In various functions of C2DmaBufAllocator.cpp, there is a possible memory corruption due to a use after free. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.
{ "vanir_signatures": [ { "digest": { "threshold": 0.9, "line_hashes": [ "192227934232514726557426748198738623410", "317255628712816926328077450866894228452", "311631332125272066488853762979160572930", "200969091410336481141966200584404115575", "51559047303558521212122549833089270220", "74221046007737194667233700832096575063", "228252480631705538231742767406619682407", "22492156979977295798095182627872838035", "231399710022428264346164184280306177067", "211655241687773405580550050359533509495", "194651649701829123340808045550149298755", "88287981816864687367563400153199024117", "21133483344499622561215568506296204047", "44914622061145209070180209937845868801", "194300837437827142635570084323525444759", "21270117293079764063673154557878170952", "235620155372164143951842304285161307163", "310040829824071364552459800808268420305", "320746817924010270769999961346433377402", "181590233791588607348333510668637482539", "37077830568388809013384498335522893334", "287683952838851208945788423954754367332", "314318985694173977636984479840306674552", "123801798367134975462997417348237060122", "314686063585001825113132334808958923677", "195903363165327730377140988313203592017", "316461725082244718898528055752115183257", "66275611729325449737339854251446508253", "274283264904369067223163265774635421682", "154925317047249732204408814864411678525", "93064771771212267697144890968037783838", "54456604817051958429238255474257769216", "4415980063983488735625236013337988711", "121665763636476463751885739650815948483", "39325296754708017965824161051703363402", "239240393691106160585830857877140432688", "239670772907459229346688508752068172892", "332859814753134252708024752127214576688", "90661642236740509347713288329185464032", "134868697679941322428296847329038362219", "59162336919209653723894857708251608234", "295312956171829762994738736568944178687", "268734471588714994898013031994459612349", "103233899701424350933302057997214161275", "242604353954162070547450642583046068316", "59287285465733016241748955774357058775", "141394885991717466741112758253931869448", "27028203555431716372373482172836092522", "332407439834065522916652423857843263185", "18370254986684097256761458897809386866", "324916189533104502194359447110009875807", "119736582797376422820720639432704534758", "10138077624400305967329662390503689073", "168087749518512853078711943852155356037", "34445881603422342436620705275987892025" ] }, "id": "ASB-A-213850092-15618e38", "source": "https://android.googlesource.com/platform/frameworks/av/+/5cbca291a6d288fa6d471c0dc223537ca12700d3", "deprecated": false, "signature_version": "v1", "target": { "file": "media/codec2/vndk/C2AllocatorIon.cpp" }, "signature_type": "Line" }, { "digest": { "length": 784.0, "function_hash": "167525502730782928918426667957436792503" }, "id": "ASB-A-213850092-3de18407", "source": "https://android.googlesource.com/platform/frameworks/av/+/5cbca291a6d288fa6d471c0dc223537ca12700d3", "deprecated": false, "signature_version": "v1", "target": { "file": "media/codec2/vndk/C2DmaBufAllocator.cpp", "function": "C2DmaBufAllocation::unmap" }, "signature_type": "Function" }, { "digest": { "length": 308.0, "function_hash": "84751803150063703769184018163581837046" }, "id": "ASB-A-213850092-ae3bd88b", "source": "https://android.googlesource.com/platform/frameworks/av/+/5cbca291a6d288fa6d471c0dc223537ca12700d3", "deprecated": false, "signature_version": "v1", "target": { "file": "media/codec2/vndk/C2DmaBufAllocator.cpp", "function": "C2DmaBufAllocation::~C2DmaBufAllocation" }, "signature_type": "Function" }, { "digest": { "length": 