In GetResolvedMethod of entrypoint_utils-inl.h, there is a possible use after free due to a stale cache. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
{ "vanir_signatures": [ { "digest": { "threshold": 0.9, "line_hashes": [ "235881377265982734315241633510260354216", "270239985225514015884504015035684228793", "10059235942065569592591306243256186506" ] }, "id": "ASB-A-222166527-0c3d0612", "source": "https://android.googlesource.com/platform/art/+/1ee0290eed24868826ad99678cc58eee425ecba8", "deprecated": false, "signature_version": "v1", "target": { "file": "runtime/class_linker.cc" }, "signature_type": "Line" }, { "match_only_versions": [ "13" ], "digest": { "threshold": 0.9, "line_hashes": [ "71407768609025779943647605851062947084", "231448601979646057492220449142490098289", "101004473502411423060817344107809267897", "4666280352048265623534093757599548744" ] }, "id": "ASB-A-222166527-35e81c35", "source": "https://android.googlesource.com/platform/art/+/1ee0290eed24868826ad99678cc58eee425ecba8", "deprecated": false, "signature_version": "v1", "target": { "file": "runtime/class_linker.h" }, "signature_type": "Line" }, { "match_only_versions": [ "13" ], "digest": { "threshold": 0.9, "line_hashes": [ "224633646189388580329569994623457295844", "180255055740417429932114057942854935580", "153984034873157555044294756773927580993", "218043941733532718263172998565117627125" ] }, "id": "ASB-A-222166527-3b5aba53", "source": "https://android.googlesource.com/platform/art/+/1ee0290eed24868826ad99678cc58eee425ecba8", "deprecated": false, "signature_version": "v1", "target": { "file": "runtime/native/dalvik_system_DexFile.cc" }, "signature_type": "Line" }, { "match_only_versions": [ "13" ], "digest": { "length": 1123.0, "function_hash": "310321501238726500791910867729928366774" }, "id": "ASB-A-222166527-e2dc99f3", "source": "https://android.googlesource.com/platform/art/+/1ee0290eed24868826ad99678cc58eee425ecba8", "deprecated": false, "signature_version": "v1", "target": { "file": "runtime/native/dalvik_system_DexFile.cc", "function": "DexFile_closeDexFile" }, "signature_type": "Function" } ], "fixes": [ "https://android.googlesource.com/platform/art/+/1ee0290eed24868826ad99678cc58eee425ecba8" ], "spl": "2022-12-01", "severity": "High", "types": [ "ID" ] }