In fget() of file.c, there is a possible read after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
{ "vanir_signatures": [ { "digest": { "threshold": 0.9, "line_hashes": [ "222339155623389242937145999001050522534", "14210766515571077282217007477797530518", "286959784734915952769508299362550069891", "325423163522201025610882289272510867957" ] }, "id": "ASB-A-216408350-1562ff88", "source": "https://android.googlesource.com/kernel/common/+/054aa8d439b9185d4f5eb9a90282d1ce74772969", "deprecated": false, "signature_version": "v1", "target": { "file": "fs/file.c" }, "signature_type": "Line" }, { "digest": { "length": 312.0, "function_hash": "50347399082138730567468486640168205875" }, "id": "ASB-A-216408350-9050f785", "source": "https://android.googlesource.com/kernel/common/+/054aa8d439b9185d4f5eb9a90282d1ce74772969", "deprecated": false, "signature_version": "v1", "target": { "file": "fs/file.c", "function": "__fget_files" }, "signature_type": "Function" } ], "fixes": [ "https://android.googlesource.com/kernel/common/+/054aa8d439b9185d4f5eb9a90282d1ce74772969" ], "spl": "2022-09-05", "severity": "High", "types": [ "EoP" ] }