ASB-A-185259758

See a problem?
Import Source
https://storage.googleapis.com/android-osv/ASB-A-185259758.json
JSON Data
https://api.osv.dev/v1/vulns/ASB-A-185259758
Aliases
  • A-185259758
  • CVE-2021-0587
Published
2021-07-01T00:00:00Z
Modified
2024-08-07T19:29:30.569583Z
Summary
android.hardware.audio-service - some potential related Thread UAFs
Details

In StreamOut::prepareForWriting of StreamOut.cpp, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

References

Affected packages

Android / platform/hardware/interfaces

Affected ranges

Type
ECOSYSTEM
Events
Introduced
8.1:0
Fixed
8.1:2021-07-01

Affected versions

8.*

8.1

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 2677.0,
                "function_hash": "150287074750092993895519176907219701872"
            },
            "id": "ASB-A-185259758-0fbdebc6",
            "source": "https://android.googlesource.com/platform/hardware/interfaces/+/bd78085f08d5e342a1e0b02dde7a25832c2dd62e",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "audio/2.0/default/StreamIn.cpp",
                "function": "StreamIn::prepareForReading"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 2682.0,
                "function_hash": "254011858101809659284666545372006760443"
            },
            "id": "ASB-A-185259758-8f302fcd",
            "source": "https://android.googlesource.com/platform/hardware/interfaces/+/bd78085f08d5e342a1e0b02dde7a25832c2dd62e",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "audio/2.0/default/StreamOut.cpp",
                "function": "StreamOut::prepareForWriting"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "48444534803010304391178084107537918840",
                    "120361034126201748981816090137706395303",
                    "268632988093653491463288490963889884234",
                    "57266829813809952502325317997264172566",
                    "249956254231897287438454395230771906409",
                    "8506609035840382798536621936751063676",
                    "329410127137314649785162139202405352179",
                    "101519279898043915004061375592926133028",
                    "192467788290305551192862302864771667757",
                    "336315337574927840822360651599599001216"
                ]
            },
            "id": "ASB-A-185259758-a1dab2f8",
            "source": "https://android.googlesource.com/platform/hardware/interfaces/+/bd78085f08d5e342a1e0b02dde7a25832c2dd62e",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "audio/2.0/default/StreamOut.cpp"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "224965953965169143226339804704780514565",
                    "166011243923715033453011681497686537519",
                    "303399984315541761526670568588381923848",
                    "244351529794255956041340714409172066737",
                    "216049005460785330984390579428076912687",
                    "119281494285972587425045203610991021920",
                    "334832371707430806692781220287826763587",
                    "212523963463534970698245507789945341767",
                    "11978392291396371860852053166186842964",
                    "238558191351021168489765734321552550785"
                ]
            },
            "id": "ASB-A-185259758-b0093308",
            "source": "https://android.googlesource.com/platform/hardware/interfaces/+/bd78085f08d5e342a1e0b02dde7a25832c2dd62e",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "audio/2.0/default/StreamIn.cpp"
            },
            "signature_type": "Line"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/hardware/interfaces/+/bd78085f08d5e342a1e0b02dde7a25832c2dd62e"
    ],
    "spl": "2021-07-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}

Android / platform/hardware/interfaces

Affected ranges

Type
ECOSYSTEM
Events
Introduced
9:0
Fixed
9:2021-07-01

Affected versions

Other

9

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 2675.0,
                "function_hash": "255918426354636318680628364790253046642"
            },
            "id": "ASB-A-185259758-42ff3755",
            "source": "https://android.googlesource.com/platform/hardware/interfaces/+/9f6d6ae26c1f0a6d03fb8c035565a25104aa3c6d",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "audio/core/all-versions/default/include/core/all-versions/default/StreamOut.impl.h",
                "function": "StreamOut::prepareForWriting"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 2670.0,
                "function_hash": "211883823323125091210163251822555335533"
            },
            "id": "ASB-A-185259758-826a9129",
            "source": "https://android.googlesource.com/platform/hardware/interfaces/+/9f6d6ae26c1f0a6d03fb8c035565a25104aa3c6d",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "audio/core/all-versions/default/include/core/all-versions/default/StreamIn.impl.h",
                "function": "StreamIn::prepareForReading"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "82049381686152361061614341064218419157",
                    "150153266414077831987376832035850089296",
                    "303399984315541761526670568588381923848",
                    "244351529794255956041340714409172066737",
                    "241450331098341300467714119809573614805",
                    "232598074563814131137107305157821442624",
                    "334832371707430806692781220287826763587",
                    "212523963463534970698245507789945341767",
                    "11978392291396371860852053166186842964",
                    "238558191351021168489765734321552550785"
                ]
            },
            "id": "ASB-A-185259758-a6ca88ec",
            "source": "https://android.googlesource.com/platform/hardware/interfaces/+/9f6d6ae26c1f0a6d03fb8c035565a25104aa3c6d",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "audio/core/all-versions/default/include/core/all-versions/default/StreamIn.impl.h"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "8052375145255489442672186172377949482",
                    "89668748256686807740687131430442492588",
                    "268632988093653491463288490963889884234",
                    "57266829813809952502325317997264172566",
                    "149347499663769153555368385546620669734",
                    "190291235200606783331785644866240337398",
                    "329410127137314649785162139202405352179",
                    "101519279898043915004061375592926133028",
                    "192467788290305551192862302864771667757",
                    "336315337574927840822360651599599001216"
                ]
            },
            "id": "ASB-A-185259758-ed144c30",
            "source": "https://android.googlesource.com/platform/hardware/interfaces/+/9f6d6ae26c1f0a6d03fb8c035565a25104aa3c6d",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "audio/core/all-versions/default/include/core/all-versions/default/StreamOut.impl.h"
            },
            "signature_type": "Line"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/hardware/interfaces/+/9f6d6ae26c1f0a6d03fb8c035565a25104aa3c6d"
    ],
    "spl": "2021-07-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}

