In GKIgetbuf of gkibuffer.cc, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
{ "vanir_signatures": [ { "digest": { "threshold": 0.9, "line_hashes": [ "288390722114287778546768584513148725603", "31791538175672348154770622817844970845", "233694777456824859479542176992205686209", "53136747502931177756999941870448979321", "227678348486699828512464673817066811975", "251177702116177346323361254365922307350", "252357863778430228943175558416913079077" ] }, "id": "ASB-A-205729183-2f53f16c", "source": "https://android.googlesource.com/platform/system/nfc/+/92646b7ffc155efec6e9ed2e0753c6e62fb5ff6b", "deprecated": false, "signature_version": "v1", "target": { "file": "src/gki/common/gki_buffer.cc" }, "signature_type": "Line" }, { "digest": { "length": 2844.0, "function_hash": "262860658969548968702594415238425075122" }, "id": "ASB-A-205729183-aee00831", "source": "https://android.googlesource.com/platform/system/nfc/+/92646b7ffc155efec6e9ed2e0753c6e62fb5ff6b", "deprecated": false, "signature_version": "v1", "target": { "file": "src/gki/common/gki_buffer.cc", "function": "GKI_getbuf" }, "signature_type": "Function" } ], "fixes": [ "https://android.googlesource.com/platform/system/nfc/+/92646b7ffc155efec6e9ed2e0753c6e62fb5ff6b" ], "spl": "2022-02-01", "severity": "Critical", "types": [ "EoP" ] }