ASB-A-157929241
See a problem?- Import Source
- https://storage.googleapis.com/android-osv/ASB-A-157929241.json
- JSON Data
- https://api.osv.dev/v1/vulns/ASB-A-157929241
- Aliases
-
- A-157929241
- CVE-2021-39691
- Published
- 2022-06-01T00:00:00Z
- Modified
- 2024-10-02T23:18:48Z
- Summary
- [none]
- Details
-
In WindowManager, there is a possible tapjacking attack due to an incorrect window flag when processing user input. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
- References
Affected packages
Android / platform/frameworks/base
Package
Ecosystem specific
{
"vanir_signatures": [
{
"digest": {
"length": 1156.0,
"function_hash": "153347065348297576086272620388138362993"
},
"id": "ASB-A-157929241-1c28704b",
"source": "https://android.googlesource.com/platform/frameworks/base/+/5972dfb7154f1550869e9ae39f02d61be99cc1c2",
"deprecated": true,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/wm/WindowManagerService.java",
"function": "updateInputChannel"
},
"signature_type": "Function"
},
{
"match_only_versions": [
"12L-next"
],
"digest": {
"threshold": 0.9,
"line_hashes": [
"58563466410381007163839025469922812273",
"338517104540503439045421012757645611643",
"93948896743369610819950804246628851451",
"177231549024239430334414517580665495405",
"246185078519528918125583660992247270145",
"203439133431149365179589401502637275269",
"111668051541835312223226028461026331966",
"108501984441557518335898098660511555749",
"71494980612380864952328452788358420277",
"122306817153474500633591346451668489",
"104235581513073197520511415572108749634"
]
},
"id": "ASB-A-157929241-2b8b83b5",
"source": "https://android.googlesource.com/platform/frameworks/base/+/5972dfb7154f1550869e9ae39f02d61be99cc1c2",
"deprecated": true,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/wm/DisplayPolicy.java"
},
"signature_type": "Line"
},
{
"match_only_versions": [
"12L-next"
],
"digest": {
"threshold": 0.9,
"line_hashes": [
"132773352337124080789729270131381563473",
"179417527530155487907533589035760519482",
"15472179494974277352996987447185250363",
"119859239874343967522998842610674205942"
]
},
"id": "ASB-A-157929241-4a182953",
"source": "https://android.googlesource.com/platform/frameworks/base/+/5972dfb7154f1550869e9ae39f02d61be99cc1c2",
"deprecated": true,
"signature_version": "v1",
"target": {
"file": "core/java/android/view/WindowManager.java"
},
"signature_type": "Line"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"92301874802876879800300804264221710037",
"308187357358330776406713004441457116409",
"39320247196469553920384226277335287108",
"166579063859907712482131959292186976922",
"169229089062142088050317133364961188430",
"26157600409494317195784676518382068449",
"218700501737969333823614092372709505116",
"87396694166605159295035069780113691174",
"184624018484936216838273776084714878218"
]
},
"id": "ASB-A-157929241-d7c0e089",
"source": "https://android.googlesource.com/platform/frameworks/base/+/5972dfb7154f1550869e9ae39f02d61be99cc1c2",
"deprecated": true,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/wm/WindowManagerService.java"
},
"signature_type": "Line"
},
{
"digest": {
"length": 1655.0,
"function_hash": "310382824889737597461733662198232335870"
},
"id": "ASB-A-157929241-fd576c99",
"source": "https://android.googlesource.com/platform/frameworks/base/+/5972dfb7154f1550869e9ae39f02d61be99cc1c2",
"deprecated": true,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/wm/DisplayPolicy.java",
"function": "adjustWindowParamsLw"
},
"signature_type": "Function"
}
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/5972dfb7154f1550869e9ae39f02d61be99cc1c2",
"https://android.googlesource.com/platform/frameworks/base/+/be3d14b5fccc5bccf12f3ec8af9fd3e43af7477b",
"https://android.googlesource.com/platform/frameworks/base/+/c07d90ff207cef18e30cc35efb8a0b456b24ba01"
],
"spl": "2022-06-01",
"severity": "High",
"types": [
"EoP"
]
}
Android / platform/packages/modules/Permission
Package
Ecosystem specific
{
"vanir_signatures": [
{
"match_only_versions": [
"12L-next"
],
"digest": {
"threshold": 0.9,
"line_hashes": [
"266451771207337882647398006016776335976",
"152778530814030248459216438437508528619",
"191200239085447040838302047096440730501",
"263270893609419413141107975357247074307",
"138312337730147805203224245303522183265",
"254843881453794660882541889006344539710",
"144138656155451294311315113459241442578",
"336647562501736590497452528575687260355",
"126674215813451262511316243988692177791",
"75100255801360539404353668777379487529",
"113050609607423334772924953711553593863",
