ASB-A-142125338
See a problem?- Import Source
- https://storage.googleapis.com/android-osv/ASB-A-142125338.json
- JSON Data
- https://api.osv.dev/v1/vulns/ASB-A-142125338
- Aliases
-
- A-142125338
- CVE-2020-0419
- Published
- 2020-10-01T00:00:00Z
- Modified
- 2024-08-07T19:30:00.957363Z
- Summary
- [none]
- Details
-
In generateInfo of PackageInstallerSession.java, there is a possible leak of cross-profile URI data during app installation due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
- References
Affected packages
Android / platform/frameworks/base
Package
Ecosystem specific
{
"vanir_signatures": [
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"187694286141820789670916997370090651430",
"148717263823907129769919801587878670836",
"167109597600633836710202501171995859618",
"157025059922123343751009603892832608797",
"152536629966397721137528751530302279676",
"127429659559456989613337245293015445104",
"84237568129714902437284577302770604611",
"331883057178468989527825791060632677710"
]
},
"id": "ASB-A-142125338-04078f01",
"source": "https://android.googlesource.com/platform/frameworks/base/+/6bc126b040718d9252ec72d2dd5207c7a4913238",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/pm/StagingManager.java"
},
"signature_type": "Line"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"72688814990965518423333647254418178822",
"176012409152136155032693696479089513299",
"142991852066691612852405584846970617328",
"96732853278468924042503727372236362221",
"127716353410473830467341901884029020069",
"316455917812073705413309111710396813794",
"43169492265355648271075594231522158947",
"105141777447642964282711374797540983997",
"92413234782136782816916621133101668471",
"133187590858682379441548778164580543096",
"26805778708084223924046730762410762708",
"194665664116270526627612953986050554525",
"141532201238576210114655937934433768706",
"72384453454482011996124206038523493767",
"169733302717799318153595570116416017462",
"64506866399925362080634626294420563847",
"120527850781045998522384851196394460560",
"307603849444677206871182576610880793788",
"24600786336022053345180362708036511499",
"106938981199465311162814348496141714847",
"257136697145139477989905870169792821790",
"284468934836728979501497593583080552515",
"48209356352223079359491784649174503229",
"211837151772820103697697544556139772718",
"21930881034387229927106834972986420742",
"259009267755175231467100544032142087089",
"318887923298787177102044781203440965106",
"85277261751633805629987567880247565752"
]
},
"id": "ASB-A-142125338-0c13294b",
"source": "https://android.googlesource.com/platform/frameworks/base/+/6bc126b040718d9252ec72d2dd5207c7a4913238",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/pm/PackageInstallerService.java"
},
"signature_type": "Line"
},
{
"digest": {
"length": 1762.0,
"function_hash": "70919786429078487746139119149753947846"
},
"id": "ASB-A-142125338-1a8b63b2",
"source": "https://android.googlesource.com/platform/frameworks/base/+/6bc126b040718d9252ec72d2dd5207c7a4913238",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/pm/PackageInstallerSession.java",
"function": "generateInfo"
},
"signature_type": "Function"
},
{
"digest": {
"length": 828.0,
"function_hash": "256504028229332526114233518439434529243"
},
"id": "ASB-A-142125338-2ceff7b6",
"source": "https://android.googlesource.com/platform/frameworks/base/+/6bc126b040718d9252ec72d2dd5207c7a4913238",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/pm/PackageInstallerSession.java",
"function": "dispatchSessionFinished"
},
"signature_type": "Function"
},
{
"digest": {
"length": 469.0,
"function_hash": "223297173776702713107117821262533107045"
},
"id": "ASB-A-142125338-45e750ad",
"source": "https://android.googlesource.com/platform/frameworks/base/+/6bc126b040718d9252ec72d2dd5207c7a4913238",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/pm/PackageInstallerService.java",
"function": "getAllSessions"
},
"signature_type": "Function"
},
{
"digest": {
"length": 295.0,
"function_hash": "273889309384891486970263967335424889098"
},
"id": "ASB-A-142125338-59893f63",
"source": "https://android.googlesource.com/platform/frameworks/base/+/6bc126b040718d9252ec72d2dd5207c7a4913238",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/pm/StagingManager.java",
