ASB-A-155648771

See a problem?

Import Source

https://storage.googleapis.com/android-osv/ASB-A-155648771.json

JSON Data

https://api.osv.dev/v1/vulns/ASB-A-155648771

Aliases

A-155648771
CVE-2021-0307

Published

2021-01-01T00:00:00Z

Modified

2026-04-21T15:25:42.831358Z

Summary

[none]

Details

In updatePermissionSourcePackage of PermissionManagerService.java, there is a possible automatic runtime permission grant due to a confused deputy. This could lead to local escalation of privilege allowing a malicious app to silently gain access to a dangerous permission with no additional execution privileges needed. User interaction is not needed for exploitation.

References

Affected packages

Android / platform/cts

Package

Name: platform/cts

Affected ranges

Type: ECOSYSTEM
Events: Introduced

10:0

Fixed

10:2021-01-01

Affected versions

Other

Ecosystem specific

{
    "fixes": [
        "https://android.googlesource.com/platform/cts/+/a8a90255d43845e307b6d133c710b802dbece622"
    ],
    "types": [
        "EoP"
    ],
    "spl": "2021-01-01",
    "severity": "High"
}

Database specific

source

"https://storage.googleapis.com/android-osv/ASB-A-155648771.json"

Android / platform/frameworks/base

Package

Name: platform/frameworks/base

Affected ranges

Type: ECOSYSTEM
Events: Introduced

10:0

Fixed

10:2021-01-01

Affected versions

Other

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "42944500549505635161036987220393129218",
                    "32374468865149567811517005251175270874",
                    "182416145722170882610837408393988471387",
                    "73133442436564090363183519967048906082"
                ]
            },
            "id": "ASB-A-155648771-4acbd12e",
            "deprecated": false,
            "signature_version": "v1",
            "signature_type": "Line",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/a9f825922e1870575aeab11a2035903c217233c9",
            "target": {
                "file": "services/core/java/com/android/server/pm/permission/PermissionManagerService.java"
            }
        },
        {
            "digest": {
                "length": 1646.0,
                "function_hash": "260801340390853921484827258252259891230"
            },
            "id": "ASB-A-155648771-ea459bf9",
            "deprecated": false,
            "signature_version": "v1",
            "signature_type": "Function",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/a9f825922e1870575aeab11a2035903c217233c9",
            "target": {
                "function": "updatePermissionSourcePackage",
                "file": "services/core/java/com/android/server/pm/permission/PermissionManagerService.java"
            }
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/a9f825922e1870575aeab11a2035903c217233c9"
    ],
    "types": [
        "EoP"
    ],
    "spl": "2021-01-01",
    "severity": "High"
}

Database specific

source

"https://storage.googleapis.com/android-osv/ASB-A-155648771.json"

Android / platform/cts

Package

Name: platform/cts

Affected ranges

Type: ECOSYSTEM
Events: Introduced

11:0

Fixed

11:2021-01-01

Affected versions

Other

Ecosystem specific

{
    "fixes": [
        "https://android.googlesource.com/platform/cts/+/a8a90255d43845e307b6d133c710b802dbece622"
    ],
    "types": [
        "EoP"
    ],
    "spl": "2021-01-01",
    "severity": "High"
}

Database specific

source

"https://storage.googleapis.com/android-osv/ASB-A-155648771.json"

Android / platform/frameworks/base

Package

Name: platform/frameworks/base

Affected ranges

Type: ECOSYSTEM
Events: Introduced

11:0

Fixed

11:2021-01-01

Affected versions

Other

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 1646.0,
                "function_hash": "260801340390853921484827258252259891230"
            },
            "id": "ASB-A-155648771-9979c947",
            "deprecated": false,
            "signature_version": "v1",
            "signature_type": "Function",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/a9f825922e1870575aeab11a2035903c217233c9",
            "target": {
                "function": "updatePermissionSourcePackage",
                "file": "services/core/java/com/android/server/pm/permission/PermissionManagerService.java"
            }
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "42944500549505635161036987220393129218",
                    "32374468865149567811517005251175270874",
                    "182416145722170882610837408393988471387",
                    "73133442436564090363183519967048906082"
                ]
            },
            "id": "ASB-A-155648771-dcfd25c1",
            "deprecated": false,
            "signature_version": "v1",
            "signature_type": "Line",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/a9f825922e1870575aeab11a2035903c217233c9",
            "target": {
                "file": "services/core/java/com/android/server/pm/permission/PermissionManagerService.java"
            }
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/a9f825922e1870575aeab11a2035903c217233c9"
    ],
    "types": [
        "EoP"
    ],
    "spl": "2021-01-01",
    "severity": "High"
}

Database specific

source

"https://storage.googleapis.com/android-osv/ASB-A-155648771.json"