In multiple functions of many files, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
{ "vanir_signatures": [ { "digest": { "length": 755.0, "function_hash": "38604489406231837717793669152131606938" }, "id": "ASB-A-245869446-1b08df49", "source": "https://android.googlesource.com/kernel/common/+/0be362f248a062b0c57b24bd16250e48aca1258b", "deprecated": false, "signature_version": "v1", "target": { "file": "arch/x86/kvm/x86.c", "function": "kvm_steal_time_set_preempted" }, "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "59692480275264766853165137104156426228", "214353513911615457213562912492860417937", "273877541879068920260347504933113745277", "15798145667535997922991764239401250078" ] }, "id": "ASB-A-245869446-4e113419", "source": "https://android.googlesource.com/kernel/common/+/0be362f248a062b0c57b24bd16250e48aca1258b", "deprecated": false, "signature_version": "v1", "target": { "file": "arch/x86/kvm/vmx/vmx.c" }, "signature_type": "Line" }, { "digest": { "length": 333.0, "function_hash": "165481017018219247378593075874815406330" }, "id": "ASB-A-245869446-5374c6e8", "source": "https://android.googlesource.com/kernel/common/+/0be362f248a062b0c57b24bd16250e48aca1258b", "deprecated": false, "signature_version": "v1", "target": { "file": "arch/x86/kvm/vmx/vmx.c", "function": "handle_external_interrupt_irqoff" }, "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "77013427174380958763618251436307309217", "260912490785269495300238009067040999760", "27048756297649844329325457963885708573", "214724014562384713343912824674964654335", "305645830347182943102607156739301999758", "195355178703760701337862641816984625414", "302809168331074603663963560945904877504", "221736838959360489411131341271589814399", "137936098070211798298446521327929481847", "280460129927042103704893367658740007798", "195828335554372007478403600861262374234" ] }, "id": "ASB-A-245869446-bb6c2651", "source": "https://android.googlesource.com/kernel/common/+/0be362f248a062b0c57b24bd16250e48aca1258b", "deprecated": false, "signature_version": "v1", "target": { "file": "arch/x86/kvm/x86.c" }, "signature_type": "Line" }, { "digest": { "length": 799.0, "function_hash": "33828916803657510720769090657283268307" }, "id": "ASB-A-245869446-c5347606", "source": "https://android.googlesource.com/kernel/common/+/0be362f248a062b0c57b24bd16250e48aca1258b", "deprecated": false, "signature_version": "v1", "target": { "file": "arch/x86/kvm/x86.c", "function": "vcpu_run" }, "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "27455215021659110276612552094316477814", "32679905025671916597419488091600971837", "261160318527586754838829020256618233405", "163987717602089840069875587587559850486", "337327902055208212947137973516695178292", "250204395601394085695912527180843271660", "177798265508470921274907416937320593741", "146010721565448674377621111995655250043" ] }, "id": "ASB-A-245869446-e2250a01", "source": "https://android.googlesource.com/kernel/common/+/0be362f248a062b0c57b24bd16250e48aca1258b", "deprecated": false, "signature_version": "v1", "target": { "file": "arch/x86/include/asm/kvm_host.h" }, "signature_type": "Line" }, { "digest": { "threshold": 0.9, "line_hashes": [ "319180214301471377585150049024309308330", "50373122713968120405096298349158498297", "262696856476674390061976107357942042546", "335269534060379695117872965537878128774" ] }, "id": "ASB-A-245869446-f6ae6194", "source": "https://android.googlesource.com/kernel/common/+/0be362f248a062b0c57b24bd16250e48aca1258b", "deprecated": false, "signature_version": "v1", "target": { "file": "arch/x86/kvm/svm/svm.c" }, "signature_type": "Line" } ], "fixes": [ "https://android.googlesource.com/kernel/common/+/0be362f248a062b0c57b24bd16250e48aca1258b" ], "spl": "2023-02-05", "severity": "High", "types": [ "EoP" ] }