In composite_setup of composite.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege when connecting a malicious USB device with no additional execution privileges needed. User interaction is not needed for exploitation.
{ "types": [ "EoP" ], "vanir_signatures": [ { "signature_type": "Function", "digest": { "function_hash": "15411130885992590080241792335577292221", "length": 8670.0 }, "signature_version": "v1", "id": "ASB-A-222023189-450738e9", "deprecated": false, "target": { "function": "composite_setup", "truncated_path_level": 1.0, "file": "drivers/usb/gadget/composite.c" }, "source": "https://android.googlesource.com/kernel/common/+/c7732dbce590e" }, { "signature_type": "Line", "digest": { "line_hashes": [ "8228047372824403445809389804182550337", "215290394054290689799362561037584581376", "50834800687003401478418564196561689514", "157624948906676408928048125434499571554" ], "threshold": 0.9 }, "signature_version": "v1", "id": "ASB-A-222023189-abae828f", "deprecated": false, "target": { "truncated_path_level": 1.0, "file": "drivers/usb/gadget/composite.c" }, "source": "https://android.googlesource.com/kernel/common/+/c7732dbce590e" }, { "signature_type": "Function", "digest": { "function_hash": "15411130885992590080241792335577292221", "length": 8670.0 }, "signature_version": "v1", "id": "ASB-A-222023189-be9112ba", "deprecated": false, "target": { "function": "composite_setup", "truncated_path_level": 1.0, "file": "drivers/usb/gadget/composite.c" }, "source": "https://android.googlesource.com/kernel/common/+/22ec100472854" }, { "signature_type": "Line", "digest": { "line_hashes": [ "8228047372824403445809389804182550337", "215290394054290689799362561037584581376", "50834800687003401478418564196561689514", "157624948906676408928048125434499571554" ], "threshold": 0.9 }, "signature_version": "v1", "id": "ASB-A-222023189-f59ba70b", "deprecated": false, "target": { "truncated_path_level": 1.0, "file": "drivers/usb/gadget/composite.c" }, "source": "https://android.googlesource.com/kernel/common/+/22ec100472854" } ], "fixes": [ "https://android.googlesource.com/kernel/common/+/22ec100472854", "https://android.googlesource.com/kernel/common/+/c7732dbce590e" ], "spl": "2022-06-05", "severity": "High" }