ASB-A-162627132
See a problem?- Import Source
- https://storage.googleapis.com/android-osv/ASB-A-162627132.json
- JSON Data
- https://api.osv.dev/v1/vulns/ASB-A-162627132
- Aliases
-
- A-162627132
- CVE-2020-0440
- Published
- 2020-12-01T00:00:00Z
- Modified
- 2026-06-17T15:23:34.405473849Z
- Summary
- [none]
- Details
-
In createVirtualDisplay of DisplayManagerService.java, there is a possible way to create a trusted virtual display due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
- References
Affected packages
Android / platform/frameworks/base
Package
Ecosystem specific
{
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/11725e1206645e567cfdd70100d64d1e0a85180d",
"https://android.googlesource.com/platform/frameworks/base/+/534bbaeead15bc3c540efd947b3a5ade62cf27be"
],
"types": [
"EoP"
],
"severity": "High",
"vanir_signatures": [
{
"signature_version": "v1",
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/frameworks/base/+/11725e1206645e567cfdd70100d64d1e0a85180d",
"digest": {
"function_hash": "239371168474435106705549436577521379820",
"length": 620.0
},
"id": "ASB-A-162627132-423248a4",
"deprecated": false,
"target": {
"file": "core/java/android/app/ActivityView.java",
"function": "ActivityView"
}
},
{
"signature_version": "v1",
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/frameworks/base/+/11725e1206645e567cfdd70100d64d1e0a85180d",
"digest": {
"threshold": 0.9,
"line_hashes": [
"250896370136357360299701666135463075360",
"201686686013155060205738386991483530780",
"312711583752047043129679056824365673054",
"189122960153261462874005845203010359948",
"286399048268168781185554467120798134232",
"106083281954009616223228637256462267615",
"25850704806361255751968423519166396887",
"12967322972079511881275869331236320072",
"147716021270222420492105860109471466604",
"131276406187877410944642951580088492827",
"63377060841528466725544497714051852830"
]
},
"id": "ASB-A-162627132-65d2d104",
"deprecated": false,
"target": {
"file": "services/core/java/com/android/server/display/DisplayManagerService.java"
}
},
{
"signature_version": "v1",
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/frameworks/base/+/11725e1206645e567cfdd70100d64d1e0a85180d",
"digest": {
"threshold": 0.9,
"line_hashes": [
"258553771971410405841084262629681100491",
"7401628291545135932660139539553619545",
"242204327715555293190831521448470172486",
"92939128731960973492346651811509168753",
"314433566844467450865012753231334211740",
"274368783212763415446615146683375695911",
"204010551266933520204560819755870222846",
"203391213251224488244764204613584365300",
"258366518084438667083298462982327040781",
"323913289008743989267380426453474823230",
"260321854692399135256547868646927935704",
"205346645043153278868991523410521507592",
"22316378711438805155223441773216217046",
"288419990617274279659441749515198568054",
"81949748116057554335464500557729565413",
"269178950074266937729074231395410186816",
"17744133001399994430564946342714323148",
"307467135462894795426734241007414458866",
"167262242747670297908136728001729126263"
]
},
"id": "ASB-A-162627132-6b4eacfa",
"deprecated": false,
"target": {
"file": "core/java/android/window/VirtualDisplayTaskEmbedder.java"
}
},
{
"signature_version": "v1",
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/frameworks/base/+/11725e1206645e567cfdd70100d64d1e0a85180d",
"digest": {
"threshold": 0.9,
"line_hashes": [
"195379310623476678710410218490563778316",
"319199624462453366552246890649462496261",
"80218908142020543923972804654231410495",
"303522696637731085215683590697967519853"
]
},
"id": "ASB-A-162627132-7efdb6d8",
"deprecated": false,
"target": {
"file": "packages/SystemUI/src/com/android/systemui/bubbles/BubbleExpandedView.java"
}
},
{
"signature_version": "v1",
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/frameworks/base/+/11725e1206645e567cfdd70100d64d1e0a85180d",
"digest": {
"function_hash": "121327654351840086936967050863261341871",
"length": 2507.0
},
"id": "ASB-A-162627132-90e6a927",
"deprecated": false,
"target": {
"file": "services/core/java/com/android/server/display/DisplayManagerService.java",
"function": "createVirtualDisplay"
}
},
{
"signature_version": "v1",
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/frameworks/base/+/11725e1206645e567cfdd70100d64d1e0a85180d",
"digest": {
"function_hash": "209332261248657150809766734052562692292",
"length": 161.0
},
"id": "ASB-A-162627132-ab7c7fc2",
"deprecated": false,
"target": {
"file": "core/java/android/window/VirtualDisplayTaskEmbedder.java",
"function": "VirtualDisplayTaskEmbedder"
}
},
{
"signature_version": "v1",
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/frameworks/base/+/534bbaeead15bc3c540efd947b3a5ade62cf27be",
"digest": {
"function_hash": "43726405350117188276488369128079194231",
"length": 1338.0
},
"id": "ASB-A-162627132-cf11ce92",
"deprecated": false,
"target": {
"file": "services/core/java/com/android/server/vr/Vr2dDisplay.java",
"function": "startVirtualDisplay"
}
},
{
"signature_version": "v1",
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/frameworks/base/+/11725e1206645e567cfdd70100d64d1e0a85180d",
"digest": {
"function_hash": "249708782117754009439509511991058852838",
"length": 2350.0
},
"id": "ASB-A-162627132-d081ff13",
"deprecated": false,
"target": {
"file": "packages/SystemUI/src/com/android/systemui/bubbles/BubbleExpandedView.java",
"function": "onFinishInflate"
}
},
{
"signature_version": "v1",
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/frameworks/base/+/11725e1206645e567cfdd70100d64d1e0a85180d",
"digest": {
"threshold": 0.9,
"line_hashes": [
"96089115919927883009817411414754204204",
"168523404340466835887044445921646800663",
"294037072454595404292982144317110578447",
"126970483900217361288029711032128925081",
"278734129672993415439047871053023539114",
"205633361048188683437656721048153866684",
"305995911117668165260433079536015939528",
"316001025617636284700875619530730735172",
"222647459581260635751040637918951188586",
"333153351279358913954905767948003468291",
"78534315695932223970272974659965922195",
"51482359258682009475703155298937932777",
"4234172063000335714751786394933520430",
"289396799751130489717411796309020430709"
]
},
"id": "ASB-A-162627132-ea5889e1",
"deprecated": false,
"target": {
"file": "core/java/android/app/ActivityView.java"
}
},
{
"signature_version": "v1",
"id": "ASB-A-162627132-f16c942b",
"source": "https://android.googlesource.com/platform/frameworks/base/+/11725e1206645e567cfdd70100d64d1e0a85180d",
"digest": {
"function_hash": "217285014179210020151564900447951640456",
"length": 1103.0
},
"signature_type": "Function",
"deprecated": false,
"target": {
"file": "core/java/android/window/VirtualDisplayTaskEmbedder.java",
"function": "onInitialize"
}
},
{
"signature_version": "v1",
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/frameworks/base/+/534bbaeead15bc3c540efd947b3a5ade62cf27be",
"digest": {
"threshold": 0.9,
"line_hashes": [
"130344569746675618631350674811462547750",
"49170604162311517459516755728915256969",
"137912597979153709748025113541476231099",
"210888633868301561718554373832830691966"
]
},
"id": "ASB-A-162627132-f5f154c6",
"deprecated": false,
"target": {
"file": "services/core/java/com/android/server/vr/Vr2dDisplay.java"
}
}
],
"spl": "2020-12-01"
}