In readLogs of StatsService.cpp, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
{ "vanir_signatures": [ { "digest": { "length": 222.0, "function_hash": "190139916014078794201190441593495255888" }, "id": "ASB-A-285645039-2321da57", "source": "https://android.googlesource.com/platform/packages/modules/StatsD/+/3937ea3cdcf531a14cdba4ef176d8aa89d9d6066", "deprecated": false, "signature_version": "v1", "target": { "file": "statsd/src/StatsService.cpp", "function": "StatsService::readLogs" }, "signature_type": "Function" }, { "digest": { "length": 2525.0, "function_hash": "170025933828175594194721604275166181251" }, "id": "ASB-A-285645039-9bfacc48", "source": "https://android.googlesource.com/platform/packages/modules/StatsD/+/3937ea3cdcf531a14cdba4ef176d8aa89d9d6066", "deprecated": false, "signature_version": "v1", "target": { "file": "statsd/src/StatsService.cpp", "function": "mInitEventDelaySecs" }, "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "24938293731554636473098398205316056354", "18944739092555810520413270013999179633", "62673561178611369184800734059699398735", "107651199482235546255415669659835414516", "15664087137759784019850001285856476293", "52788991262695293056646716387794235053" ] }, "id": "ASB-A-285645039-bfd554da", "source": "https://android.googlesource.com/platform/packages/modules/StatsD/+/3937ea3cdcf531a14cdba4ef176d8aa89d9d6066", "deprecated": false, "signature_version": "v1", "target": { "file": "statsd/src/StatsService.h" }, "signature_type": "Line" }, { "digest": { "threshold": 0.9, "line_hashes": [ "284175425589097230727147656800977346044", "334369693926564463613608742465654614201", "288223269456115365291245602458738083098", "148667828061323797183185443430761605895", "283245882279883015538077767184721125668", "91011422154839185681590367440624013254", "228991447056343218450583282699753578122", "200991055704848072321835649022205081417", "314445733331473514438239458627334934923", "290215494774479982526444497481484572928", "150837300128228537133125342259255129700", "158274056577435042297687633569209542541", "299056411393582019832200088668149889192", "108587633537507210242609878158511307392", "108587633537507210242609878158511307392" ] }, "id": "ASB-A-285645039-d3caf925", "source": "https://android.googlesource.com/platform/packages/modules/StatsD/+/3937ea3cdcf531a14cdba4ef176d8aa89d9d6066", "deprecated": false, "signature_version": "v1", "target": { "file": "statsd/src/StatsService.cpp" }, "signature_type": "Line" }, { "digest": { "length": 37.0, "function_hash": "290532900627309439606711308425738821162" }, "id": "ASB-A-285645039-efd083d9", "source": "https://android.googlesource.com/platform/packages/modules/StatsD/+/3937ea3cdcf531a14cdba4ef176d8aa89d9d6066", "deprecated": false, "signature_version": "v1", "target": { "file": "statsd/src/StatsService.cpp", "function": "StatsService::~StatsService" }, "signature_type": "Function" } ], "fixes": [ "https://android.googlesource.com/platform/packages/modules/StatsD/+/3937ea3cdcf531a14cdba4ef176d8aa89d9d6066" ], "spl": "2023-11-01", "severity": "High", "types": [ "EoP" ] }
{ "vanir_signatures": [ { "digest": { "length": 