In noteAtomLogged of StatsdStats.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
{ "vanir_signatures": [ { "digest": { "threshold": 0.9, "line_hashes": [ "218310578500860490201991856156648074464", "128334360977750043425148833435883507242", "281155686375625775178797248971093424426", "306409085174042533954256400091166333161" ] }, "id": "ASB-A-187957589-d540ce13", "source": "https://android.googlesource.com/platform/frameworks/base/+/7f9b0a9fb0f5f1fff9243af7472f0a25cf7af23e", "deprecated": false, "signature_version": "v1", "target": { "file": "cmds/statsd/src/guardrail/StatsdStats.cpp" }, "signature_type": "Line" }, { "digest": { "length": 265.0, "function_hash": "212623113113335101165880882464320555763" }, "id": "ASB-A-187957589-f61f8556", "source": "https://android.googlesource.com/platform/frameworks/base/+/7f9b0a9fb0f5f1fff9243af7472f0a25cf7af23e", "deprecated": false, "signature_version": "v1", "target": { "file": "cmds/statsd/src/guardrail/StatsdStats.cpp", "function": "StatsdStats::noteAtomLogged" }, "signature_type": "Function" } ], "fixes": [ "https://android.googlesource.com/platform/frameworks/base/+/7f9b0a9fb0f5f1fff9243af7472f0a25cf7af23e" ], "spl": "2021-08-01", "severity": "High", "types": [ "EoP" ] }
{ "vanir_signatures": [ { "digest": { "length": 337.0, "function_hash": "16692253331091255899339569695148445352" }, "id": "ASB-A-187957589-a1b7500b", "source": "https://android.googlesource.com/platform/frameworks/base/+/b13b741a94a3d1fc85277de22644c62778bd3adc", "deprecated": false, "signature_version": "v1", "target": { "file": "cmds/statsd/src/guardrail/StatsdStats.cpp", "function": "StatsdStats::noteAtomLogged" }, "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "233745843382189759821355327949684258202", "290326730571959422592367587925063738855", "76205152548751388425430597755509979065", "183090020580011612459726398641070241911", "82802511456297941982137811718988298212", "250979201520337539637457224109691230305" ] }, "id": "ASB-A-187957589-c98e7ea9", "source": "https://android.googlesource.com/platform/frameworks/base/+/b13b741a94a3d1fc85277de22644c62778bd3adc", "deprecated": false, "signature_version": "v1", "target": { "file": "cmds/statsd/src/guardrail/StatsdStats.cpp" }, "signature_type": "Line" } ], "fixes": [ "https://android.googlesource.com/platform/frameworks/base/+/b13b741a94a3d1fc85277de22644c62778bd3adc" ], "spl": "2021-08-01", "severity": "High", "types": [ "EoP" ] }
{ "vanir_signatures": [ { "digest": { "length": 318.0, "function_hash": "334978686990845983360367193933320524345" }, "id": "ASB-A-187957589-167b3202", "source": "https://android.googlesource.com/platform/frameworks/base/+/cc0bba36c7c326e2fb75f1531547d2ed861d392c", "deprecated": false, "signature_version": "v1", "target": { "file": "cmds/statsd/src/guardrail/StatsdStats.cpp", "function": "StatsdStats::noteAtomLogged" }, "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "286429898787765940536258522979636683682", "67407610229995922092322167304233295542", "42689763493395915227063805515031163171", "73263904811897422185702818048666410956", "82802511456297941982137811718988298212", "250979201520337539637457224109691230305" ] }, "id": "ASB-A-187957589-44902f22", "source": "https://android.googlesource.com/platform/frameworks/base/+/cc0bba36c7c326e2fb75f1531547d2ed861d392c", "deprecated": false, "signature_version": "v1", "target": { "file": "cmds/statsd/src/guardrail/StatsdStats.cpp" }, "signature_type": "Line" } ], "fixes": [ "https://android.googlesource.com/platform/frameworks/base/+/cc0bba36c7c326e2fb75f1531547d2ed861d392c" ], "spl": "2021-08-01", "severity": "High", "types": [ "EoP" ] }