In pfwritebuf of FuseDaemon.cpp, there is possible memory corruption due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
{ "vanir_signatures": [ { "digest": { "length": 589.0, "function_hash": "192019583326987785727405191115202404923" }, "id": "ASB-A-192085766-555f3750", "source": "https://android.googlesource.com/platform/packages/providers/MediaProvider/+/9b7488a6ab3f4c8f5cfc30ff7d04a972643c1ff9", "deprecated": false, "signature_version": "v1", "target": { "file": "jni/FuseDaemon.cpp", "function": "pf_write_buf" }, "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "63062175104087424415549573778864761467", "231680940865405488345224561359528259172", "273123602092719675722700568352747148168", "29991220791276618583071092840987293896", "196368252258504179421192806773538706037" ] }, "id": "ASB-A-192085766-891c0d00", "source": "https://android.googlesource.com/platform/packages/providers/MediaProvider/+/9b7488a6ab3f4c8f5cfc30ff7d04a972643c1ff9", "deprecated": false, "signature_version": "v1", "target": { "file": "jni/FuseDaemon.cpp" }, "signature_type": "Line" } ], "fixes": [ "https://android.googlesource.com/platform/packages/providers/MediaProvider/+/9b7488a6ab3f4c8f5cfc30ff7d04a972643c1ff9" ], "spl": "2021-12-01", "severity": "High", "types": [ "EoP" ] }