222.0, "function_hash": "190139916014078794201190441593495255888" }, "id": "ASB-A-285645039-5abb01b1", "source": "https://android.googlesource.com/platform/frameworks/base/+/03de4e4f1a0546fdd3b002651851bee9ffe0e11b", "deprecated": false, "signature_version": "v1", "target": { "file": "cmds/statsd/src/StatsService.cpp", "function": "StatsService::readLogs" }, "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "9560257399028977192882822136888446391", "6814727255881169936930416864601371522", "95344555408575203031917538580592384557", "131440157779380392246526055656246270484", "208613213791790390267597640934962107644", "94612942637015893079560201185174185719", "149102618012575246417676794546503739423" ] }, "id": "ASB-A-285645039-73a84601", "source": "https://android.googlesource.com/platform/frameworks/base/+/03de4e4f1a0546fdd3b002651851bee9ffe0e11b", "deprecated": false, "signature_version": "v1", "target": { "file": "cmds/statsd/src/StatsService.h" }, "signature_type": "Line" }, { "digest": { "threshold": 0.9, "line_hashes": [ "162094486690609551357265491806306373800", "21343630666638973742897342745690999120", "288223269456115365291245602458738083098", "148667828061323797183185443430761605895", "283245882279883015538077767184721125668", "91011422154839185681590367440624013254", "228991447056343218450583282699753578122", "200991055704848072321835649022205081417", "314445733331473514438239458627334934923", "290215494774479982526444497481484572928", "150837300128228537133125342259255129700", "158274056577435042297687633569209542541", "335343134791047350178012205680999322642", "191751358642596428187797542992949197800", "108587633537507210242609878158511307392" ] }, "id": "ASB-A-285645039-797889bb", "source": "https://android.googlesource.com/platform/frameworks/base/+/03de4e4f1a0546fdd3b002651851bee9ffe0e11b", "deprecated": false, "signature_version": "v1", "target": { "file": "cmds/statsd/src/StatsService.cpp" }, "signature_type": "Line" }, { "digest": { "length": 37.0, "function_hash": "290532900627309439606711308425738821162" }, "id": "ASB-A-285645039-8fa418a0", "source": "https://android.googlesource.com/platform/frameworks/base/+/03de4e4f1a0546fdd3b002651851bee9ffe0e11b", "deprecated": false, "signature_version": "v1", "target": { "file": "cmds/statsd/src/StatsService.cpp", "function": "StatsService::~StatsService" }, "signature_type": "Function" }, { "digest": { "length": 1584.0, "function_hash": "74176117800312312752666027285333827045" }, "id": "ASB-A-285645039-ad3d2575", "source": "https://android.googlesource.com/platform/frameworks/base/+/03de4e4f1a0546fdd3b002651851bee9ffe0e11b", "deprecated": false, "signature_version": "v1", "target": { "file": "cmds/statsd/src/StatsService.cpp", "function": "mStatsCompanionServiceDeathRecipient" }, "signature_type": "Function" } ], "fixes": [ "https://android.googlesource.com/platform/frameworks/base/+/03de4e4f1a0546fdd3b002651851bee9ffe0e11b" ], "spl": "2023-11-01", "severity": "High", "types": [ "EoP" ] }
{ "vanir_signatures": [ { "digest": { "threshold": 0.9, "line_hashes": [ "9560257399028977192882822136888446391", "6814727255881169936930416864601371522", "95344555408575203031917538580592384557", "208613213791790390267597640934962107644", "94612942637015893079560201185174185719", "149102618012575246417676794546503739423" ] }, "id": "ASB-A-285645039-09dc6373", "source": "https://android.googlesource.com/platform/packages/modules/StatsD/+/e67695fae80d3164f5cd5237ebf1b7a0dbfed6f4", "deprecated": false, "signature_version": "v1", "target": { "file": "statsd/src/StatsService.h" }, "signature_type": "Line" }, { "digest": { "threshold": 0.9, "line_hashes": [ "162094486690609551357265491806306373800", "21343630666638973742897342745690999120", "288223269456115365291245602458738083098", "148667828061323797183185443430761605895", "283245882279883015538077767184721125668", "91011422154839185681590367440624013254", "228991447056343218450583282699753578122", "200991055704848072321835649022205081417", "314445733331473514438239458627334934923", "290215494774479982526444497481484572928", "150837300128228537133125342259255129700", "158274056577435042297687633569209542541", "335343134791047350178012205680999322642", "191751358642596428187797542992949197800", "108587633537507210242609878158511307392" ] }, "id": "ASB-A-285645039-38a49bba", "source": "https://android.googlesource.com/platform/packages/modules/StatsD/+/e67695fae80d3164f5cd5237ebf1b7a0dbfed6f4", "deprecated": false, "signature_version": "v1", "target": { "file": "statsd/src/StatsService.cpp" }, "signature_type": "Line" }, { "digest": { "length": 