"function": "getSessions"
},
"signature_type": "Function"
},
{
"digest": {
"length": 62.0,
"function_hash": "147211292100110564804694973215966991097"
},
"id": "ASB-A-142125338-5c3a0ede",
"source": "https://android.googlesource.com/platform/frameworks/base/+/6bc126b040718d9252ec72d2dd5207c7a4913238",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/pm/PackageInstallerService.java",
"function": "getStagedSessions"
},
"signature_type": "Function"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"250502655705493186715251352878006192982",
"137190915563408121452420441283976845537",
"69358795866107864485016204022622792167",
"325723112689122133498134544850477375560",
"330590888491587527588018986201417365653",
"88625093894503533883970030713527916777",
"211893123277550162154550278444618157175",
"25007008622992958450175705492674262338",
"84696508227302087165348403076308562977",
"61349409292548539706230728465804745225",
"3502489412921956337476840809168576312",
"230206393037314699065413287961401967766",
"146412591712025670146523730141659133297",
"318215860369595840120423931087854143502",
"298221310156327702604666939432971245376",
"39430261151381151186930521929217715938",
"191333928347456720577270457619986921357"
]
},
"id": "ASB-A-142125338-5cf3e1c2",
"source": "https://android.googlesource.com/platform/frameworks/base/+/6bc126b040718d9252ec72d2dd5207c7a4913238",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/pm/PackageInstallerSession.java"
},
"signature_type": "Line"
},
{
"digest": {
"length": 168.0,
"function_hash": "168531221760625938411108029467752577692"
},
"id": "ASB-A-142125338-687efc54",
"source": "https://android.googlesource.com/platform/frameworks/base/+/6bc126b040718d9252ec72d2dd5207c7a4913238",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/pm/PackageInstallerService.java",
"function": "onStagedSessionChanged"
},
"signature_type": "Function"
},
{
"digest": {
"length": 49.0,
"function_hash": "24613560233047016535892289466071329727"
},
"id": "ASB-A-142125338-762f6161",
"source": "https://android.googlesource.com/platform/frameworks/base/+/6bc126b040718d9252ec72d2dd5207c7a4913238",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/pm/PackageInstallerSession.java",
"function": "generateInfo"
},
"signature_type": "Function"
},
{
"digest": {
"length": 165.0,
"function_hash": "221029517862014850460886387204402449924"
},
"id": "ASB-A-142125338-cd8845b5",
"source": "https://android.googlesource.com/platform/frameworks/base/+/6bc126b040718d9252ec72d2dd5207c7a4913238",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/pm/PackageInstallerService.java",
"function": "getSessionInfo"
},
"signature_type": "Function"
},
{
"digest": {
"length": 608.0,
"function_hash": "154255265221909386324353034909832027190"
},
"id": "ASB-A-142125338-e631eaa2",
"source": "https://android.googlesource.com/platform/frameworks/base/+/6bc126b040718d9252ec72d2dd5207c7a4913238",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/pm/PackageInstallerService.java",
"function": "getMySessions"
},
"signature_type": "Function"
}
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/6bc126b040718d9252ec72d2dd5207c7a4913238"
],
"spl": "2020-10-01",
"severity": "High",
"types": [
"ID"
]
}
Android / platform/frameworks/base
Package
Ecosystem specific
{
"vanir_signatures": [
{
"digest": {
"length": 168.0,
"function_hash": "168531221760625938411108029467752577692"
},
"id": "ASB-A-142125338-33c6169b",
"source": "https://android.googlesource.com/platform/frameworks/base/+/6bc126b040718d9252ec72d2dd5207c7a4913238",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/pm/PackageInstallerService.java",
"function": "onStagedSessionChanged"
},
"signature_type": "Function"
},
{
"digest": {
"length": 469.0,
"function_hash": "223297173776702713107117821262533107045"
},
"id": "ASB-A-142125338-34d84169",
"source": "https://android.googlesource.com/platform/frameworks/base/+/6bc126b040718d9252ec72d2dd5207c7a4913238",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/pm/PackageInstallerService.java",
"function": "getAllSessions"
},
"signature_type": "Function"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"250502655705493186715251352878006192982",
"137190915563408121452420441283976845537",
"69358795866107864485016204022622792167",
