250fc42f0358d4ca4c94f3c32b344", "deprecated": false, "signature_version": "v1", "target": { "file": "audio/core/all-versions/default/StreamIn.cpp" }, "signature_type": "Line" }, { "digest": { "threshold": 0.9, "line_hashes": [ "8052375145255489442672186172377949482", "89668748256686807740687131430442492588", "268632988093653491463288490963889884234", "57266829813809952502325317997264172566", "149347499663769153555368385546620669734", "190291235200606783331785644866240337398", "329410127137314649785162139202405352179", "101519279898043915004061375592926133028", "192467788290305551192862302864771667757", "336315337574927840822360651599599001216" ] }, "id": "ASB-A-185259758-a43a752b", "source": "https://android.googlesource.com/platform/hardware/interfaces/+/7283cbe8cbb250fc42f0358d4ca4c94f3c32b344", "deprecated": false, "signature_version": "v1", "target": { "file": "audio/core/all-versions/default/StreamOut.cpp" }, "signature_type": "Line" }, { "digest": { "length": 2670.0, "function_hash": "211883823323125091210163251822555335533" }, "id": "ASB-A-185259758-ca750da3", "source": "https://android.googlesource.com/platform/hardware/interfaces/+/7283cbe8cbb250fc42f0358d4ca4c94f3c32b344", "deprecated": false, "signature_version": "v1", "target": { "file": "audio/core/all-versions/default/StreamIn.cpp", "function": "StreamIn::prepareForReading" }, "signature_type": "Function" } ], "fixes": [ "https://android.googlesource.com/platform/hardware/interfaces/+/7283cbe8cbb250fc42f0358d4ca4c94f3c32b344" ], "spl": "2021-07-01", "severity": "High", "types": [ "EoP" ] }
{ "vanir_signatures": [ { "digest": { "threshold": 0.9, "line_hashes": [ "82049381686152361061614341064218419157", "150153266414077831987376832035850089296", "303399984315541761526670568588381923848", "244351529794255956041340714409172066737", "241450331098341300467714119809573614805", "232598074563814131137107305157821442624", "334832371707430806692781220287826763587", "212523963463534970698245507789945341767", "11978392291396371860852053166186842964", "238558191351021168489765734321552550785" ] }, "id": "ASB-A-185259758-0abd34fe", "source": "https://android.googlesource.com/platform/hardware/interfaces/+/7283cbe8cbb250fc42f0358d4ca4c94f3c32b344", "deprecated": false, "signature_version": "v1", "target": { "file": "audio/core/all-versions/default/StreamIn.cpp" }, "signature_type": "Line" }, { "digest": { "length": 2675.0, "function_hash": "255918426354636318680628364790253046642" }, "id": "ASB-A-185259758-8ca13532", "source": "https://android.googlesource.com/platform/hardware/interfaces/+/7283cbe8cbb250fc42f0358d4ca4c94f3c32b344", "deprecated": false, "signature_version": "v1", "target": { "file": "audio/core/all-versions/default/StreamOut.cpp", "function": "StreamOut::prepareForWriting" }, "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "8052375145255489442672186172377949482", "89668748256686807740687131430442492588", "268632988093653491463288490963889884234", "57266829813809952502325317997264172566", "149347499663769153555368385546620669734", "190291235200606783331785644866240337398", "329410127137314649785162139202405352179", "101519279898043915004061375592926133028", "192467788290305551192862302864771667757", "336315337574927840822360651599599001216" ] }, "id": "ASB-A-185259758-df2bf1b5", "source": "https://android.googlesource.com/platform/hardware/interfaces/+/7283cbe8cbb250fc42f0358d4ca4c94f3c32b344", "deprecated": false, "signature_version": "v1", "target": { "file": "audio/core/all-versions/default/StreamOut.cpp" }, "signature_type": "Line" }, { "digest": { "length": 2670.0, "function_hash": "211883823323125091210163251822555335533" }, "id": "ASB-A-185259758-e6c23b77", "source": "https://android.googlesource.com/platform/hardware/interfaces/+/7283cbe8cbb250fc42f0358d4ca4c94f3c32b344", "deprecated": false, "signature_version": "v1", "target": { "file": "audio/core/all-versions/default/StreamIn.cpp", "function": "StreamIn::prepareForReading" }, "signature_type": "Function" } ], "fixes": [ "https://android.googlesource.com/platform/hardware/interfaces/+/7283cbe8cbb250fc42f0358d4ca4c94f3c32b344" ], "spl": "2021-07-01", "severity": "High", "types": [ "EoP" ] }