222.0, "function_hash": "190139916014078794201190441593495255888" }, "id": "ASB-A-285645039-a22d4b2a", "source": "https://android.googlesource.com/platform/packages/modules/StatsD/+/e67695fae80d3164f5cd5237ebf1b7a0dbfed6f4", "deprecated": false, "signature_version": "v1", "target": { "file": "statsd/src/StatsService.cpp", "function": "StatsService::readLogs" }, "signature_type": "Function" }, { "digest": { "length": 1584.0, "function_hash": "74176117800312312752666027285333827045" }, "id": "ASB-A-285645039-c654231e", "source": "https://android.googlesource.com/platform/packages/modules/StatsD/+/e67695fae80d3164f5cd5237ebf1b7a0dbfed6f4", "deprecated": false, "signature_version": "v1", "target": { "file": "statsd/src/StatsService.cpp", "function": "mStatsCompanionServiceDeathRecipient" }, "signature_type": "Function" }, { "digest": { "length": 37.0, "function_hash": "290532900627309439606711308425738821162" }, "id": "ASB-A-285645039-e6cbc6f9", "source": "https://android.googlesource.com/platform/packages/modules/StatsD/+/e67695fae80d3164f5cd5237ebf1b7a0dbfed6f4", "deprecated": false, "signature_version": "v1", "target": { "file": "statsd/src/StatsService.cpp", "function": "StatsService::~StatsService" }, "signature_type": "Function" } ], "fixes": [ "https://android.googlesource.com/platform/packages/modules/StatsD/+/e67695fae80d3164f5cd5237ebf1b7a0dbfed6f4" ], "spl": "2023-11-01", "severity": "High", "types": [ "EoP" ] }
{ "vanir_signatures": [ { "digest": { "length": 1584.0, "function_hash": "74176117800312312752666027285333827045" }, "id": "ASB-A-285645039-3ae10a1a", "source": "https://android.googlesource.com/platform/packages/modules/StatsD/+/d3bee21e053401c30a1a5cee5a7ddd2d9fa0463e", "deprecated": false, "signature_version": "v1", "target": { "file": "statsd/src/StatsService.cpp", "function": "mStatsCompanionServiceDeathRecipient" }, "signature_type": "Function" }, { "digest": { "length": 37.0, "function_hash": "290532900627309439606711308425738821162" }, "id": "ASB-A-285645039-5cd93382", "source": "https://android.googlesource.com/platform/packages/modules/StatsD/+/d3bee21e053401c30a1a5cee5a7ddd2d9fa0463e", "deprecated": false, "signature_version": "v1", "target": { "file": "statsd/src/StatsService.cpp", "function": "StatsService::~StatsService" }, "signature_type": "Function" }, { "digest": { "length": 222.0, "function_hash": "190139916014078794201190441593495255888" }, "id": "ASB-A-285645039-6335df16", "source": "https://android.googlesource.com/platform/packages/modules/StatsD/+/d3bee21e053401c30a1a5cee5a7ddd2d9fa0463e", "deprecated": false, "signature_version": "v1", "target": { "file": "statsd/src/StatsService.cpp", "function": "StatsService::readLogs" }, "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "162094486690609551357265491806306373800", "21343630666638973742897342745690999120", "288223269456115365291245602458738083098", "148667828061323797183185443430761605895", "283245882279883015538077767184721125668", "91011422154839185681590367440624013254", "228991447056343218450583282699753578122", "200991055704848072321835649022205081417", "314445733331473514438239458627334934923", "290215494774479982526444497481484572928", "150837300128228537133125342259255129700", "158274056577435042297687633569209542541", "335343134791047350178012205680999322642", "191751358642596428187797542992949197800", "108587633537507210242609878158511307392" ] }, "id": "ASB-A-285645039-b24378a7", "source": "https://android.googlesource.com/platform/packages/modules/StatsD/+/d3bee21e053401c30a1a5cee5a7ddd2d9fa0463e", "deprecated": false, "signature_version": "v1", "target": { "file": "statsd/src/StatsService.cpp" }, "signature_type": "Line" }, { "digest": { "threshold": 