In unflattenString8 of Sensor.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
{ "vanir_signatures": [ { "match_only_versions": [ "13-next" ], "digest": { "threshold": 0.9, "line_hashes": [ "1112840971049682565061521445529720008", "231348743059675990922887144718004350117", "252088000176082546319859830708201133712", "39634657312658479941955224481743470466" ] }, "id": "ASB-A-269014004-1728610d", "source": "https://android.googlesource.com/platform/frameworks/native/+/91e97b8878d3e522347506d54dddb2862e1a36cb", "deprecated": false, "signature_version": "v1", "target": { "file": "libs/sensor/SensorManager.cpp" }, "signature_type": "Line" }, { "match_only_versions": [ "13-next" ], "digest": { "length": 1193.0, "function_hash": "43383265881383799610164340206247288968" }, "id": "ASB-A-269014004-3ba16ac0", "source": "https://android.googlesource.com/platform/frameworks/native/+/91e97b8878d3e522347506d54dddb2862e1a36cb", "deprecated": false, "signature_version": "v1", "target": { "file": "libs/sensor/SensorManager.cpp", "function": "SensorManager::assertStateLocked" }, "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "259171658368935972263538752543213621131", "191741632474780026524213398622799578542", "199297101568655670128169412171285765527", "123157325142110334273391793157082117714", "259171658368935972263538752543213621131", "191741632474780026524213398622799578542", "199297101568655670128169412171285765527", "123157325142110334273391793157082117714" ] }, "id": "ASB-A-269014004-b9a92f2f", "source": "https://android.googlesource.com/platform/frameworks/native/+/91e97b8878d3e522347506d54dddb2862e1a36cb", "deprecated": false, "signature_version": "v1", "target": { "file": "libs/sensor/ISensorServer.cpp" }, "signature_type": "Line" }, { "digest": { "threshold": 0.9, "line_hashes": [ "143542012773789648647838512853581398067", "64557804220062382807347423186136165985", "178334573421006002237875482363519002257", "387088259004319280538253848233388284", "30269225280778088161321854901586957745" ] }, "id": "ASB-A-269014004-c12ebb95", "source": "https://android.googlesource.com/platform/frameworks/native/+/779d77347689b04c2fef7056b15b4d8e10e9f3d4", "deprecated": false, "signature_version": "v1", "target": { "file": "libs/sensor/Sensor.cpp" }, "signature_type": "Line" }, { "digest": { "length": 414.0, "function_hash": "296070773451191077212897786472124922950" }, "id": "ASB-A-269014004-dd35d61b", "source": "https://android.googlesource.com/platform/frameworks/native/+/779d77347689b04c2fef7056b15b4d8e10e9f3d4", "deprecated": false, "signature_version": "v1", "target": { "file": "libs/sensor/Sensor.cpp", "function": "Sensor::unflattenString8" }, "signature_type": "Function" } ], "fixes": [ "https://android.googlesource.com/platform/frameworks/native/+/91e97b8878d3e522347506d54dddb2862e1a36cb", "https://android.googlesource.com/platform/frameworks/native/+/779d77347689b04c2fef7056b15b4d8e10e9f3d4" ], "spl": "2023-05-01", "severity": "High", "types": [ "ID" ] }
{ "vanir_signatures": [ { "digest": { "threshold": 0.9, "line_hashes": [ "143542012773789648647838512853581398067", "64557804220062382807347423186136165985", "178334573421006002237875482363519002257", "387088259004319280538253848233388284", "30269225280778088161321854901586957745" ] }, "id": "ASB-A-269014004-028b6189", "source": "https://android.googlesource.com/platform/frameworks/native/+/f1aa5fb53437ec2fabc9be00099af836da5f07f2", "deprecated": false, "signature_version": "v1", "target": { "file": "libs/sensor/Sensor.cpp" }, "signature_type": "Line" }, { "match_only_versions": [ "11" ], "digest": { "threshold": 0.9, "line_hashes": [ "1112840971049682565061521445529720008", "231348743059675990922887144718004350117", "252088000176082546319859830708201133712", "39634657312658479941955224481743470466" ] }, "id": "ASB-A-269014004-31ab3376", "source": "https://android.googlesource.com/platform/frameworks/native/+/ceb0d52273256c6a5c5622bf81b0ac4ba106faa1", "deprecated": false, "signature_version": "v1", "target": { "file": "libs/sensor/SensorManager.cpp" }, "signature_type": "Line" }, { "match_only_versions": [ "11" ], "digest": { "threshold": 0.9, "line_hashes": [ "188496192786164611685497780754512622392", "225315614945281592623327287737459904742", "42697291139884391013920625858238188492", "159277938146538821643659383218467500589" ] }, "id": "ASB-A-269014004-ade54c03", "source": "https://android.googlesource.com/platform/frameworks/native/+/4521fbf8095439a1c1681b5c709b306a5dc1d1e3", "deprecated": false, "signature_version": "v1", "target": { "file": "libs/sensor/include/sensor/SensorManager.h" }, "signature_type": "Line" }, { "match_only_versions": [ "11" ], "digest": { "length": 1193.0, "function_hash": "43383265881383799610164340206247288968" }, "id": "ASB-A-269014004-b11b9ad1", "source": "https://android.googlesource.com/platform/frameworks/native/+/ceb0d52273256c6a5c5622bf81b0ac4ba106faa1", "deprecated": false, "signature_version": "v1", "target": { "file": "libs/sensor/SensorManager.cpp", "function": "SensorManager::assertStateLocked" }, "signature_type": "Function" }, { "match_only_versions": [ "11" ], "digest": { "length": 238.0, "function_hash": "205085120817002850625919613596111765997" }, "id": "ASB-A-269014004-da30c43f", "source": "https://android.googlesource.com/platform/frameworks/native/+/4521fbf8095439a1c1681b5c709b306a5dc1d1e3", "deprecated": false, "signature_version": "v1", "target": { "file": "services/sensorservice/hidl/SensorManager.cpp", "function": "SensorManager::~SensorManager" }, "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "259171658368935972263538752543213621131", "191741632474780026524213398622799578542", "199297101568655670128169412171285765527", "123157325142110334273391793157082117714", "259171658368935972263538752543213621131", "191741632474780026524213398622799578542", "199297101568655670128169412171285765527", "123157325142110334273391793157082117714" ] }, "id": "ASB-A-269014004-e0a92906", "source": "https://android.googlesource.com/platform/frameworks/native/+/ceb0d52273256c6a5c5622bf81b0ac4ba106faa1", "deprecated": false, "signature_version": "v1", "target": { "file": "libs/sensor/ISensorServer.cpp" }, "signature_type": "Line" }, { "match_only_versions": [ "11" ], "digest": { "threshold": 0.9, "line_hashes": [ "238011330981474087863532862607499816797", "100595989091668589761032938002794716894", "72036533899288056431128836238062992656", "57759921540391312663965347675598342160" ] }, "id": "ASB-A-269014004-e2465f5a", "source": "https://android.googlesource.com/platform/frameworks/native/+/4521fbf8095439a1c1681b5c709b306a5dc1d1e3", "deprecated": false, "signature_version": "v1", "target": { "file": "services/sensorservice/hidl/SensorManager.cpp" }, "signature_type": "Line" }, { "digest": { "length": 414.0, "function_hash": "296070773451191077212897786472124922950" }, "id": "ASB-A-269014004-e9ad8299", "source": "https://android.googlesource.com/platform/frameworks/native/+/f1aa5fb53437ec2fabc9be00099af836da5f07f2", "deprecated": false, "signature_version": "v1", "target": { "file": "libs/sensor/Sensor.cpp", "function": "Sensor::unflattenString8" }, "signature_type": "Function" } ], "fixes": [ "https://android.googlesource.com/platform/frameworks/native/+/4521fbf8095439a1c1681b5c709b306a5dc1d1e3", "https://android.googlesource.com/platform/frameworks/native/+/ceb0d52273256c6a5c5622bf81b0ac4ba106faa1", "https://android.googlesource.com/platform/frameworks/native/+/f1aa5fb53437ec2fabc9be00099af836da5f07f2" ], "spl": "2023-05-01", "severity": "High", "types": [ "ID" ] }