"200806739722239618547435466965686920832",
"87751755987693354492872859136345651390",
"325502142519159076409320344952165530281"
]
},
"id": "ASB-A-157929241-4a5f182b",
"source": "https://android.googlesource.com/platform/packages/modules/Permission/+/1047d4e44b6f2422a7aed2311b2695df1e8a5f66",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "PermissionController/src/com/android/permissioncontroller/role/model/HomeRoleBehavior.java"
},
"signature_type": "Line"
},
{
"match_only_versions": [
"12L-next"
],
"digest": {
"length": 266.0,
"function_hash": "320654858666519986315252438776713473820"
},
"id": "ASB-A-157929241-7fd13b71",
"source": "https://android.googlesource.com/platform/packages/modules/Permission/+/1047d4e44b6f2422a7aed2311b2695df1e8a5f66",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "PermissionController/src/com/android/permissioncontroller/role/model/HomeRoleBehavior.java",
"function": "revoke"
},
"signature_type": "Function"
},
{
"match_only_versions": [
"12L-next"
],
"digest": {
"length": 281.0,
"function_hash": "291770406326217863011581347223935487901"
},
"id": "ASB-A-157929241-ce8d6d51",
"source": "https://android.googlesource.com/platform/packages/modules/Permission/+/1047d4e44b6f2422a7aed2311b2695df1e8a5f66",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "PermissionController/src/com/android/permissioncontroller/role/model/HomeRoleBehavior.java",
"function": "grant"
},
"signature_type": "Function"
}
],
"fixes": [
"https://android.googlesource.com/platform/packages/modules/Permission/+/1047d4e44b6f2422a7aed2311b2695df1e8a5f66"
],
"spl": "2022-06-01",
"severity": "High",
"types": [
"EoP"
]
}
Android / platform/frameworks/native
Package
Ecosystem specific
{
"vanir_signatures": [
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"83909744248771613920413884159268329451",
"335391426496715306198237935573687915228",
"86495769725788159622907656757257426039",
"293818353683518844837345193421986437986"
]
},
"id": "ASB-A-157929241-49670bc0",
"source": "https://android.googlesource.com/platform/frameworks/native/+/6e689ffe3fad4b190629e11222936fb7cda041c2",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/inputflinger/InputDispatcher.cpp"
},
"signature_type": "Line"
},
{
"digest": {
"length": 10745.0,
"function_hash": "38131015991642964551032929699778201765"
},
"id": "ASB-A-157929241-7c973019",
"source": "https://android.googlesource.com/platform/frameworks/native/+/6e689ffe3fad4b190629e11222936fb7cda041c2",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/inputflinger/InputDispatcher.cpp",
"function": "InputDispatcher::findTouchedWindowTargetsLocked"
},
"signature_type": "Function"
}
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/native/+/6e689ffe3fad4b190629e11222936fb7cda041c2"
],
"spl": "2022-06-01",
"severity": "High",
"types": [
"EoP"
]
}
Android / platform/frameworks/base
Package
Ecosystem specific
{
"vanir_signatures": [
{
"digest": {
"length": 1109.0,
"function_hash": "197668447375550088595462888993817787185"
},
"id": "ASB-A-157929241-35896653",
"source": "https://android.googlesource.com/platform/frameworks/base/+/07e7aaff2957c103d1bcd51e6e9b1dbde29d87bd",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/wm/WindowManagerService.java",
"function": "updateInputChannel"
},
"signature_type": "Function"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"58563466410381007163839025469922812273",
"255014915607238014811773278084584934218",
"325261277324665359666070124287546849498",
"146030089459388533325907162142839649016",
"220407582334627480893692131705077190638",
"233504428198100536970004212144302098617",
"330213027135848150965598926120822425914",
"181967708584856178536859204051798905755",
"236732265184660035366467935863000898408",
"209247006156520135414919465455632668230",
"189885709426762610526399389761134554638"
]
},
"id": "ASB-A-157929241-a0d4fcc7",
"source": "https://android.googlesource.com/platform/frameworks/base/+/07e7aaff2957c103d1bcd51e6e9b1dbde29d87bd",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/wm/DisplayPolicy.java"
},
"signature_type": "Line"
},
{
"digest": {
"length": 1802.0,
"function_hash": "248878794927647396918728413038369413928"
},
"id": "ASB-A-157929241-bc5ef53e",
"source": "https://android.googlesource.com/platform/frameworks/base/+/07e7aaff2957c103d1bcd51e6e9b1dbde29d87bd",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/wm/DisplayPolicy.java",
"function": "adjustWindowParamsLw"
},
"signature_type": "Function"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"92301874802876879800300804264221710037",