"325723112689122133498134544850477375560",
"330590888491587527588018986201417365653",
"88625093894503533883970030713527916777",
"211893123277550162154550278444618157175",
"25007008622992958450175705492674262338",
"84696508227302087165348403076308562977",
"61349409292548539706230728465804745225",
"3502489412921956337476840809168576312",
"230206393037314699065413287961401967766",
"146412591712025670146523730141659133297",
"318215860369595840120423931087854143502",
"298221310156327702604666939432971245376",
"39430261151381151186930521929217715938",
"191333928347456720577270457619986921357"
]
},
"id": "ASB-A-142125338-52b76816",
"source": "https://android.googlesource.com/platform/frameworks/base/+/6bc126b040718d9252ec72d2dd5207c7a4913238",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/pm/PackageInstallerSession.java"
},
"signature_type": "Line"
},
{
"digest": {
"length": 165.0,
"function_hash": "221029517862014850460886387204402449924"
},
"id": "ASB-A-142125338-63cbd4ce",
"source": "https://android.googlesource.com/platform/frameworks/base/+/6bc126b040718d9252ec72d2dd5207c7a4913238",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/pm/PackageInstallerService.java",
"function": "getSessionInfo"
},
"signature_type": "Function"
},
{
"digest": {
"length": 828.0,
"function_hash": "256504028229332526114233518439434529243"
},
"id": "ASB-A-142125338-71d89410",
"source": "https://android.googlesource.com/platform/frameworks/base/+/6bc126b040718d9252ec72d2dd5207c7a4913238",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/pm/PackageInstallerSession.java",
"function": "dispatchSessionFinished"
},
"signature_type": "Function"
},
{
"digest": {
"length": 49.0,
"function_hash": "24613560233047016535892289466071329727"
},
"id": "ASB-A-142125338-785c91ba",
"source": "https://android.googlesource.com/platform/frameworks/base/+/6bc126b040718d9252ec72d2dd5207c7a4913238",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/pm/PackageInstallerSession.java",
"function": "generateInfo"
},
"signature_type": "Function"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"72688814990965518423333647254418178822",
"176012409152136155032693696479089513299",
"142991852066691612852405584846970617328",
"96732853278468924042503727372236362221",
"127716353410473830467341901884029020069",
"316455917812073705413309111710396813794",
"43169492265355648271075594231522158947",
"105141777447642964282711374797540983997",
"92413234782136782816916621133101668471",
"133187590858682379441548778164580543096",
"26805778708084223924046730762410762708",
"194665664116270526627612953986050554525",
"141532201238576210114655937934433768706",
"72384453454482011996124206038523493767",
"169733302717799318153595570116416017462",
"64506866399925362080634626294420563847",
"120527850781045998522384851196394460560",
"307603849444677206871182576610880793788",
"24600786336022053345180362708036511499",
"106938981199465311162814348496141714847",
"257136697145139477989905870169792821790",
"284468934836728979501497593583080552515",
"48209356352223079359491784649174503229",
"211837151772820103697697544556139772718",
"21930881034387229927106834972986420742",
"259009267755175231467100544032142087089",
"318887923298787177102044781203440965106",
"85277261751633805629987567880247565752"
]
},
"id": "ASB-A-142125338-91a2d4e2",
"source": "https://android.googlesource.com/platform/frameworks/base/+/6bc126b040718d9252ec72d2dd5207c7a4913238",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/pm/PackageInstallerService.java"
},
"signature_type": "Line"
},
{
"digest": {
"length": 1762.0,
"function_hash": "70919786429078487746139119149753947846"
},
"id": "ASB-A-142125338-933edb54",
"source": "https://android.googlesource.com/platform/frameworks/base/+/6bc126b040718d9252ec72d2dd5207c7a4913238",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/pm/PackageInstallerSession.java",
"function": "generateInfo"
},
"signature_type": "Function"
},
{
"digest": {
"length": 62.0,
"function_hash": "147211292100110564804694973215966991097"
},
"id": "ASB-A-142125338-a55096c0",
"source": "https://android.googlesource.com/platform/frameworks/base/+/6bc126b040718d9252ec72d2dd5207c7a4913238",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/pm/PackageInstallerService.java",
"function": "getStagedSessions"
},
