In ~Impl of C2AllocatorIon.cpp, there is a possible out of bounds read due to a use after free. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.
{ "vanir_signatures": [ { "digest": { "threshold": 0.9, "line_hashes": [ "39997725199372059577550694964669424809", "273063931939842850401049194650282175628", "23635781807921844450053971616494484260", "79833116189996246325763992945216508705", "122504346484478287434413399803169473137", "282596664588746285551602688336961958615", "304059659473115756915233644411737299832", "123801798367134975462997417348237060122", "314686063585001825113132334808958923677", "195903363165327730377140988313203592017", "316461725082244718898528055752115183257", "66275611729325449737339854251446508253", "274283264904369067223163265774635421682", "154925317047249732204408814864411678525", "93064771771212267697144890968037783838", "54456604817051958429238255474257769216", "4415980063983488735625236013337988711", "121665763636476463751885739650815948483", "63908884897072704198123042693509587337", "19985124781375086165144574996702862129", "136847701873993135194624429221300571733", "263016725820583220635591645880946986040", "337062871888618167084664621384105313237", "242604353954162070547450642583046068316", "156310894629892543309019154915813841814", "11584878628880323870927814561550416871", "264916801351005653970177793585135920505", "324916189533104502194359447110009875807", "298304806127997440014602776602130529632", "124325789932757898411036688471256543692", "318304630998875668424512610947930899267" ] }, "id": "ASB-A-193790350-2106de8c", "source": "https://android.googlesource.com/platform/frameworks/av/+/ac5f5cade22029ffada814347500535a368d88d9", "deprecated": false, "signature_version": "v1", "target": { "file": "media/codec2/vndk/C2AllocatorIon.cpp" }, "signature_type": "Line" } ], "fixes": [ "https://android.googlesource.com/platform/frameworks/av/+/ac5f5cade22029ffada814347500535a368d88d9" ], "spl": "2022-04-01", "severity": "High", "types": [ "ID" ] }
{ "vanir_signatures": [ { "digest": { "threshold": 0.9, "line_hashes": [ "39997725199372059577550694964669424809", "273063931939842850401049194650282175628", "23635781807921844450053971616494484260", "79833116189996246325763992945216508705", "122504346484478287434413399803169473137", "282596664588746285551602688336961958615", "304059659473115756915233644411737299832", "123801798367134975462997417348237060122", "314686063585001825113132334808958923677", "195903363165327730377140988313203592017", "316461725082244718898528055752115183257", "66275611729325449737339854251446508253", "274283264904369067223163265774635421682", "154925317047249732204408814864411678525", "93064771771212267697144890968037783838", "54456604817051958429238255474257769216", "4415980063983488735625236013337988711", "121665763636476463751885739650815948483", "201169086221429799773184087444789434386", "242490286077537834776466743498273079701", "68494283354012933943687583105914507292", "111695304500474698755220168894222327492", "337062871888618167084664621384105313237", "242604353954162070547450642583046068316", "156310894629892543309019154915813841814", "11584878628880323870927814561550416871", "264916801351005653970177793585135920505", "324916189533104502194359447110009875807", "298304806127997440014602776602130529632", "124325789932757898411036688471256543692", "318304630998875668424512610947930899267" ] }, "id": "ASB-A-193790350-a1c48a58", "source": "https://android.googlesource.com/platform/frameworks/av/+/416da6e8da6b6a16c5c00bddd9fbc7a5f060cd58", "deprecated": false, "signature_version": "v1", "target": { "file": "media/codec2/vndk/C2AllocatorIon.cpp" }, "signature_type": "Line" } ], "fixes": [ "https://android.googlesource.com/platform/frameworks/av/+/416da6e8da6b6a16c5c00bddd9fbc7a5f060cd58" ], "spl": "2022-04-01", "severity": "High", "types": [ "ID" ] }
{ "vanir_signatures": [ { "digest": { "threshold": 0.9, "line_hashes": [ "39997725199372059577550694964669424809", "273063931939842850401049194650282175628", "23635781807921844450053971616494484260", "79833116189996246325763992945216508705", "122504346484478287434413399803169473137", "282596664588746285551602688336961958615", "304059659473115756915233644411737299832", "123801798367134975462997417348237060122", "314686063585001825113132334808958923677", "195903363165327730377140988313203592017", "316461725082244718898528055752115183257", "66275611729325449737339854251446508253", "274283264904369067223163265774635421682", "154925317047249732204408814864411678525", "93064771771212267697144890968037783838", "54456604817051958429238255474257769216", "4415980063983488735625236013337988711", "121665763636476463751885739650815948483", "201169086221429799773184087444789434386", "242490286077537834776466743498273079701", "68494283354012933943687583105914507292", "111695304500474698755220168894222327492", "337062871888618167084664621384105313237", "242604353954162070547450642583046068316", "156310894629892543309019154915813841814", "11584878628880323870927814561550416871", "264916801351005653970177793585135920505", "324916189533104502194359447110009875807", "298304806127997440014602776602130529632", "124325789932757898411036688471256543692", "318304630998875668424512610947930899267" ] }, "id": "ASB-A-193790350-14792537", "source": "https://android.googlesource.com/platform/frameworks/av/+/416da6e8da6b6a16c5c00bddd9fbc7a5f060cd58", "deprecated": false, "signature_version": "v1", "target": { "file": "media/codec2/vndk/C2AllocatorIon.cpp" }, "signature_type": "Line" } ], "fixes": [ "https://android.googlesource.com/platform/frameworks/av/+/416da6e8da6b6a16c5c00bddd9fbc7a5f060cd58" ], "spl": "2022-04-01", "severity": "High", "types": [ "ID" ] }
{ "vanir_signatures": [ { "digest": { "threshold": 0.9, "line_hashes": [ "39997725199372059577550694964669424809", "273063931939842850401049194650282175628", "23635781807921844450053971616494484260", "79833116189996246325763992945216508705", "122504346484478287434413399803169473137", "282596664588746285551602688336961958615", "304059659473115756915233644411737299832", "123801798367134975462997417348237060122", "314686063585001825113132334808958923677", "195903363165327730377140988313203592017", "316461725082244718898528055752115183257", "66275611729325449737339854251446508253", "274283264904369067223163265774635421682", "154925317047249732204408814864411678525", "93064771771212267697144890968037783838", "54456604817051958429238255474257769216", "4415980063983488735625236013337988711", "121665763636476463751885739650815948483", "201169086221429799773184087444789434386", "242490286077537834776466743498273079701", "68494283354012933943687583105914507292", "111695304500474698755220168894222327492", "337062871888618167084664621384105313237", "242604353954162070547450642583046068316", "156310894629892543309019154915813841814", "11584878628880323870927814561550416871", "264916801351005653970177793585135920505", "324916189533104502194359447110009875807", "298304806127997440014602776602130529632", "124325789932757898411036688471256543692", "318304630998875668424512610947930899267" ] }, "id": "ASB-A-193790350-b9c6696c", "source": "https://android.googlesource.com/platform/frameworks/av/+/416da6e8da6b6a16c5c00bddd9fbc7a5f060cd58", "deprecated": false, "signature_version": "v1", "target": { "file": "media/codec2/vndk/C2AllocatorIon.cpp" }, "signature_type": "Line" } ], "fixes": [ "https://android.googlesource.com/platform/frameworks/av/+/416da6e8da6b6a16c5c00bddd9fbc7a5f060cd58" ], "spl": "2022-04-01", "severity": "High", "types": [ "ID" ] }