"308187357358330776406713004441457116409",
"182739585670183033533835615909287447078",
"102682510814621086436227533852805382379",
"169229089062142088050317133364961188430",
"184587690390739275324101434936887629646",
"320061984503952522122792851423918277822",
"65023361680101847600272844512532549191",
"105267496751941668265139726099238228864"
]
},
"id": "ASB-A-157929241-e9377f1e",
"source": "https://android.googlesource.com/platform/frameworks/base/+/07e7aaff2957c103d1bcd51e6e9b1dbde29d87bd",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/wm/WindowManagerService.java"
},
"signature_type": "Line"
}
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/cccf19150f5247e101417b2a4f3748813dd7058a",
"https://android.googlesource.com/platform/frameworks/base/+/07e7aaff2957c103d1bcd51e6e9b1dbde29d87bd"
],
"spl": "2022-06-01",
"severity": "High",
"types": [
"EoP"
]
}
Android / platform/frameworks/native
Package
Ecosystem specific
{
"vanir_signatures": [
{
"digest": {
"length": 10129.0,
"function_hash": "215636001148364275985609935948235791065"
},
"id": "ASB-A-157929241-4f1fd6b4",
"source": "https://android.googlesource.com/platform/frameworks/native/+/d8c6ef21387db53930d728272db24cca1cd38a38",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/inputflinger/dispatcher/InputDispatcher.cpp",
"function": "InputDispatcher::findTouchedWindowTargetsLocked"
},
"signature_type": "Function"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"36433552115218054786902081124042964491",
"226265167843788491288372118080704167450",
"209636117168920513288341662403767138008",
"65687755485929980392874111508506376415",
"306565193006909403514893976416407103269",
"259713964474171092967478440709050230339",
"123484333842159570417926662401010982595",
"307981482380070645554113985829441548232",
"100212652561836398012235130829636329800",
"223711419946894428175548437529077494754",
"247458752750817065692470830956316951571",
"65817281378580326768413349376608026049",
"268701751384246200401416673509427613450",
"260971592204745346326751675173539925769",
"312272564107966075389926792717265412125",
"276215940763734963832935816132512460195",
"306428279729043984174430439479866002516",
"114100168480311555784374730083011199038",
"224995580949486283473150533595575623485",
"265351960590956049312339660365232165547",
"24941738909571444383547519965100214182",
"211954732138150034112794507198208623742",
"303388869290428316526809736129200976507",
"159474328291417832713586623784209029769",
"53628338712192879342016225602707224708",
"293233257795421214057609807056910417467",
"108948354208461301316431328436865284798",
"1734208229481855244992657578123494851",
"96102250999902366698094728955482770418",
"157175383648756382238433842150119119840",
"36266979984612402831721406537264955787",
"148148580787783516570932623088827067179",
"291723163122799413539113935667519052746",
"308162668308713627069684425564071717225",
"53217213559927991142484365357935030755",
"1791464953375586125928176045316849998",
"282921658683096667748493456334806819355",
"312773524760692924424430917848009961772",
"304976700318746421053317005864551228032",
"246784223549066423306670199285314582723",
"12621730114058747022572830953367593855",
"109252984800301244323467394189332436309",
"46511506494366872305085347855843750693",
"112240479928188113292016573675727993975",
"52584879914020249408058118909020230842",
"231422006436629142105564878236459544711",
"228179379994455177847860042164607883137",
"118705031317865277456868412945070664838",
"77382627745860018988220035392272041975",
"171414956221169328456402610259857946283",
"279052160528129846401974635117666125350",
"338288589630154455502673100746858191122",
"149367147009822366523032771291970906715",
"175345549866751718947009255255275783965",
"16923081076592113365771857438430485894",
"1534496977082253815708251733778775394",
"23138798177941889622581531269640847150",
"339690294565987564406610789693871200162",
"116856882838280124593601445516585628277",
"247637379850569469554920242517981553490",
"107593982086668635088591656471236416080",
"122700687465832862159632230054272631445",
"98490742268758753427214417132759870508",
"49000308518733536814153782138435593556",
"288733728639490588127731704548252695454",
"250093657940131817149669272722830875728",
"294643193563371442249231836845029995621",
"179964390936937239374884581972225167751",
"111018730050456373884890985755289783241",
"276657416824164545994389515851385896100",
"59322017155780592732862519351248800287",
"304762744242750080355443786147797787583",
"220834820612530753522479356329029726918",
