In createFromParcel of OutputConfiguration.java, there is a possible parcel serialization/deserialization mismatch due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
{ "vanir_signatures": [ { "digest": { "length": 227.0, "function_hash": "76093156863976474586356531644141148758" }, "id": "ASB-A-188675581-24cefa87", "source": "https://android.googlesource.com/platform/frameworks/base/+/8a11538146d894264420d5baa554e3968496b020", "deprecated": false, "signature_version": "v1", "target": { "file": "core/java/android/hardware/camera2/params/VendorTagDescriptor.java", "function": "createFromParcel" }, "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "317483527648198509270140802827447531782", "223002703699211872129359134200179336438", "221450786313566647513099793628289661548", "313528256641003536810992463552861425957", "324427275809028332310722070584879438496", "177679753297519812690569650647470702063", "226482931100025291448174953009991502882", "10557001945486301106050378499633951520", "111106639122235668039694155904913124616", "171915954708776976830306371819336556732" ] }, "id": "ASB-A-188675581-59b56edc", "source": "https://android.googlesource.com/platform/frameworks/base/+/8a11538146d894264420d5baa554e3968496b020", "deprecated": false, "signature_version": "v1", "target": { "file": "core/java/android/hardware/camera2/params/OutputConfiguration.java" }, "signature_type": "Line" }, { "digest": { "threshold": 0.9, "line_hashes": [ "55948512943992732438289951357765895868", "63330846775195551209605279357996019631", "273408181363306553741003517302417019867", "323580076011241559958992004763198920291", "28705630028658975241407202452171672217", "134854737740638073177096359259814546084", "48690313245675545338122514461806755622", "253602079636673948349820405558010193493", "111106639122235668039694155904913124616", "92411138204201860379570380065896571488" ] }, "id": "ASB-A-188675581-6cad3ff6", "source": "https://android.googlesource.com/platform/frameworks/base/+/8a11538146d894264420d5baa554e3968496b020", "deprecated": false, "signature_version": "v1", "target": { "file": "core/java/android/hardware/camera2/params/VendorTagDescriptorCache.java" }, "signature_type": "Line" }, { "digest": { "length": 227.0, "function_hash": "192616195078580846107894632108500532721" }, "id": "ASB-A-188675581-9def4575", "source": "https://android.googlesource.com/platform/frameworks/base/+/8a11538146d894264420d5baa554e3968496b020", "deprecated": false, "signature_version": "v1", "target": { "file": "core/java/android/hardware/camera2/params/OutputConfiguration.java", "function": "createFromParcel" }, "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "153417852049301962207569779497827171531", "261000798068641417599860683920950769917", "68380207807907527116214470036115371347", "36914989888970600394132832822505474009", "237971076016265399093107091487085744480", "125120888478096195769098937328838614142", "332931380088863269407041538114198722673", "37970245084357154993585643344969614462", "111106639122235668039694155904913124616", "290256071414516235837538977928667726928" ] }, "id": "ASB-A-188675581-c179aba1", "source": "https://android.googlesource.com/platform/frameworks/base/+/8a11538146d894264420d5baa554e3968496b020", "deprecated": false, "signature_version": "v1", "target": { "file": "core/java/android/hardware/camera2/params/VendorTagDescriptor.java" }, "signature_type": "Line" }, { "digest": { "length": 232.0, "function_hash": "304382079224574811999329775731874862630" }, "id": "ASB-A-188675581-e909db41", "source": "https://android.googlesource.com/platform/frameworks/base/+/8a11538146d894264420d5baa554e3968496b020", "deprecated": false, "signature_version": "v1", "target": { "file": "core/java/android/hardware/camera2/params/VendorTagDescriptorCache.java", "function": "createFromParcel" }, "signature_type": "Function" } ], "fixes": [ "https://android.googlesource.com/platform/frameworks/base/+/8a11538146d894264420d5baa554e3968496b020" ], "spl": "2021-11-01", "severity": "High", "types": [ "EoP" ] }
