In audioTransportsToHal of HidlUtils.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
{ "vanir_signatures": [ { "digest": { "threshold": 0.9, "line_hashes": [ "269344792656577092001110833540011432940", "24566917316876822633373775224199387841", "326563767327415897676849247084034620501", "296721903556534197228020912422928613838", "98664012303234856457986909474349887885", "242909748081190874474530485925527046198", "337480627864806466889618801044925771695", "32976967712788725498324097883947031232" ] }, "id": "ASB-A-237288416-43d39542", "source": "https://android.googlesource.com/platform/hardware/interfaces/+/f16c6d3a5741768356159f099d04bfe2219c81fe", "deprecated": false, "signature_version": "v1", "target": { "file": "audio/common/all-versions/default/7.0/HidlUtils.cpp" }, "signature_type": "Line" }, { "digest": { "length": 1096.0, "function_hash": "127934060083940188991457240859462848395" }, "id": "ASB-A-237288416-8447b692", "source": "https://android.googlesource.com/platform/hardware/interfaces/+/f16c6d3a5741768356159f099d04bfe2219c81fe", "deprecated": false, "signature_version": "v1", "target": { "file": "audio/common/all-versions/default/tests/hidlutils_tests.cpp", "function": "TEST" }, "signature_type": "Function" }, { "digest": { "length": 1770.0, "function_hash": "30693180149815436432511666337241282332" }, "id": "ASB-A-237288416-8916973c", "source": "https://android.googlesource.com/platform/hardware/interfaces/+/f16c6d3a5741768356159f099d04bfe2219c81fe", "deprecated": false, "signature_version": "v1", "target": { "file": "audio/common/all-versions/default/7.0/HidlUtils.cpp", "function": "HidlUtils::audioTransportsToHal" }, "signature_type": "Function" }, { "digest": { "length": 978.0, "function_hash": "168160430229648601525038002173658487200" }, "id": "ASB-A-237288416-969a65de", "source": "https://android.googlesource.com/platform/hardware/interfaces/+/f16c6d3a5741768356159f099d04bfe2219c81fe", "deprecated": false, "signature_version": "v1", "target": { "file": "audio/common/all-versions/default/tests/hidlutils_tests.cpp", "function": "TEST" }, "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "172186339874870091662576372895279208413", "227349891284322899533340354059474595611", "186519563238785187792249710978779741919", "110617716582878860557393456367871608803", "43366630099968855310673323885673129606", "131451768960244202058325825301537495331", "78935328830424581718176604854654660458", "306341795472413105250127479060524261756", "16834518065203268661284590998142718197", "299064499527370160859152552006985321520", "180805790256931266346711168313089126423", "170095354208668041088633580278233745834", "33521963547965584930512648087844251698", "114610901870909908359583640191322919081", "212452195949018653488913703488818546503", "153444376759287560523706886364648112712", "29528458756198696541044575576555735593", "48063698236143321999460836226503716002", "172446838531745295337624745295579102534", "183608570636346057331731099513885835857" ] }, "id": "ASB-A-237288416-cc0a349a", "source": "https://android.googlesource.com/platform/hardware/interfaces/+/f16c6d3a5741768356159f099d04bfe2219c81fe", "deprecated": false, "signature_version": "v1", "target": { "file": "audio/common/all-versions/default/tests/hidlutils_tests.cpp" }, "signature_type": "Line" } ], "fixes": [ "https://android.googlesource.com/platform/hardware/interfaces/+/f16c6d3a5741768356159f099d04bfe2219c81fe" ], "spl": "2022-10-01", "severity": "High", "types": [ "EoP" ] }
{ "vanir_signatures": [ { "digest": { "length": 1096.0, "function_hash": "127934060083940188991457240859462848395" }, "id": "ASB-A-237288416-624746e3", "source": "https://android.googlesource.com/platform/hardware/interfaces/+/f16c6d3a5741768356159f099d04bfe2219c81fe", "deprecated": false, "signature_version": "v1", "target": { "file": "audio/common/all-versions/default/tests/hidlutils_tests.cpp", "function": "TEST" }, "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "269344792656577092001110833540011432940", "24566917316876822633373775224199387841", "326563767327415897676849247084034620501", "296721903556534197228020912422928613838", "98664012303234856457986909474349887885", "242909748081190874474530485925527046198", "337480627864806466889618801044925771695", "32976967712788725498324097883947031232" ] }, "id": "ASB-A-237288416-793669b5", "source": "https://android.googlesource.com/platform/hardware/interfaces/+/f16c6d3a5741768356159f099d04bfe2219c81fe", "deprecated": false, "signature_version": "v1", "target": { "file": "audio/common/all-versions/default/7.0/HidlUtils.cpp" }, "signature_type": "Line" }, { "digest": { "threshold": 0.9, "line_hashes": [ "172186339874870091662576372895279208413", "227349891284322899533340354059474595611", "186519563238785187792249710978779741919", "110617716582878860557393456367871608803", "43366630099968855310673323885673129606", "131451768960244202058325825301537495331", "78935328830424581718176604854654660458", "306341795472413105250127479060524261756", "16834518065203268661284590998142718197", "299064499527370160859152552006985321520", "180805790256931266346711168313089126423", "170095354208668041088633580278233745834", "33521963547965584930512648087844251698", "114610901870909908359583640191322919081", "212452195949018653488913703488818546503", "153444376759287560523706886364648112712", "29528458756198696541044575576555735593", "48063698236143321999460836226503716002", "172446838531745295337624745295579102534", "183608570636346057331731099513885835857" ] }, "id": "ASB-A-237288416-adc2b4d4", "source": "https://android.googlesource.com/platform/hardware/interfaces/+/f16c6d3a5741768356159f099d04bfe2219c81fe", "deprecated": false, "signature_version": "v1", "target": { "file": "audio/common/all-versions/default/tests/hidlutils_tests.cpp" }, "signature_type": "Line" }, { "digest": { "length": 1770.0, "function_hash": "30693180149815436432511666337241282332" }, "id": "ASB-A-237288416-afdf4864", "source": "https://android.googlesource.com/platform/hardware/interfaces/+/f16c6d3a5741768356159f099d04bfe2219c81fe", "deprecated": false, "signature_version": "v1", "target": { "file": "audio/common/all-versions/default/7.0/HidlUtils.cpp", "function": "HidlUtils::audioTransportsToHal" }, "signature_type": "Function" }, { "digest": { "length": 978.0, "function_hash": "168160430229648601525038002173658487200" }, "id": "ASB-A-237288416-f7a4863c", "source": "https://android.googlesource.com/platform/hardware/interfaces/+/f16c6d3a5741768356159f099d04bfe2219c81fe", "deprecated": false, "signature_version": "v1", "target": { "file": "audio/common/all-versions/default/tests/hidlutils_tests.cpp", "function": "TEST" }, "signature_type": "Function" } ], "fixes": [ "https://android.googlesource.com/platform/hardware/interfaces/+/f16c6d3a5741768356159f099d04bfe2219c81fe" ], "spl": "2022-10-01", "severity": "High", "types": [ "EoP" ] }
{ "vanir_signatures": [ { "digest": { "length": 1770.0, "function_hash": "30693180149815436432511666337241282332" }, "id": "ASB-A-237288416-4f25a94a", "source": "https://android.googlesource.com/platform/hardware/interfaces/+/f16c6d3a5741768356159f099d04bfe2219c81fe", "deprecated": false, "signature_version": "v1", "target": { "file": "audio/common/all-versions/default/7.0/HidlUtils.cpp", "function": "HidlUtils::audioTransportsToHal" }, "signature_type": "Function" }, { "digest": { "length": 978.0, "function_hash": "168160430229648601525038002173658487200" }, "id": "ASB-A-237288416-a573497b", "source": "https://android.googlesource.com/platform/hardware/interfaces/+/f16c6d3a5741768356159f099d04bfe2219c81fe", "deprecated": false, "signature_version": "v1", "target": { "file": "audio/common/all-versions/default/tests/hidlutils_tests.cpp", "function": "TEST" }, "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "172186339874870091662576372895279208413", "227349891284322899533340354059474595611", "186519563238785187792249710978779741919", "110617716582878860557393456367871608803", "43366630099968855310673323885673129606", "131451768960244202058325825301537495331", "78935328830424581718176604854654660458", "306341795472413105250127479060524261756", "16834518065203268661284590998142718197", "299064499527370160859152552006985321520", "180805790256931266346711168313089126423", "170095354208668041088633580278233745834", "33521963547965584930512648087844251698", "114610901870909908359583640191322919081", "212452195949018653488913703488818546503", "153444376759287560523706886364648112712", "29528458756198696541044575576555735593", "48063698236143321999460836226503716002", "172446838531745295337624745295579102534", "183608570636346057331731099513885835857" ] }, "id": "ASB-A-237288416-e993c7ca", "source": "https://android.googlesource.com/platform/hardware/interfaces/+/f16c6d3a5741768356159f099d04bfe2219c81fe", "deprecated": false, "signature_version": "v1", "target": { "file": "audio/common/all-versions/default/tests/hidlutils_tests.cpp" }, "signature_type": "Line" }, { "digest": { "threshold": 0.9, "line_hashes": [ "269344792656577092001110833540011432940", "24566917316876822633373775224199387841", "326563767327415897676849247084034620501", "296721903556534197228020912422928613838", "98664012303234856457986909474349887885", "242909748081190874474530485925527046198", "337480627864806466889618801044925771695", "32976967712788725498324097883947031232" ] }, "id": "ASB-A-237288416-eb8aed6d", "source": "https://android.googlesource.com/platform/hardware/interfaces/+/f16c6d3a5741768356159f099d04bfe2219c81fe", "deprecated": false, "signature_version": "v1", "target": { "file": "audio/common/all-versions/default/7.0/HidlUtils.cpp" }, "signature_type": "Line" }, { "digest": { "length": 1096.0, "function_hash": "127934060083940188991457240859462848395" }, "id": "ASB-A-237288416-f3da1b2f", "source": "https://android.googlesource.com/platform/hardware/interfaces/+/f16c6d3a5741768356159f099d04bfe2219c81fe", "deprecated": false, "signature_version": "v1", "target": { "file": "audio/common/all-versions/default/tests/hidlutils_tests.cpp", "function": "TEST" }, "signature_type": "Function" } ], "fixes": [ "https://android.googlesource.com/platform/hardware/interfaces/+/f16c6d3a5741768356159f099d04bfe2219c81fe" ], "spl": "2022-10-01", "severity": "High", "types": [ "EoP" ] }