"288414692805888670123974264343554129337",
"63946277692908467375252829917379239519",
"193442952299023664176020372792463580577",
"293419759334788718725942788580988017467",
"278138186226346455345739470875763766119",
"49000308518733536814153782138435593556",
"288733728639490588127731704548252695454",
"250093657940131817149669272722830875728",
"117928972398266727520388533784262540553",
"100256021791620531408389343517357573379",
"12647698101921816636076972456839360548",
"79143702972210598445804541019004890920",
"203744316345729480691697534364365180534",
"225344600784906254960091674795429343896",
"198666522799091572520806652975454154740",
"309065074346907304282135570120685532193",
"330629577908953757055483646607947072192",
"159929122916348750361056132499973388166",
"313077679539295066591267071684184496108",
"94972231511960847344695119757317673998",
"2477864222702786428222477966989409133",
"293779743502996615600813400937409309439",
"174666759410129186372414291302124436510",
"13194377183608856915611859349817536135",
"272367616158397520875256853821540608248",
"337429055164513351312913278624541435674",
"57291438505738624969007918877709879648",
"288414692805888670123974264343554129337",
"63946277692908467375252829917379239519",
"118060208514341573061393190008698364834",
"30223735416047499573081953771253899510",
"70063520239448795409027101000470090298",
"167204942008229774819445938792603634326",
"252691037926632000581705182235656966437",
"122035009903186425841369657186426626559",
"55136293333954101199964925685454728763",
"146021885569089889719351414953246325021",
"169064195563548074509423288643640995892",
"931877712778748409032958339905918934",
"43360324979847079574544163327983642699",
"332458033984303704346188191667028131077",
"80904664918016483245946686029990997693",
"216763008521377743556489064809793374418",
"241485211116944755020250404898875749350",
"175409561699926778970322065654484866801",
"95277863392071150744016386425864271232",
"83728669001903070018471478524571497538",
"286327942251877439997328087175551601530",
"178269353529024223451845291172931656052",
"44717166743142873728277567397460672728",
"327821488011128638740447237532190229028",
"207516111348670465218511009071970592706",
"259571452692422641998243293892066825336",
"121656567188322622405087834466806720704",
"39248775899445715773548042964763159947",
"192979772885138259542476536110679638970",
"272367616158397520875256853821540608248",
"337429055164513351312913278624541435674",
"57291438505738624969007918877709879648",
"288414692805888670123974264343554129337",
"63946277692908467375252829917379239519",
"312213937316076172223697612946481974553",
"30816310338036383380363370807465072907",
"195417206718680953245805842393938978663",
"96411094820964434713377530611186316918",
"312638836338038428527424990318087557590",
"13530854507313691336713653884557585256",
"323823963496233932003629902250030443271",
"163680259203646151396194258233490236281",
"175751806345399167738373871535380472120",
"29037944336782005135844551149382726533",
"4349758314777059337690299462791706820",
"304474242662978061010814453391378886741",
"194866865281851956611460800017090975573",
"98930382168000327033903736933177742211"
]
},
"id": "ASB-A-157929241-ca66a961",
"source": "https://android.googlesource.com/platform/frameworks/native/+/d8c6ef21387db53930d728272db24cca1cd38a38",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/inputflinger/tests/InputDispatcher_test.cpp"
},
"signature_type": "Line"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"83909744248771613920413884159268329451",
"335391426496715306198237935573687915228",
"86495769725788159622907656757257426039",
"293818353683518844837345193421986437986"
]
},
"id": "ASB-A-157929241-d7344250",
"source": "https://android.googlesource.com/platform/frameworks/native/+/d8c6ef21387db53930d728272db24cca1cd38a38",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/inputflinger/dispatcher/InputDispatcher.cpp"
},
"signature_type": "Line"
}
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/native/+/d8c6ef21387db53930d728272db24cca1cd38a38"
],
"spl": "2022-06-01",
"severity": "High",
"types": [
"EoP"
]
}
Android / platform/packages/apps/Launcher3
Package
Ecosystem specific
{
"vanir_signatures": [
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"134819474328631603133796443972903733249",
"116386229792983575971439173336521864434",
"222511512100632230220672610381687033907",
"141877110356176432928266703449198614541",
"292214246491949075433752302704043572019",
"58811336993626638747551271804007064937",
"124428300855035937701697717779619540907",