{ "vanir_signatures": [ { "digest": { "length": 227.0, "function_hash": "192616195078580846107894632108500532721" }, "id": "ASB-A-188675581-15e9629a", "source": "https://android.googlesource.com/platform/frameworks/base/+/7bf30cb92ab213c07241ad22def6816ae201dbab", "deprecated": false, "signature_version": "v1", "target": { "file": "core/java/android/hardware/camera2/params/OutputConfiguration.java", "function": "createFromParcel" }, "signature_type": "Function" }, { "digest": { "length": 227.0, "function_hash": "76093156863976474586356531644141148758" }, "id": "ASB-A-188675581-16a5e4a4", "source": "https://android.googlesource.com/platform/frameworks/base/+/7bf30cb92ab213c07241ad22def6816ae201dbab", "deprecated": false, "signature_version": "v1", "target": { "file": "core/java/android/hardware/camera2/params/VendorTagDescriptor.java", "function": "createFromParcel" }, "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "230352104463149322020516772239022149833", "243872001309038146320784694779324733857", "1987689868153551222234223639152650997", "92097555207732753286478878071925575645", "201550405209711947197728996795368769293", "116311922245513189830199955547492906938", "82429457986271022162143760017490601323", "69352991995164639378330939860494258757", "111106639122235668039694155904913124616", "142009069770802382041921867158857961337" ] }, "id": "ASB-A-188675581-1d89aa28", "source": "https://android.googlesource.com/platform/frameworks/base/+/7bf30cb92ab213c07241ad22def6816ae201dbab", "deprecated": false, "signature_version": "v1", "target": { "file": "core/java/android/hardware/camera2/params/SessionConfiguration.java" }, "signature_type": "Line" }, { "digest": { "length": 232.0, "function_hash": "304382079224574811999329775731874862630" }, "id": "ASB-A-188675581-4bb8143a", "source": "https://android.googlesource.com/platform/frameworks/base/+/7bf30cb92ab213c07241ad22def6816ae201dbab", "deprecated": false, "signature_version": "v1", "target": { "file": "core/java/android/hardware/camera2/params/VendorTagDescriptorCache.java", "function": "createFromParcel" }, "signature_type": "Function" }, { "digest": { "length": 228.0, "function_hash": "66656033281491477789090332981665643467" }, "id": "ASB-A-188675581-5daa56b3", "source": "https://android.googlesource.com/platform/frameworks/base/+/7bf30cb92ab213c07241ad22def6816ae201dbab", "deprecated": false, "signature_version": "v1", "target": { "file": "core/java/android/hardware/camera2/params/SessionConfiguration.java", "function": "createFromParcel" }, "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "153417852049301962207569779497827171531", "261000798068641417599860683920950769917", "68380207807907527116214470036115371347", "36914989888970600394132832822505474009", "237971076016265399093107091487085744480", "125120888478096195769098937328838614142", "332931380088863269407041538114198722673", "37970245084357154993585643344969614462", "111106639122235668039694155904913124616", "290256071414516235837538977928667726928" ] }, "id": "ASB-A-188675581-79aa071c", "source": "https://android.googlesource.com/platform/frameworks/base/+/7bf30cb92ab213c07241ad22def6816ae201dbab", "deprecated": false, "signature_version": "v1", "target": { "file": "core/java/android/hardware/camera2/params/VendorTagDescriptor.java" }, "signature_type": "Line" }, { "digest": { "threshold": 0.9, "line_hashes": [ "317483527648198509270140802827447531782", "223002703699211872129359134200179336438", "221450786313566647513099793628289661548", "313528256641003536810992463552861425957", "324427275809028332310722070584879438496", "177679753297519812690569650647470702063", "226482931100025291448174953009991502882", "10557001945486301106050378499633951520", "111106639122235668039694155904913124616", "171915954708776976830306371819336556732" ] }, "id": "ASB-A-188675581-bfa3b659", "source": "https://android.googlesource.com/platform/frameworks/base/+/7bf30cb92ab213c07241ad22def6816ae201dbab", "deprecated": false, "signature_version": "v1", "target": { "file": "core/java/android/hardware/camera2/params/OutputConfiguration.java" }, "signature_type": "Line" }, { "digest": { "threshold": 0.9, "line_hashes": [ "55948512943992732438289951357765895868", "63330846775195551209605279357996019631", "273408181363306553741003517302417019867", "323580076011241559958992004763198920291", "28705630028658975241407202452171672217", "134854737740638073177096359259814546084", "48690313245675545338122514461806755622", "253602079636673948349820405558010193493", "111106639122235668039694155904913124616", "92411138204201860379570380065896571488" ] }, "id": "ASB-A-188675581-cce59c71", "source": "https://android.googlesource.com/platform/frameworks/base/+/7bf30cb92ab213c07241ad22def6816ae201dbab", "deprecated": false, "signature_version": "v1", "target": { "file": "core/java/android/hardware/camera2/params/VendorTagDescriptorCache.java" }, "signature_type": "Line" } ], "fixes": [ "https://android.googlesource.com/platform/frameworks/base/+/7bf30cb92ab213c07241ad22def6816ae201dbab" ], "spl": "2021-11-01", "severity": "High", "types": [ "EoP" ] }