"signature_type": "Function"
},
{
"digest": {
"length": 295.0,
"function_hash": "273889309384891486970263967335424889098"
},
"id": "ASB-A-142125338-bf087d44",
"source": "https://android.googlesource.com/platform/frameworks/base/+/6bc126b040718d9252ec72d2dd5207c7a4913238",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/pm/StagingManager.java",
"function": "getSessions"
},
"signature_type": "Function"
},
{
"digest": {
"length": 608.0,
"function_hash": "154255265221909386324353034909832027190"
},
"id": "ASB-A-142125338-c385fcf4",
"source": "https://android.googlesource.com/platform/frameworks/base/+/6bc126b040718d9252ec72d2dd5207c7a4913238",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/pm/PackageInstallerService.java",
"function": "getMySessions"
},
"signature_type": "Function"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"187694286141820789670916997370090651430",
"148717263823907129769919801587878670836",
"167109597600633836710202501171995859618",
"157025059922123343751009603892832608797",
"152536629966397721137528751530302279676",
"127429659559456989613337245293015445104",
"84237568129714902437284577302770604611",
"331883057178468989527825791060632677710"
]
},
"id": "ASB-A-142125338-d8f087a8",
"source": "https://android.googlesource.com/platform/frameworks/base/+/6bc126b040718d9252ec72d2dd5207c7a4913238",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/pm/StagingManager.java"
},
"signature_type": "Line"
}
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/6bc126b040718d9252ec72d2dd5207c7a4913238"
],
"spl": "2020-10-01",
"severity": "High",
"types": [
"ID"
]
}
Android / platform/frameworks/base
Package
Ecosystem specific
{
"vanir_signatures": [
{
"digest": {
"length": 295.0,
"function_hash": "273889309384891486970263967335424889098"
},
"id": "ASB-A-142125338-5ffed1c2",
"source": "https://android.googlesource.com/platform/frameworks/base/+/6bc126b040718d9252ec72d2dd5207c7a4913238",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/pm/StagingManager.java",
"function": "getSessions"
},
"signature_type": "Function"
},
{
"digest": {
"length": 168.0,
"function_hash": "168531221760625938411108029467752577692"
},
"id": "ASB-A-142125338-70d2d24f",
"source": "https://android.googlesource.com/platform/frameworks/base/+/6bc126b040718d9252ec72d2dd5207c7a4913238",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/pm/PackageInstallerService.java",
"function": "onStagedSessionChanged"
},
"signature_type": "Function"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"72688814990965518423333647254418178822",
"176012409152136155032693696479089513299",
"142991852066691612852405584846970617328",
"96732853278468924042503727372236362221",
"127716353410473830467341901884029020069",
"316455917812073705413309111710396813794",
"43169492265355648271075594231522158947",
"105141777447642964282711374797540983997",
"92413234782136782816916621133101668471",
"133187590858682379441548778164580543096",
"26805778708084223924046730762410762708",
"194665664116270526627612953986050554525",
"141532201238576210114655937934433768706",
"72384453454482011996124206038523493767",
"169733302717799318153595570116416017462",
"64506866399925362080634626294420563847",
"120527850781045998522384851196394460560",
"307603849444677206871182576610880793788",
"24600786336022053345180362708036511499",
"106938981199465311162814348496141714847",
"257136697145139477989905870169792821790",
"284468934836728979501497593583080552515",
"48209356352223079359491784649174503229",
"211837151772820103697697544556139772718",
"21930881034387229927106834972986420742",
"259009267755175231467100544032142087089",
"318887923298787177102044781203440965106",
"85277261751633805629987567880247565752"
]
},
"id": "ASB-A-142125338-7a94a02b",
"source": "https://android.googlesource.com/platform/frameworks/base/+/6bc126b040718d9252ec72d2dd5207c7a4913238",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/pm/PackageInstallerService.java"
},
"signature_type": "Line"
},
{
"digest": {
"length": 1762.0,
"function_hash": "70919786429078487746139119149753947846"
},
"id": "ASB-A-142125338-8b1dd026",
"source": "https://android.googlesource.com/platform/frameworks/base/+/6bc126b040718d9252ec72d2dd5207c7a4913238",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/pm/PackageInstallerSession.java",