{ "vanir_signatures": [ { "match_only_versions": [ "12" ], "digest": { "threshold": 0.9, "line_hashes": [ "1112840971049682565061521445529720008", "231348743059675990922887144718004350117", "252088000176082546319859830708201133712", "39634657312658479941955224481743470466" ] }, "id": "ASB-A-269014004-0b24d1b3", "source": "https://android.googlesource.com/platform/frameworks/native/+/e54698d02ce9a0058478c838545aa6ba52ca96c1", "deprecated": false, "signature_version": "v1", "target": { "file": "libs/sensor/SensorManager.cpp" }, "signature_type": "Line" }, { "match_only_versions": [ "12" ], "digest": { "threshold": 0.9, "line_hashes": [ "43069642745450074368557730860784901930", "138388134470498512613046883559820806766", "156644935090737655980305469743505517212" ] }, "id": "ASB-A-269014004-0d83f9cc", "source": "https://android.googlesource.com/platform/frameworks/native/+/972675ed8101c0f0ed98688c9ffb071d9c0bb872", "deprecated": false, "signature_version": "v1", "target": { "file": "libs/sensor/SensorManager.cpp" }, "signature_type": "Line" }, { "match_only_versions": [ "12" ], "digest": { "threshold": 0.9, "line_hashes": [ "188496192786164611685497780754512622392", "225315614945281592623327287737459904742", "42697291139884391013920625858238188492", "159277938146538821643659383218467500589" ] }, "id": "ASB-A-269014004-1b000a63", "source": "https://android.googlesource.com/platform/frameworks/native/+/972675ed8101c0f0ed98688c9ffb071d9c0bb872", "deprecated": false, "signature_version": "v1", "target": { "file": "libs/sensor/include/sensor/SensorManager.h" }, "signature_type": "Line" }, { "match_only_versions": [ "12" ], "digest": { "threshold": 0.9, "line_hashes": [ "238011330981474087863532862607499816797", "100595989091668589761032938002794716894", "72036533899288056431128836238062992656", "57759921540391312663965347675598342160" ] }, "id": "ASB-A-269014004-31e40aa6", "source": "https://android.googlesource.com/platform/frameworks/native/+/972675ed8101c0f0ed98688c9ffb071d9c0bb872", "deprecated": false, "signature_version": "v1", "target": { "file": "services/sensorservice/hidl/SensorManager.cpp" }, "signature_type": "Line" }, { "match_only_versions": [ "12" ], "digest": { "length": 1193.0, "function_hash": "43383265881383799610164340206247288968" }, "id": "ASB-A-269014004-53e323a6", "source": "https://android.googlesource.com/platform/frameworks/native/+/e54698d02ce9a0058478c838545aa6ba52ca96c1", "deprecated": false, "signature_version": "v1", "target": { "file": "libs/sensor/SensorManager.cpp", "function": "SensorManager::assertStateLocked" }, "signature_type": "Function" }, { "digest": { "length": 414.0, "function_hash": "296070773451191077212897786472124922950" }, "id": "ASB-A-269014004-6af52665", "source": "https://android.googlesource.com/platform/frameworks/native/+/9170e60bf6306e65f936e9ec723ccfb054c181dd", "deprecated": false, "signature_version": "v1", "target": { "file": "libs/sensor/Sensor.cpp", "function": "Sensor::unflattenString8" }, "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "143542012773789648647838512853581398067", "64557804220062382807347423186136165985", "178334573421006002237875482363519002257", "387088259004319280538253848233388284", "30269225280778088161321854901586957745" ] }, "id": "ASB-A-269014004-90cc5412", "source": "https://android.googlesource.com/platform/frameworks/native/+/9170e60bf6306e65f936e9ec723ccfb054c181dd", "deprecated": false, "signature_version": "v1", "target": { "file": "libs/sensor/Sensor.cpp" }, "signature_type": "Line" }, { "digest": { "threshold": 0.9, "line_hashes": [ "259171658368935972263538752543213621131", "191741632474780026524213398622799578542", "199297101568655670128169412171285765527", "123157325142110334273391793157082117714", "259171658368935972263538752543213621131", "191741632474780026524213398622799578542", "199297101568655670128169412171285765527", "123157325142110334273391793157082117714" ] }, "id": "ASB-A-269014004-a8cb31a4", "source": "https://android.googlesource.com/platform/frameworks/native/+/e54698d02ce9a0058478c838545aa6ba52ca96c1", "deprecated": false, "signature_version": "v1", "target": { "file": "libs/sensor/ISensorServer.cpp" }, "signature_type": "Line" }, { "match_only_versions": [ "12" ], "digest": { "length": 238.0, "function_hash": "205085120817002850625919613596111765997" }, "id": "ASB-A-269014004-f4ee7a73", "source": "https://android.googlesource.com/platform/frameworks/native/+/972675ed8101c0f0ed98688c9ffb071d9c0bb872", "deprecated": false, "signature_version": "v1", "target": { "file": "services/sensorservice/hidl/SensorManager.cpp", "function": "SensorManager::~SensorManager" }, "signature_type": "Function" } ], "fixes": [ "https://android.googlesource.com/platform/frameworks/native/+/9170e60bf6306e65f936e9ec723ccfb054c181dd", "https://android.googlesource.com/platform/frameworks/native/+/e54698d02ce9a0058478c838545aa6ba52ca96c1", "https://android.googlesource.com/platform/frameworks/native/+/972675ed8101c0f0ed98688c9ffb071d9c0bb872" ], "spl": "2023-05-01", "severity": "High", "types": [ "ID" ] }
{ "vanir_signatures": [ { "match_only_versions": [ "12L" ], "digest": { "threshold": 0.9, "line_hashes": [ "188496192786164611685497780754512622392", "225315614945281592623327287737459904742", "42697291139884391013920625858238188492", "159277938146538821643659383218467500589" ] }, "id": "ASB-A-269014004-01ce3ef4", "source": "https://android.googlesource.com/platform/frameworks/native/+/16af3e02e5864c3d97548f0acd05baf5e3341950", "deprecated": false, "signature_version": "v1", "target": { "file": "libs/sensor/include/sensor/SensorManager.h" }, "signature_type": "Line" }, { "digest": { "threshold": 0.9, "line_hashes": [ "259171658368935972263538752543213621131", "191741632474780026524213398622799578542", "199297101568655670128169412171285765527", "123157325142110334273391793157082117714", "259171658368935972263538752543213621131", "191741632474780026524213398622799578542", "199297101568655670128169412171285765527", "123157325142110334273391793157082117714" ] }, "id": "ASB-A-269014004-4853bd5b", "source": "https://android.googlesource.com/platform/frameworks/native/+/cf83b16a403bfa8adf5a1490bbd14c8459e19140", "deprecated": false, "signature_version": "v1", "target": { "file": "libs/sensor/ISensorServer.cpp" }, "signature_type": "Line" }, { "match_only_versions": [ "12L" ], "digest": { "length": 1193.0, "function_hash": "43383265881383799610164340206247288968" }, "id": "ASB-A-269014004-7e2d1e21", "source": "https://android.googlesource.com/platform/frameworks/native/+/cf83b16a403bfa8adf5a1490bbd14c8459e19140", "deprecated": false, "signature_version": "v1", "target": { "file": "libs/sensor/SensorManager.cpp", "function": "SensorManager::assertStateLocked" }, "signature_type": "Function" }, { "digest": { "length": 414.0, "function_hash": "296070773451191077212897786472124922950" }, "id": "ASB-A-269014004-8d50c352", "source": "https://android.googlesource.com/platform/frameworks/native/+/54aacdf96a7f57b97f8b6f1a69a8b39ae5ed4b18", "deprecated": false, "signature_version": "v1", "target": { "file": "libs/sensor/Sensor.cpp", "function": "Sensor::unflattenString8" }, "signature_type": "Function" }, { "match_only_versions": [ "12L" ], "digest": { "length": 