In USB driver, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.
{ "vanir_signatures": [ { "digest": { "length": 3917.0, "function_hash": "51759867175630936810844205975104072139" }, "id": "ASB-A-216825460-0c041093", "source": "https://android.googlesource.com/kernel/common/+/7193ad3e50e59", "deprecated": false, "signature_version": "v1", "target": { "file": "drivers/usb/gadget/legacy/inode.c", "truncated_path_level": 1.0, "function": "gadgetfs_setup" }, "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "220786696602669738420112968039916400508", "58419054149626582732950653854970518386", "58319612690254011723664119190774671516" ] }, "id": "ASB-A-216825460-1e337065", "source": "https://android.googlesource.com/kernel/common/+/7193ad3e50e59", "deprecated": false, "signature_version": "v1", "target": { "file": "drivers/usb/gadget/legacy/dbgp.c", "truncated_path_level": 1.0 }, "signature_type": "Line" }, { "digest": { "threshold": 0.9, "line_hashes": [ "332656553028460648197238486507283164994", "184822845197430248537449464647837682435", "24535556639354158768388367629306163538" ] }, "id": "ASB-A-216825460-2435716f", "source": "https://android.googlesource.com/kernel/common/+/7193ad3e50e59", "deprecated": false, "signature_version": "v1", "target": { "file": "drivers/usb/gadget/composite.c", "truncated_path_level": 1.0 }, "signature_type": "Line" }, { "digest": { "length": 1417.0, "function_hash": "211557554950156766019146613511635348846" }, "id": "ASB-A-216825460-332e6bf0", "source": "https://android.googlesource.com/kernel/common/+/7193ad3e50e59", "deprecated": false, "signature_version": "v1", "target": { "file": "drivers/usb/gadget/legacy/dbgp.c", "truncated_path_level": 1.0, "function": "dbgp_setup" }, "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "282852417431766263490676553128712597531", "110705312730213592619630503319076438808", "94219566278308689484813984906675955552", "36491830421415711599610514669873140861", "30790627971595482618317624871770110268", "288531739672159843520527013539581497894", "39603869017474101200293526634541239352", "45180091331208902342353969121843865020", "143434519509247879588825429509241155734" ] }, "id": "ASB-A-216825460-3492eeb3", "source": "https://android.googlesource.com/kernel/common/+/fb4ff0f96de37", "deprecated": false, "signature_version": "v1", "target": { "file": "drivers/usb/gadget/function/rndis.c" }, "signature_type": "Line" }, { "digest": { "length": 8448.0, "function_hash": "5478919993484057482267054353714439302" }, "id": "ASB-A-216825460-444ae947", "source": "https://android.googlesource.com/kernel/common/+/7193ad3e50e59", "deprecated": false, "signature_version": "v1", "target": { "file": "drivers/usb/gadget/composite.c", "truncated_path_level": 1.0, "function": "composite_setup" }, "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "294771366740492330844059928101261168882", "329472988511519008266114862851615948738", "230055354007917815238754878125146233726", "241615109029172640209368064780730838459", "64969316027898508467714672781279523538", "30332420178214091468338430140846186405", "255997175657941735343107809281305721211", "128343364494571164832515145964696539800", "192991251693947936407784405714326144362", "63161658648569397665050629489358928343" ] }, "id": "ASB-A-216825460-47e64c35", "source": "https://android.googlesource.com/kernel/common/+/7193ad3e50e59", "deprecated": false, "signature_version": "v1", "target": { "file": "drivers/usb/gadget/legacy/inode.c", "truncated_path_level": 1.0 }, "signature_type": "Line" }, { "digest": { "length": 1018.0, "function_hash": "221946459094492974610708965816765957224" }, "id": "ASB-A-216825460-cce2960c", "source": "https://android.googlesource.com/kernel/common/+/fb4ff0f96de37", "deprecated": false, "signature_version": "v1", "target": { "file": "drivers/usb/gadget/function/rndis.c", "function": "rndis_set_response" }, "signature_type": "Function" } ], "fixes": [ "https://android.googlesource.com/kernel/common/+/7193ad3e50e59", "https://android.googlesource.com/kernel/common/+/fb4ff0f96de37" ], "spl": "2022-07-05", "severity": "High", "types": [ "ID" ] }