"295477055928185487913505443853192118220",
"208623441473700920776895212394057174017",
"17696138799203616311625709599097332255",
"6330940361076397813707350478503492685"
]
},
"id": "ASB-A-157929241-bf0a7e57",
"source": "https://android.googlesource.com/platform/packages/apps/Launcher3/+/918776ee51c60a1156600bbbcf5da986ef882a91",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "quickstep/src/com/android/launcher3/uioverrides/touchcontrollers/StatusBarTouchController.java"
},
"signature_type": "Line"
}
],
"fixes": [
"https://android.googlesource.com/platform/packages/apps/Launcher3/+/918776ee51c60a1156600bbbcf5da986ef882a91"
],
"spl": "2022-06-01",
"severity": "High",
"types": [
"EoP"
]
}
Android / platform/frameworks/base
Package
Ecosystem specific
{
"vanir_signatures": [
{
"digest": {
"length": 1655.0,
"function_hash": "310382824889737597461733662198232335870"
},
"id": "ASB-A-157929241-390b83ff",
"source": "https://android.googlesource.com/platform/frameworks/base/+/0657e199403da352ffc765a72913458809658114",
"deprecated": true,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/wm/DisplayPolicy.java",
"function": "adjustWindowParamsLw"
},
"signature_type": "Function"
},
{
"match_only_versions": [
"12"
],
"digest": {
"threshold": 0.9,
"line_hashes": [
"58563466410381007163839025469922812273",
"338517104540503439045421012757645611643",
"93948896743369610819950804246628851451",
"177231549024239430334414517580665495405",
"246185078519528918125583660992247270145",
"203439133431149365179589401502637275269",
"111668051541835312223226028461026331966",
"108501984441557518335898098660511555749",
"71494980612380864952328452788358420277",
"122306817153474500633591346451668489",
"104235581513073197520511415572108749634"
]
},
"id": "ASB-A-157929241-58b666ef",
"source": "https://android.googlesource.com/platform/frameworks/base/+/0657e199403da352ffc765a72913458809658114",
"deprecated": true,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/wm/DisplayPolicy.java"
},
"signature_type": "Line"
},
{
"digest": {
"length": 1156.0,
"function_hash": "153347065348297576086272620388138362993"
},
"id": "ASB-A-157929241-6a4d2f27",
"source": "https://android.googlesource.com/platform/frameworks/base/+/0657e199403da352ffc765a72913458809658114",
"deprecated": true,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/wm/WindowManagerService.java",
"function": "updateInputChannel"
},
"signature_type": "Function"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"92301874802876879800300804264221710037",
"308187357358330776406713004441457116409",
"39320247196469553920384226277335287108",
"166579063859907712482131959292186976922",
"169229089062142088050317133364961188430",
"26157600409494317195784676518382068449",
"218700501737969333823614092372709505116",
"87396694166605159295035069780113691174",
"184624018484936216838273776084714878218"
]
},
"id": "ASB-A-157929241-c80781de",
"source": "https://android.googlesource.com/platform/frameworks/base/+/0657e199403da352ffc765a72913458809658114",
"deprecated": true,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/wm/WindowManagerService.java"
},
"signature_type": "Line"
}
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/d732692ba764857225760274c63cba8e758f08e6",
"https://android.googlesource.com/platform/frameworks/base/+/0657e199403da352ffc765a72913458809658114"
],
"spl": "2022-06-01",
"severity": "High",
"types": [
"EoP"
]
}
Android / platform/packages/apps/Launcher3
Package
Ecosystem specific
{
"vanir_signatures": [
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"42474112996094868378602810021259273740",
"90607248317882658960797275242671718857",
"252142154370890899054524848034613824890",
"316966423541302657758442697925677830105",
"292214246491949075433752302704043572019",
"58811336993626638747551271804007064937",
"124428300855035937701697717779619540907",
"295477055928185487913505443853192118220",
"208623441473700920776895212394057174017",
"17696138799203616311625709599097332255",
"6330940361076397813707350478503492685"
]
},
"id": "ASB-A-157929241-0434e004",
"source": "https://android.googlesource.com/platform/packages/apps/Launcher3/+/81ff81227e26d08779f176ed40fc2bed1cb9a912",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "quickstep/src/com/android/launcher3/uioverrides/touchcontrollers/StatusBarTouchController.java"
},
"signature_type": "Line"
}
],
"fixes": [
"https://android.googlesource.com/platform/packages/apps/Launcher3/+/81ff81227e26d08779f176ed40fc2bed1cb9a912"
],
"spl": "2022-06-01",
"severity": "High",
"types": [
"EoP"
]
}