238.0, "function_hash": "205085120817002850625919613596111765997" }, "id": "ASB-A-269014004-ae00862c", "source": "https://android.googlesource.com/platform/frameworks/native/+/16af3e02e5864c3d97548f0acd05baf5e3341950", "deprecated": false, "signature_version": "v1", "target": { "file": "services/sensorservice/hidl/SensorManager.cpp", "function": "SensorManager::~SensorManager" }, "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "143542012773789648647838512853581398067", "64557804220062382807347423186136165985", "178334573421006002237875482363519002257", "387088259004319280538253848233388284", "30269225280778088161321854901586957745" ] }, "id": "ASB-A-269014004-c0553a55", "source": "https://android.googlesource.com/platform/frameworks/native/+/54aacdf96a7f57b97f8b6f1a69a8b39ae5ed4b18", "deprecated": false, "signature_version": "v1", "target": { "file": "libs/sensor/Sensor.cpp" }, "signature_type": "Line" }, { "match_only_versions": [ "12L" ], "digest": { "threshold": 0.9, "line_hashes": [ "1112840971049682565061521445529720008", "231348743059675990922887144718004350117", "252088000176082546319859830708201133712", "39634657312658479941955224481743470466" ] }, "id": "ASB-A-269014004-c3073232", "source": "https://android.googlesource.com/platform/frameworks/native/+/cf83b16a403bfa8adf5a1490bbd14c8459e19140", "deprecated": false, "signature_version": "v1", "target": { "file": "libs/sensor/SensorManager.cpp" }, "signature_type": "Line" }, { "match_only_versions": [ "12L" ], "digest": { "threshold": 0.9, "line_hashes": [ "238011330981474087863532862607499816797", "100595989091668589761032938002794716894", "72036533899288056431128836238062992656", "57759921540391312663965347675598342160" ] }, "id": "ASB-A-269014004-e6dfd302", "source": "https://android.googlesource.com/platform/frameworks/native/+/16af3e02e5864c3d97548f0acd05baf5e3341950", "deprecated": false, "signature_version": "v1", "target": { "file": "services/sensorservice/hidl/SensorManager.cpp" }, "signature_type": "Line" }, { "match_only_versions": [ "12L" ], "digest": { "threshold": 0.9, "line_hashes": [ "43069642745450074368557730860784901930", "138388134470498512613046883559820806766", "156644935090737655980305469743505517212" ] }, "id": "ASB-A-269014004-ef0a07d1", "source": "https://android.googlesource.com/platform/frameworks/native/+/16af3e02e5864c3d97548f0acd05baf5e3341950", "deprecated": false, "signature_version": "v1", "target": { "file": "libs/sensor/SensorManager.cpp" }, "signature_type": "Line" } ], "fixes": [ "https://android.googlesource.com/platform/frameworks/native/+/54aacdf96a7f57b97f8b6f1a69a8b39ae5ed4b18", "https://android.googlesource.com/platform/frameworks/native/+/cf83b16a403bfa8adf5a1490bbd14c8459e19140", "https://android.googlesource.com/platform/frameworks/native/+/16af3e02e5864c3d97548f0acd05baf5e3341950" ], "spl": "2023-05-01", "severity": "High", "types": [ "ID" ] }
{ "vanir_signatures": [ { "match_only_versions": [ "13" ], "digest": { "length": 1193.0, "function_hash": "43383265881383799610164340206247288968" }, "id": "ASB-A-269014004-270f3ab2", "source": "https://android.googlesource.com/platform/frameworks/native/+/2f8fa1367c62365cdd0a2de78a1c25cdcc599430", "deprecated": false, "signature_version": "v1", "target": { "file": "libs/sensor/SensorManager.cpp", "function": "SensorManager::assertStateLocked" }, "signature_type": "Function" }, { "match_only_versions": [ "13" ], "digest": { "threshold": 0.9, "line_hashes": [ "238011330981474087863532862607499816797", "100595989091668589761032938002794716894", "72036533899288056431128836238062992656", "57759921540391312663965347675598342160" ] }, "id": "ASB-A-269014004-64db15f2", "source": "https://android.googlesource.com/platform/frameworks/native/+/39e2df73052b5079d6b16a1535b332d6bda5bd89", "deprecated": false, "signature_version": "v1", "target": { "file": "services/sensorservice/hidl/SensorManager.cpp" }, "signature_type": "Line" }, { "match_only_versions": [ "13" ], "digest": { "threshold": 0.9, "line_hashes": [ "43069642745450074368557730860784901930", "138388134470498512613046883559820806766", "156644935090737655980305469743505517212" ] }, "id": "ASB-A-269014004-707c11b0", "source": "https://android.googlesource.com/platform/frameworks/native/+/39e2df73052b5079d6b16a1535b332d6bda5bd89", "deprecated": false, "signature_version": "v1", "target": { "file": "libs/sensor/SensorManager.cpp" }, "signature_type": "Line" }, { "digest": { "threshold": 0.9, "line_hashes": [ "259171658368935972263538752543213621131", "191741632474780026524213398622799578542", "199297101568655670128169412171285765527", "123157325142110334273391793157082117714", "259171658368935972263538752543213621131", "191741632474780026524213398622799578542", "199297101568655670128169412171285765527", "123157325142110334273391793157082117714" ] }, "id": "ASB-A-269014004-74e5ef30", "source": "https://android.googlesource.com/platform/frameworks/native/+/2f8fa1367c62365cdd0a2de78a1c25cdcc599430", "deprecated": false, "signature_version": "v1", "target": { "file": "libs/sensor/ISensorServer.cpp" }, "signature_type": "Line" }, { "match_only_versions": [ "13" ], "digest": { "threshold": 0.9, "line_hashes": [ "188496192786164611685497780754512622392", "225315614945281592623327287737459904742", "42697291139884391013920625858238188492", "159277938146538821643659383218467500589" ] }, "id": "ASB-A-269014004-7be81705", "source": "https://android.googlesource.com/platform/frameworks/native/+/39e2df73052b5079d6b16a1535b332d6bda5bd89", "deprecated": false, "signature_version": "v1", "target": { "file": "libs/sensor/include/sensor/SensorManager.h" }, "signature_type": "Line" }, { "digest": { "length": 414.0, "function_hash": "296070773451191077212897786472124922950" }, "id": "ASB-A-269014004-937db087", "source": "https://android.googlesource.com/platform/frameworks/native/+/962b5a4d37bb13568ae4d93d10db9a3eb5166a38", "deprecated": false, "signature_version": "v1", "target": { "file": "libs/sensor/Sensor.cpp", "function": "Sensor::unflattenString8" }, "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "143542012773789648647838512853581398067", "64557804220062382807347423186136165985", "178334573421006002237875482363519002257", "387088259004319280538253848233388284", "30269225280778088161321854901586957745" ] }, "id": "ASB-A-269014004-b6b6514e", "source": "https://android.googlesource.com/platform/frameworks/native/+/962b5a4d37bb13568ae4d93d10db9a3eb5166a38", "deprecated": false, "signature_version": "v1", "target": { "file": "libs/sensor/Sensor.cpp" }, "signature_type": "Line" }, { "match_only_versions": [ "13" ], "digest": { "threshold": 0.9, "line_hashes": [ "1112840971049682565061521445529720008", "231348743059675990922887144718004350117", "252088000176082546319859830708201133712", "39634657312658479941955224481743470466" ] }, "id": "ASB-A-269014004-cd8cc541", "source": "https://android.googlesource.com/platform/frameworks/native/+/2f8fa1367c62365cdd0a2de78a1c25cdcc599430", "deprecated": false, "signature_version": "v1", "target": { "file": "libs/sensor/SensorManager.cpp" }, "signature_type": "Line" }, { "match_only_versions": [ "13" ], "digest": { "length": 238.0, "function_hash": "205085120817002850625919613596111765997" }, "id": "ASB-A-269014004-e566bc1e", "source": "https://android.googlesource.com/platform/frameworks/native/+/39e2df73052b5079d6b16a1535b332d6bda5bd89", "deprecated": false, "signature_version": "v1", "target": { "file": "services/sensorservice/hidl/SensorManager.cpp", "function": "SensorManager::~SensorManager" }, "signature_type": "Function" } ], "fixes": [ "https://android.googlesource.com/platform/frameworks/native/+/962b5a4d37bb13568ae4d93d10db9a3eb5166a38", "https://android.googlesource.com/platform/frameworks/native/+/2f8fa1367c62365cdd0a2de78a1c25cdcc599430", "https://android.googlesource.com/platform/frameworks/native/+/39e2df73052b5079d6b16a1535b332d6bda5bd89" ], "spl": "2023-05-01", "severity": "High", "types": [ "ID" ] }