In cet4tdatacback of cet4t.cc, there is a possible out of bounds write due to a double free. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
{ "vanir_signatures": [ { "digest": { "length": 5507.0, "function_hash": "104878374239606386092160028817565736155" }, "id": "ASB-A-221862119-61ece92b", "source": "https://android.googlesource.com/platform/system/nfc/+/2fcf7d677bcebae5a00db43938460bcce267149e", "deprecated": false, "signature_version": "v1", "target": { "file": "src/nfc/tags/ce_t4t.cc", "function": "ce_t4t_data_cback" }, "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "288755587739503399973484087706792439868", "235957353039854732531163373805571340181", "178676705441890409717555889950227732401", "126937206315459210288597319086747904932" ] }, "id": "ASB-A-221862119-736012b3", "source": "https://android.googlesource.com/platform/system/nfc/+/2fcf7d677bcebae5a00db43938460bcce267149e", "deprecated": false, "signature_version": "v1", "target": { "file": "src/nfc/tags/ce_t4t.cc" }, "signature_type": "Line" } ], "fixes": [ "https://android.googlesource.com/platform/system/nfc/+/2fcf7d677bcebae5a00db43938460bcce267149e" ], "spl": "2022-06-01", "severity": "Critical", "types": [ "RCE" ] }
{ "vanir_signatures": [ { "digest": { "threshold": 0.9, "line_hashes": [ "288755587739503399973484087706792439868", "235957353039854732531163373805571340181", "178676705441890409717555889950227732401", "126937206315459210288597319086747904932" ] }, "id": "ASB-A-221862119-343dd870", "source": "https://android.googlesource.com/platform/system/nfc/+/2fcf7d677bcebae5a00db43938460bcce267149e", "deprecated": false, "signature_version": "v1", "target": { "file": "src/nfc/tags/ce_t4t.cc" }, "signature_type": "Line" }, { "digest": { "length": 5507.0, "function_hash": "104878374239606386092160028817565736155" }, "id": "ASB-A-221862119-aa044d21", "source": "https://android.googlesource.com/platform/system/nfc/+/2fcf7d677bcebae5a00db43938460bcce267149e", "deprecated": false, "signature_version": "v1", "target": { "file": "src/nfc/tags/ce_t4t.cc", "function": "ce_t4t_data_cback" }, "signature_type": "Function" } ], "fixes": [ "https://android.googlesource.com/platform/system/nfc/+/2fcf7d677bcebae5a00db43938460bcce267149e" ], "spl": "2022-06-01", "severity": "Critical", "types": [ "RCE" ] }
{ "vanir_signatures": [ { "digest": { "threshold": 0.9, "line_hashes": [ "288755587739503399973484087706792439868", "235957353039854732531163373805571340181", "178676705441890409717555889950227732401", "126937206315459210288597319086747904932" ] }, "id": "ASB-A-221862119-5b367f01", "source": "https://android.googlesource.com/platform/system/nfc/+/2fcf7d677bcebae5a00db43938460bcce267149e", "deprecated": false, "signature_version": "v1", "target": { "file": "src/nfc/tags/ce_t4t.cc" }, "signature_type": "Line" }, { "digest": { "length": 5507.0, "function_hash": "104878374239606386092160028817565736155" }, "id": "ASB-A-221862119-91204f54", "source": "https://android.googlesource.com/platform/system/nfc/+/2fcf7d677bcebae5a00db43938460bcce267149e", "deprecated": false, "signature_version": "v1", "target": { "file": "src/nfc/tags/ce_t4t.cc", "function": "ce_t4t_data_cback" }, "signature_type": "Function" } ], "fixes": [ "https://android.googlesource.com/platform/system/nfc/+/2fcf7d677bcebae5a00db43938460bcce267149e" ], "spl": "2022-06-01", "severity": "Critical", "types": [ "RCE" ] }
{ "vanir_signatures": [ { "digest": { "threshold": 0.9, "line_hashes": [ "288755587739503399973484087706792439868", "235957353039854732531163373805571340181", "178676705441890409717555889950227732401", "126937206315459210288597319086747904932" ] }, "id": "ASB-A-221862119-5008a5a6", "source": "https://android.googlesource.com/platform/system/nfc/+/2fcf7d677bcebae5a00db43938460bcce267149e", "deprecated": false, "signature_version": "v1", "target": { "file": "src/nfc/tags/ce_t4t.cc" }, "signature_type": "Line" }, { "digest": { "length": 5507.0, "function_hash": "104878374239606386092160028817565736155" }, "id": "ASB-A-221862119-bb145cbc", "source": "https://android.googlesource.com/platform/system/nfc/+/2fcf7d677bcebae5a00db43938460bcce267149e", "deprecated": false, "signature_version": "v1", "target": { "file": "src/nfc/tags/ce_t4t.cc", "function": "ce_t4t_data_cback" }, "signature_type": "Function" } ], "fixes": [ "https://android.googlesource.com/platform/system/nfc/+/2fcf7d677bcebae5a00db43938460bcce267149e" ], "spl": "2022-06-01", "severity": "Critical", "types": [ "RCE" ] }
{ "vanir_signatures": [ { "digest": { "threshold": 0.9, "line_hashes": [ "288755587739503399973484087706792439868", "235957353039854732531163373805571340181", "178676705441890409717555889950227732401", "126937206315459210288597319086747904932" ] }, "id": "ASB-A-221862119-4be8c439", "source": "https://android.googlesource.com/platform/system/nfc/+/2fcf7d677bcebae5a00db43938460bcce267149e", "deprecated": false, "signature_version": "v1", "target": { "file": "src/nfc/tags/ce_t4t.cc" }, "signature_type": "Line" }, { "digest": { "length": 5507.0, "function_hash": "104878374239606386092160028817565736155" }, "id": "ASB-A-221862119-ace169cf", "source": "https://android.googlesource.com/platform/system/nfc/+/2fcf7d677bcebae5a00db43938460bcce267149e", "deprecated": false, "signature_version": "v1", "target": { "file": "src/nfc/tags/ce_t4t.cc", "function": "ce_t4t_data_cback" }, "signature_type": "Function" } ], "fixes": [ "https://android.googlesource.com/platform/system/nfc/+/2fcf7d677bcebae5a00db43938460bcce267149e" ], "spl": "2022-06-01", "severity": "Critical", "types": [ "RCE" ] }