ASB-A-157320644

See a problem?

Import Source

https://storage.googleapis.com/android-osv/ASB-A-157320644.json

JSON Data

https://api.osv.dev/v1/vulns/ASB-A-157320644

Aliases

A-157320644
CVE-2021-0645

Published

2021-08-01T00:00:00Z

Modified

2026-06-08T15:01:31.246215948Z

Summary

[none]

Details

In shouldBlockFromTree of ExternalStorageProvider.java, there is a possible permissions bypass. This could lead to local escalation of privilege, allowing an app to read private app directories in external storage, which should be restricted in Android 11, with no additional execution privileges needed. User interaction is needed for exploitation.

References

Affected packages

Android / platform/frameworks/base

Package

Name: platform/frameworks/base

Affected ranges

Type: ECOSYSTEM
Events: Introduced

11:0

Fixed

11:2021-08-01

Affected versions

Other

Ecosystem specific

{
    "types": [
        "EoP"
    ],
    "spl": "2021-08-01",
    "severity": "High",
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/1ea98d44490a2383a604b546a5671a783c1000dd"
    ],
    "vanir_signatures": [
        {
            "digest": {
                "length": 773.0,
                "function_hash": "21264950629884566867052038175961168832"
            },
            "target": {
                "file": "packages/ExternalStorageProvider/src/com/android/externalstorage/ExternalStorageProvider.java",
                "function": "shouldBlockFromTree"
            },
            "signature_type": "Function",
            "signature_version": "v1",
            "id": "ASB-A-157320644-06ed280d",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/1ea98d44490a2383a604b546a5671a783c1000dd",
            "deprecated": false
        }
    ]
}

Database specific

source

"https://storage.googleapis.com/android-osv/ASB-A-157320644.json"