718.0, "function_hash": "81310799912256614906691639230053021652" }, "id": "ASB-A-213850092-b4f4e2cc", "source": "https://android.googlesource.com/platform/frameworks/av/+/5cbca291a6d288fa6d471c0dc223537ca12700d3", "deprecated": false, "signature_version": "v1", "target": { "file": "media/codec2/vndk/C2DmaBufAllocator.cpp", "function": "C2DmaBufAllocation::map" }, "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "189398025276921510662259629929679625504", "190124384050380137500313740546362094636", "318442528087732575042734206245950164334", "200969091410336481141966200584404115575", "324916189533104502194359447110009875807", "138764542055880364928204930256352419840", "146103464064372951264048699517613775573", "6270207401994686947099272090192686013", "30164083190354049957389761680047008013", "74221046007737194667233700832096575063", "228252480631705538231742767406619682407", "22492156979977295798095182627872838035", "31133979089634078623668486667043461080", "60589161606239541530292977430291225801", "79833116189996246325763992945216508705", "21133483344499622561215568506296204047", "268245298036413543952179369188266135625", "88782410469043552503251570297246250434", "268910806458056956348636141379258945740", "53357948951561565206560574069236934778", "310040829824071364552459800808268420305", "122504346484478287434413399803169473137", "282596664588746285551602688336961958615", "304059659473115756915233644411737299832", "123801798367134975462997417348237060122", "121665763636476463751885739650815948483", "63908884897072704198123042693509587337", "19985124781375086165144574996702862129", "136847701873993135194624429221300571733", "290727991407667733996424948630674831692", "268767516241136795539513431389130295542", "122684162537915230232268244634080548700", "232241272674342874416045558473089824839", "333103102776945917657126086317281240904", "312083599223791841006018271297194341200" ] }, "id": "ASB-A-213850092-dd690a7b", "source": "https://android.googlesource.com/platform/frameworks/av/+/5cbca291a6d288fa6d471c0dc223537ca12700d3", "deprecated": false, "signature_version": "v1", "target": { "file": "media/codec2/vndk/C2DmaBufAllocator.cpp" }, "signature_type": "Line" } ], "fixes": [ "https://android.googlesource.com/platform/frameworks/av/+/5cbca291a6d288fa6d471c0dc223537ca12700d3" ], "spl": "2022-07-01", "severity": "High", "types": [ "ID" ] }
{ "vanir_signatures": [ { "digest": { "threshold": 0.9, "line_hashes": [ "192227934232514726557426748198738623410", "317255628712816926328077450866894228452", "311631332125272066488853762979160572930", "200969091410336481141966200584404115575", "51559047303558521212122549833089270220", "74221046007737194667233700832096575063", "228252480631705538231742767406619682407", "22492156979977295798095182627872838035", "231399710022428264346164184280306177067", "211655241687773405580550050359533509495", "194651649701829123340808045550149298755", "88287981816864687367563400153199024117", "21133483344499622561215568506296204047", "44914622061145209070180209937845868801", "194300837437827142635570084323525444759", "21270117293079764063673154557878170952", "235620155372164143951842304285161307163", "310040829824071364552459800808268420305", "320746817924010270769999961346433377402", "181590233791588607348333510668637482539", "37077830568388809013384498335522893334", "287683952838851208945788423954754367332", "314318985694173977636984479840306674552", "123801798367134975462997417348237060122", "314686063585001825113132334808958923677", "195903363165327730377140988313203592017", "316461725082244718898528055752115183257", "66275611729325449737339854251446508253", "274283264904369067223163265774635421682", "154925317047249732204408814864411678525", "93064771771212267697144890968037783838", "54456604817051958429238255474257769216", "4415980063983488735625236013337988711", "121665763636476463751885739650815948483", "39325296754708017965824161051703363402", "239240393691106160585830857877140432688", "239670772907459229346688508752068172892", "332859814753134252708024752127214576688", "90661642236740509347713288329185464032", "134868697679941322428296847329038362219", "59162336919209653723894857708251608234", "295312956171829762994738736568944178687", "268734471588714994898013031994459612349", "103233899701424350933302057997214161275", "242604