0.9, "line_hashes": [ "9560257399028977192882822136888446391", "6814727255881169936930416864601371522", "95344555408575203031917538580592384557", "208613213791790390267597640934962107644", "94612942637015893079560201185174185719", "149102618012575246417676794546503739423" ] }, "id": "ASB-A-285645039-baaf2c19", "source": "https://android.googlesource.com/platform/packages/modules/StatsD/+/d3bee21e053401c30a1a5cee5a7ddd2d9fa0463e", "deprecated": false, "signature_version": "v1", "target": { "file": "statsd/src/StatsService.h" }, "signature_type": "Line" } ], "fixes": [ "https://android.googlesource.com/platform/packages/modules/StatsD/+/d3bee21e053401c30a1a5cee5a7ddd2d9fa0463e" ], "spl": "2023-11-01", "severity": "High", "types": [ "EoP" ] }
{ "vanir_signatures": [ { "digest": { "threshold": 0.9, "line_hashes": [ "9560257399028977192882822136888446391", "6814727255881169936930416864601371522", "95344555408575203031917538580592384557", "208613213791790390267597640934962107644", "94612942637015893079560201185174185719", "149102618012575246417676794546503739423" ] }, "id": "ASB-A-285645039-24b1ceba", "source": "https://android.googlesource.com/platform/packages/modules/StatsD/+/8dca7a8e0f241a041ac2e061c0070839aee560ff", "deprecated": false, "signature_version": "v1", "target": { "file": "statsd/src/StatsService.h" }, "signature_type": "Line" }, { "digest": { "length": 1932.0, "function_hash": "150911719169882205645024166510874957982" }, "id": "ASB-A-285645039-2a98aade", "source": "https://android.googlesource.com/platform/packages/modules/StatsD/+/8dca7a8e0f241a041ac2e061c0070839aee560ff", "deprecated": false, "signature_version": "v1", "target": { "file": "statsd/src/StatsService.cpp", "function": "mStatsCompanionServiceDeathRecipient" }, "signature_type": "Function" }, { "digest": { "length": 37.0, "function_hash": "290532900627309439606711308425738821162" }, "id": "ASB-A-285645039-a7518c2f", "source": "https://android.googlesource.com/platform/packages/modules/StatsD/+/8dca7a8e0f241a041ac2e061c0070839aee560ff", "deprecated": false, "signature_version": "v1", "target": { "file": "statsd/src/StatsService.cpp", "function": "StatsService::~StatsService" }, "signature_type": "Function" }, { "digest": { "length": 222.0, "function_hash": "190139916014078794201190441593495255888" }, "id": "ASB-A-285645039-b4c7688d", "source": "https://android.googlesource.com/platform/packages/modules/StatsD/+/8dca7a8e0f241a041ac2e061c0070839aee560ff", "deprecated": false, "signature_version": "v1", "target": { "file": "statsd/src/StatsService.cpp", "function": "StatsService::readLogs" }, "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "162094486690609551357265491806306373800", "21343630666638973742897342745690999120", "288223269456115365291245602458738083098", "148667828061323797183185443430761605895", "283245882279883015538077767184721125668", "91011422154839185681590367440624013254", "228991447056343218450583282699753578122", "200991055704848072321835649022205081417", "314445733331473514438239458627334934923", "290215494774479982526444497481484572928", "150837300128228537133125342259255129700", "158274056577435042297687633569209542541", "335343134791047350178012205680999322642", "191751358642596428187797542992949197800", "108587633537507210242609878158511307392" ] }, "id": "ASB-A-285645039-d7c42036", "source": "https://android.googlesource.com/platform/packages/modules/StatsD/+/8dca7a8e0f241a041ac2e061c0070839aee560ff", "deprecated": false, "signature_version": "v1", "target": { "file": "statsd/src/StatsService.cpp" }, "signature_type": "Line" } ], "fixes": [ "https://android.googlesource.com/platform/packages/modules/StatsD/+/8dca7a8e0f241a041ac2e061c0070839aee560ff" ], "spl": "2023-11-01", "severity": "High", "types": [ "EoP" ] }
{ "vanir_signatures": [ { "digest": { "threshold": 0.9, "line_hashes": [ "162094486690609551357265491806306373800", "21343630666638973742897342745690999120", "288223269456115365291245602458738083098", "148667828061323797183185443430761605895", "283245882279883015538077767184721125668", "91011422154839185681590367440624013254", "228991447056343218450583282699753578122", "200991055704848072321835649022205081417", "314445733331473514438239458627334934923", "290215494774479982526444497481484572928", "150837300128228537133125342259255129700", "158274056577435042297687633569209542541", "299056411393582019832200088668149889192", "108587633537507210242609878158511307392", "108587633537507210242609878158511307392" ] }, "id": "ASB-A-285645039-02c1fe38", "source": "https://android.googlesource.com/platform/packages/modules/StatsD/+/c578fa427fea745fd4555ee23d5642a1d2cd0ce3", "deprecated": false, "signature_version": "v1", "target": { "file": "statsd/src/StatsService.cpp" }, "signature_type": "Line" }, { "digest": { "length": 2510.0, "function_hash": "122149015475048257650068008049466191562" }, "id": "ASB-A-285645039-225fa4c3", "source": "https://android.googlesource.com/platform/packages/modules/StatsD/+/c578fa427fea745fd4555ee23d5642a1d2cd0ce3", "deprecated": false, "signature_version": "v1", "target": { "file": "statsd/src/StatsService.cpp", "function": "mInitEventDelaySecs" }, "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "24938293731554636473098398205316056354", "18944739092555810520413270013999179633", "62673561178611369184800734059699398735", "107651199482235546255415669659835414516", "15664087137759784019850001285856476293", "52788991262695293056646716387794235053" ] }, "id": "ASB-A-285645039-4a816df9", "source": "https://android.googlesource.com/platform/packages/modules/StatsD/+/c578fa427fea745fd4555ee23d5642a1d2cd0ce3", "deprecated": false, "signature_version": "v1", "target": { "file": "statsd/src/StatsService.h" }, "signature_type": "Line" }, { "digest": { "length": 37.0, "function_hash": "290532900627309439606711308425738821162" }, "id": "ASB-A-285645039-537165a9", "source": "https://android.googlesource.com/platform/packages/modules/StatsD/+/c578fa427fea745fd4555ee23d5642a1d2cd0ce3", "deprecated": false, "signature_version": "v1", "target": { "file": "statsd/src/StatsService.cpp", "function": "StatsService::~StatsService" }, "signature_type": "Function" }, { "digest": { "length": 222.0, "function_hash": "190139916014078794201190441593495255888" }, "id": "ASB-A-285645039-f8e3caeb", "source": "https://android.googlesource.com/platform/packages/modules/StatsD/+/c578fa427fea745fd4555ee23d5642a1d2cd0ce3", "deprecated": false, "signature_version": "v1", "target": { "file": "statsd/src/StatsService.cpp", "function": "StatsService::readLogs" }, "signature_type": "Function" } ], "fixes": [ "https://android.googlesource.com/platform/packages/modules/StatsD/+/c578fa427fea745fd4555ee23d5642a1d2cd0ce3" ], "spl": "2023-11-01", "severity": "High", "types": [ "EoP" ] }