Android / platform/hardware/interfaces

Affected ranges

Type
ECOSYSTEM
Events
Introduced
10:0
Fixed
10:2021-07-01

Affected versions

Other

10

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 2675.0,
                "function_hash": "255918426354636318680628364790253046642"
            },
            "id": "ASB-A-185259758-0f6ce0a8",
            "source": "https://android.googlesource.com/platform/hardware/interfaces/+/7283cbe8cbb250fc42f0358d4ca4c94f3c32b344",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "audio/core/all-versions/default/StreamOut.cpp",
                "function": "StreamOut::prepareForWriting"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "82049381686152361061614341064218419157",
                    "150153266414077831987376832035850089296",
                    "303399984315541761526670568588381923848",
                    "244351529794255956041340714409172066737",
                    "241450331098341300467714119809573614805",
                    "232598074563814131137107305157821442624",
                    "334832371707430806692781220287826763587",
                    "212523963463534970698245507789945341767",
                    "11978392291396371860852053166186842964",
                    "238558191351021168489765734321552550785"
                ]
            },
            "id": "ASB-A-185259758-6fbed97e",
            "source": "https://android.googlesource.com/platform/hardware/interfaces/+/7283cbe8cbb250fc42f0358d4ca4c94f3c32b344",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "audio/core/all-versions/default/StreamIn.cpp"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "8052375145255489442672186172377949482",
                    "89668748256686807740687131430442492588",
                    "268632988093653491463288490963889884234",
                    "57266829813809952502325317997264172566",
                    "149347499663769153555368385546620669734",
                    "190291235200606783331785644866240337398",
                    "329410127137314649785162139202405352179",
                    "101519279898043915004061375592926133028",
                    "192467788290305551192862302864771667757",
                    "336315337574927840822360651599599001216"
                ]
            },
            "id": "ASB-A-185259758-a43a752b",
            "source": "https://android.googlesource.com/platform/hardware/interfaces/+/7283cbe8cbb250fc42f0358d4ca4c94f3c32b344",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "audio/core/all-versions/default/StreamOut.cpp"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 2670.0,
                "function_hash": "211883823323125091210163251822555335533"
            },
            "id": "ASB-A-185259758-ca750da3",
            "source": "https://android.googlesource.com/platform/hardware/interfaces/+/7283cbe8cbb250fc42f0358d4ca4c94f3c32b344",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "audio/core/all-versions/default/StreamIn.cpp",
                "function": "StreamIn::prepareForReading"
            },
            "signature_type": "Function"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/hardware/interfaces/+/7283cbe8cbb250fc42f0358d4ca4c94f3c32b344"
    ],
    "spl": "2021-07-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}

Android / platform/hardware/interfaces

Affected ranges

Type
ECOSYSTEM
Events
Introduced
11:0
Fixed
11:2021-07-01

Affected versions

Other

11

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "82049381686152361061614341064218419157",
                    "150153266414077831987376832035850089296",
                    "303399984315541761526670568588381923848",
                    "244351529794255956041340714409172066737",
                    "241450331098341300467714119809573614805",
                    "232598074563814131137107305157821442624",
                    "334832371707430806692781220287826763587",
                    "212523963463534970698245507789945341767",
                    "11978392291396371860852053166186842964",
                    "238558191351021168489765734321552550785"
                ]
            },
            "id": "ASB-A-185259758-0abd34fe",
            "source": "https://android.googlesource.com/platform/hardware/interfaces/+/7283cbe8cbb250fc42f0358d4ca4c94f3c32b344",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "audio/core/all-versions/default/StreamIn.cpp"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 2675.0,
                "function_hash": "255918426354636318680628364790253046642"
            },
            "id": "ASB-A-185259758-8ca13532",
            "source": "https://android.googlesource.com/platform/hardware/interfaces/+/7283cbe8cbb250fc42f0358d4ca4c94f3c32b344",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "audio/core/all-versions/default/StreamOut.cpp",
                "function": "StreamOut::prepareForWriting"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "8052375145255489442672186172377949482",
                    "89668748256686807740687131430442492588",
                    "268632988093653491463288490963889884234",
                    "57266829813809952502325317997264172566",
                    "149347499663769153555368385546620669734",
                    "190291235200606783331785644866240337398",
                    "329410127137314649785162139202405352179",
                    "101519279898043915004061375592926133028",
                    "192467788290305551192862302864771667757",
                    "336315337574927840822360651599599001216"
                ]
            },
            "id": "ASB-A-185259758-df2bf1b5",
            "source": "https://android.googlesource.com/platform/hardware/interfaces/+/7283cbe8cbb250fc42f0358d4ca4c94f3c32b344",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "audio/core/all-versions/default/StreamOut.cpp"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 2670.0,
                "function_hash": "211883823323125091210163251822555335533"
            },
            "id": "ASB-A-185259758-e6c23b77",
            "source": "https://android.googlesource.com/platform/hardware/interfaces/+/7283cbe8cbb250fc42f0358d4ca4c94f3c32b344",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "audio/core/all-versions/default/StreamIn.cpp",
                "function": "StreamIn::prepareForReading"
            },
            "signature_type": "Function"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/hardware/interfaces/+/7283cbe8cbb250fc42f0358d4ca4c94f3c32b344"
    ],
    "spl": "2021-07-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}