In incrementannotationcount of stats_event.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
{ "vanir_signatures": [ { "digest": { "threshold": 0.9, "line_hashes": [ "40818449407841122966676705733223152827", "275547101538307787913205473237144764838", "240572379499218011316952381048467884487", "297955085587280879483905699524165595939" ] }, "id": "ASB-A-330054251-302264be", "source": "https://android.googlesource.com/platform/packages/modules/StatsD/+/e440696c4fd6d44d21451467294b3e31c6867e08", "deprecated": false, "signature_version": "v1", "target": { "file": "lib/libstatssocket/stats_event.c" }, "signature_type": "Line" }, { "digest": { "length": 372.0, "function_hash": "188177099814377904508818737966482960063" }, "id": "ASB-A-330054251-c744808b", "source": "https://android.googlesource.com/platform/packages/modules/StatsD/+/e440696c4fd6d44d21451467294b3e31c6867e08", "deprecated": false, "signature_version": "v1", "target": { "file": "lib/libstatssocket/stats_event.c", "function": "increment_annotation_count" }, "signature_type": "Function" } ], "fixes": [ "https://android.googlesource.com/platform/packages/modules/StatsD/+/e440696c4fd6d44d21451467294b3e31c6867e08" ], "spl": "2024-06-01", "severity": "High", "types": [ "EoP" ] }
{ "vanir_signatures": [ { "digest": { "length": 372.0, "function_hash": "188177099814377904508818737966482960063" }, "id": "ASB-A-330054251-93232e0a", "source": "https://android.googlesource.com/platform/packages/modules/StatsD/+/e440696c4fd6d44d21451467294b3e31c6867e08", "deprecated": false, "signature_version": "v1", "target": { "file": "lib/libstatssocket/stats_event.c", "function": "increment_annotation_count" }, "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "40818449407841122966676705733223152827", "275547101538307787913205473237144764838", "240572379499218011316952381048467884487", "297955085587280879483905699524165595939" ] }, "id": "ASB-A-330054251-f9eee20e", "source": "https://android.googlesource.com/platform/packages/modules/StatsD/+/e440696c4fd6d44d21451467294b3e31c6867e08", "deprecated": false, "signature_version": "v1", "target": { "file": "lib/libstatssocket/stats_event.c" }, "signature_type": "Line" } ], "fixes": [ "https://android.googlesource.com/platform/packages/modules/StatsD/+/e440696c4fd6d44d21451467294b3e31c6867e08" ], "spl": "2024-06-01", "severity": "High", "types": [ "EoP" ] }
{ "vanir_signatures": [ { "digest": { "length": 372.0, "function_hash": "188177099814377904508818737966482960063" }, "id": "ASB-A-330054251-08dfc1af", "source": "https://android.googlesource.com/platform/packages/modules/StatsD/+/e440696c4fd6d44d21451467294b3e31c6867e08", "deprecated": false, "signature_version": "v1", "target": { "file": "lib/libstatssocket/stats_event.c", "function": "increment_annotation_count" }, "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "40818449407841122966676705733223152827", "275547101538307787913205473237144764838", "240572379499218011316952381048467884487", "297955085587280879483905699524165595939" ] }, "id": "ASB-A-330054251-32789bf8", "source": "https://android.googlesource.com/platform/packages/modules/StatsD/+/e440696c4fd6d44d21451467294b3e31c6867e08", "deprecated": false, "signature_version": "v1", "target": { "file": "lib/libstatssocket/stats_event.c" }, "signature_type": "Line" } ], "fixes": [ "https://android.googlesource.com/platform/packages/modules/StatsD/+/e440696c4fd6d44d21451467294b3e31c6867e08" ], "spl": "2024-06-01", "severity": "High", "types": [ "EoP" ] }
{ "vanir_signatures": [ { "digest": { "threshold": 0.9, "line_hashes": [ "40818449407841122966676705733223152827", "275547101538307787913205473237144764838", "240572379499218011316952381048467884487", "297955085587280879483905699524165595939" ] }, "id": "ASB-A-330054251-6fdf7709", "source": "https://android.googlesource.com/platform/packages/modules/StatsD/+/e440696c4fd6d44d21451467294b3e31c6867e08", "deprecated": false, "signature_version": "v1", "target": { "file": "lib/libstatssocket/stats_event.c" }, "signature_type": "Line" }, { "digest": { "length": 372.0, "function_hash": "188177099814377904508818737966482960063" }, "id": "ASB-A-330054251-b4122673", "source": "https://android.googlesource.com/platform/packages/modules/StatsD/+/e440696c4fd6d44d21451467294b3e31c6867e08", "deprecated": false, "signature_version": "v1", "target": { "file": "lib/libstatssocket/stats_event.c", "function": "increment_annotation_count" }, "signature_type": "Function" } ], "fixes": [ "https://android.googlesource.com/platform/packages/modules/StatsD/+/e440696c4fd6d44d21451467294b3e31c6867e08" ], "spl": "2024-06-01", "severity": "High", "types": [ "EoP" ] }