353954162070547450642583046068316", "59287285465733016241748955774357058775", "141394885991717466741112758253931869448", "27028203555431716372373482172836092522", "332407439834065522916652423857843263185", "18370254986684097256761458897809386866", "324916189533104502194359447110009875807", "119736582797376422820720639432704534758", "10138077624400305967329662390503689073", "168087749518512853078711943852155356037", "34445881603422342436620705275987892025" ] }, "id": "ASB-A-213850092-00e274be", "source": "https://android.googlesource.com/platform/frameworks/av/+/5cbca291a6d288fa6d471c0dc223537ca12700d3", "deprecated": false, "signature_version": "v1", "target": { "file": "media/codec2/vndk/C2AllocatorIon.cpp" }, "signature_type": "Line" }, { "digest": { "threshold": 0.9, "line_hashes": [ "189398025276921510662259629929679625504", "190124384050380137500313740546362094636", "318442528087732575042734206245950164334", "200969091410336481141966200584404115575", "324916189533104502194359447110009875807", "138764542055880364928204930256352419840", "146103464064372951264048699517613775573", "6270207401994686947099272090192686013", "30164083190354049957389761680047008013", "74221046007737194667233700832096575063", "228252480631705538231742767406619682407", "22492156979977295798095182627872838035", "31133979089634078623668486667043461080", "60589161606239541530292977430291225801", "79833116189996246325763992945216508705", "21133483344499622561215568506296204047", "268245298036413543952179369188266135625", "88782410469043552503251570297246250434", "268910806458056956348636141379258945740", "53357948951561565206560574069236934778", "310040829824071364552459800808268420305", "122504346484478287434413399803169473137", "282596664588746285551602688336961958615", "304059659473115756915233644411737299832", "123801798367134975462997417348237060122", "121665763636476463751885739650815948483", "63908884897072704198123042693509587337", "19985124781375086165144574996702862129", "136847701873993135194624429221300571733", "290727991407667733996424948630674831692", "268767516241136795539513431389130295542", "122684162537915230232268244634080548700", "232241272674342874416045558473089824839", "333103102776945917657126086317281240904", "312083599223791841006018271297194341200" ] }, "id": "ASB-A-213850092-0609e4bd", "source": "https://android.googlesource.com/platform/frameworks/av/+/5cbca291a6d288fa6d471c0dc223537ca12700d3", "deprecated": false, "signature_version": "v1", "target": { "file": "media/codec2/vndk/C2DmaBufAllocator.cpp" }, "signature_type": "Line" }, { "digest": { "length": 308.0, "function_hash": "84751803150063703769184018163581837046" }, "id": "ASB-A-213850092-58f7ed62", "source": "https://android.googlesource.com/platform/frameworks/av/+/5cbca291a6d288fa6d471c0dc223537ca12700d3", "deprecated": false, "signature_version": "v1", "target": { "file": "media/codec2/vndk/C2DmaBufAllocator.cpp", "function": "C2DmaBufAllocation::~C2DmaBufAllocation" }, "signature_type": "Function" }, { "digest": { "length": 784.0, "function_hash": "167525502730782928918426667957436792503" }, "id": "ASB-A-213850092-8c6acba6", "source": "https://android.googlesource.com/platform/frameworks/av/+/5cbca291a6d288fa6d471c0dc223537ca12700d3", "deprecated": false, "signature_version": "v1", "target": { "file": "media/codec2/vndk/C2DmaBufAllocator.cpp", "function": "C2DmaBufAllocation::unmap" }, "signature_type": "Function" }, { "digest": { "length": 718.0, "function_hash": "81310799912256614906691639230053021652" }, "id": "ASB-A-213850092-d009792b", "source": "https://android.googlesource.com/platform/frameworks/av/+/5cbca291a6d288fa6d471c0dc223537ca12700d3", "deprecated": false, "signature_version": "v1", "target": { "file": "media/codec2/vndk/C2DmaBufAllocator.cpp", "function": "C2DmaBufAllocation::map" }, "signature_type": "Function" } ], "fixes": [ "https://android.googlesource.com/platform/frameworks/av/+/5cbca291a6d288fa6d471c0dc223537ca12700d3" ], "spl": "2022-07-01", "severity": "High", "types": [ "ID" ] }