{ "vanir_signatures": [ { "digest": { "length": 232.0, "function_hash": "304382079224574811999329775731874862630" }, "id": "ASB-A-188675581-1080fa75", "source": "https://android.googlesource.com/platform/frameworks/base/+/7bf30cb92ab213c07241ad22def6816ae201dbab", "deprecated": false, "signature_version": "v1", "target": { "file": "core/java/android/hardware/camera2/params/VendorTagDescriptorCache.java", "function": "createFromParcel" }, "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "55948512943992732438289951357765895868", "63330846775195551209605279357996019631", "273408181363306553741003517302417019867", "323580076011241559958992004763198920291", "28705630028658975241407202452171672217", "134854737740638073177096359259814546084", "48690313245675545338122514461806755622", "253602079636673948349820405558010193493", "111106639122235668039694155904913124616", "92411138204201860379570380065896571488" ] }, "id": "ASB-A-188675581-17a1b571", "source": "https://android.googlesource.com/platform/frameworks/base/+/7bf30cb92ab213c07241ad22def6816ae201dbab", "deprecated": false, "signature_version": "v1", "target": { "file": "core/java/android/hardware/camera2/params/VendorTagDescriptorCache.java" }, "signature_type": "Line" }, { "digest": { "threshold": 0.9, "line_hashes": [ "230352104463149322020516772239022149833", "243872001309038146320784694779324733857", "1987689868153551222234223639152650997", "92097555207732753286478878071925575645", "201550405209711947197728996795368769293", "116311922245513189830199955547492906938", "82429457986271022162143760017490601323", "69352991995164639378330939860494258757", "111106639122235668039694155904913124616", "142009069770802382041921867158857961337" ] }, "id": "ASB-A-188675581-3930d5c2", "source": "https://android.googlesource.com/platform/frameworks/base/+/7bf30cb92ab213c07241ad22def6816ae201dbab", "deprecated": false, "signature_version": "v1", "target": { "file": "core/java/android/hardware/camera2/params/SessionConfiguration.java" }, "signature_type": "Line" }, { "digest": { "threshold": 0.9, "line_hashes": [ "153417852049301962207569779497827171531", "261000798068641417599860683920950769917", "68380207807907527116214470036115371347", "36914989888970600394132832822505474009", "237971076016265399093107091487085744480", "125120888478096195769098937328838614142", "332931380088863269407041538114198722673", "37970245084357154993585643344969614462", "111106639122235668039694155904913124616", "290256071414516235837538977928667726928" ] }, "id": "ASB-A-188675581-4044cce5", "source": "https://android.googlesource.com/platform/frameworks/base/+/7bf30cb92ab213c07241ad22def6816ae201dbab", "deprecated": false, "signature_version": "v1", "target": { "file": "core/java/android/hardware/camera2/params/VendorTagDescriptor.java" }, "signature_type": "Line" }, { "digest": { "length": 227.0, "function_hash": "192616195078580846107894632108500532721" }, "id": "ASB-A-188675581-450466ea", "source": "https://android.googlesource.com/platform/frameworks/base/+/7bf30cb92ab213c07241ad22def6816ae201dbab", "deprecated": false, "signature_version": "v1", "target": { "file": "core/java/android/hardware/camera2/params/OutputConfiguration.java", "function": "createFromParcel" }, "signature_type": "Function" }, { "digest": { "length": 227.0, "function_hash": "76093156863976474586356531644141148758" }, "id": "ASB-A-188675581-bc4a4c08", "source": "https://android.googlesource.com/platform/frameworks/base/+/7bf30cb92ab213c07241ad22def6816ae201dbab", "deprecated": false, "signature_version": "v1", "target": { "file": "core/java/android/hardware/camera2/params/VendorTagDescriptor.java", "function": "createFromParcel" }, "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "317483527648198509270140802827447531782", "223002703699211872129359134200179336438", "221450786313566647513099793628289661548", "313528256641003536810992463552861425957", "324427275809028332310722070584879438496", "177679753297519812690569650647470702063", "226482931100025291448174953009991502882", "10557001945486301106050378499633951520", "111106639122235668039694155904913124616", "171915954708776976830306371819336556732" ] }, "id": "ASB-A-188675581-cc7d7f5d", "source": "https://android.googlesource.com/platform/frameworks/base/+/7bf30cb92ab213c07241ad22def6816ae201dbab", "deprecated": false, "signature_version": "v1", "target": { "file": "core/java/android/hardware/camera2/params/OutputConfiguration.java" }, "signature_type": "Line" }, { "digest": { "length": 228.0, "function_hash": "66656033281491477789090332981665643467" }, "id": "ASB-A-188675581-ec785397", "source": "https://android.googlesource.com/platform/frameworks/base/+/7bf30cb92ab213c07241ad22def6816ae201dbab", "deprecated": false, "signature_version": "v1", "target": { "file": "core/java/android/hardware/camera2/params/SessionConfiguration.java", "function": "createFromParcel" }, "signature_type": "Function" } ], "fixes": [ "https://android.googlesource.com/platform/frameworks/base/+/7bf30cb92ab213c07241ad22def6816ae201dbab" ], "spl": "2021-11-01", "severity": "High", "types": [ "EoP" ] }