"function": "generateInfo"
},
"signature_type": "Function"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"187694286141820789670916997370090651430",
"148717263823907129769919801587878670836",
"167109597600633836710202501171995859618",
"157025059922123343751009603892832608797",
"152536629966397721137528751530302279676",
"127429659559456989613337245293015445104",
"84237568129714902437284577302770604611",
"331883057178468989527825791060632677710"
]
},
"id": "ASB-A-142125338-a0d892f8",
"source": "https://android.googlesource.com/platform/frameworks/base/+/6bc126b040718d9252ec72d2dd5207c7a4913238",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/pm/StagingManager.java"
},
"signature_type": "Line"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"250502655705493186715251352878006192982",
"137190915563408121452420441283976845537",
"69358795866107864485016204022622792167",
"325723112689122133498134544850477375560",
"330590888491587527588018986201417365653",
"88625093894503533883970030713527916777",
"211893123277550162154550278444618157175",
"25007008622992958450175705492674262338",
"84696508227302087165348403076308562977",
"61349409292548539706230728465804745225",
"3502489412921956337476840809168576312",
"230206393037314699065413287961401967766",
"146412591712025670146523730141659133297",
"318215860369595840120423931087854143502",
"298221310156327702604666939432971245376",
"39430261151381151186930521929217715938",
"191333928347456720577270457619986921357"
]
},
"id": "ASB-A-142125338-a8df86c9",
"source": "https://android.googlesource.com/platform/frameworks/base/+/6bc126b040718d9252ec72d2dd5207c7a4913238",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/pm/PackageInstallerSession.java"
},
"signature_type": "Line"
},
{
"digest": {
"length": 469.0,
"function_hash": "223297173776702713107117821262533107045"
},
"id": "ASB-A-142125338-bf62d419",
"source": "https://android.googlesource.com/platform/frameworks/base/+/6bc126b040718d9252ec72d2dd5207c7a4913238",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/pm/PackageInstallerService.java",
"function": "getAllSessions"
},
"signature_type": "Function"
},
{
"digest": {
"length": 165.0,
"function_hash": "221029517862014850460886387204402449924"
},
"id": "ASB-A-142125338-e1fad694",
"source": "https://android.googlesource.com/platform/frameworks/base/+/6bc126b040718d9252ec72d2dd5207c7a4913238",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/pm/PackageInstallerService.java",
"function": "getSessionInfo"
},
"signature_type": "Function"
},
{
"digest": {
"length": 828.0,
"function_hash": "256504028229332526114233518439434529243"
},
"id": "ASB-A-142125338-e6ddd9fd",
"source": "https://android.googlesource.com/platform/frameworks/base/+/6bc126b040718d9252ec72d2dd5207c7a4913238",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/pm/PackageInstallerSession.java",
"function": "dispatchSessionFinished"
},
"signature_type": "Function"
},
{
"digest": {
"length": 608.0,
"function_hash": "154255265221909386324353034909832027190"
},
"id": "ASB-A-142125338-ebe44059",
"source": "https://android.googlesource.com/platform/frameworks/base/+/6bc126b040718d9252ec72d2dd5207c7a4913238",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/pm/PackageInstallerService.java",
"function": "getMySessions"
},
"signature_type": "Function"
},
{
"digest": {
"length": 62.0,
"function_hash": "147211292100110564804694973215966991097"
},
"id": "ASB-A-142125338-f8b8d061",
"source": "https://android.googlesource.com/platform/frameworks/base/+/6bc126b040718d9252ec72d2dd5207c7a4913238",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/pm/PackageInstallerService.java",
"function": "getStagedSessions"
},
"signature_type": "Function"
},
{
"digest": {
"length": 49.0,
"function_hash": "24613560233047016535892289466071329727"
},
"id": "ASB-A-142125338-fb9a3e29",
"source": "https://android.googlesource.com/platform/frameworks/base/+/6bc126b040718d9252ec72d2dd5207c7a4913238",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/pm/PackageInstallerSession.java",
"function": "generateInfo"
},
"signature_type": "Function"
}
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/6bc126b040718d9252ec72d2dd5207c7a4913238"
],
"spl": "2020-10-01",
"severity": "High",
"types": [
"ID"
]
}