ASB-A-168211968
See a problem?- Import Source
- https://storage.googleapis.com/android-osv/ASB-A-168211968.json
- JSON Data
- https://api.osv.dev/v1/vulns/ASB-A-168211968
- Aliases
-
- A-168211968
- CVE-2021-0318
- Published
- 2021-01-01T00:00:00Z
- Modified
- 2026-04-17T15:55:28.020024Z
- Summary
- [none]
- Details
-
In appendEventsToCacheLocked of SensorEventConnection.cpp, there is a possible out of bounds write due to a use-after-free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
- References
Affected packages
Android
platform/frameworks/native
Package
- Name
- platform/frameworks/native
Ecosystem specific
{
"vanir_signatures": [
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"202368162637071165403492011988823194783",
"121104729448867220595608183493770835687",
"293483056608763997962834505626895548119",
"142822261472916088772458385887388879543",
"54688159848720015509561153431329904789",
"4277870523749451347662473076295229414",
"300306834319706072564686893329399314156",
"288508651323435783821469633011772846326",
"278248246036607606048281863112930083024",
"226599680908214427281814260888099075190",
"67674543247936684167742947757204455558",
"151215926628002863242663729258108071898",
"15069736780096551286450254408379903251",
"89204402314811274667127098496563295789",
"118836781511721118979551795024603328147",
"48624523166459769892248248668580047688",
"61120592048590206267109638804359711989",
"20894016542014276904274705222809748103",
"160387362135192214326949618991660477992",
"302123035189751588749838170976561479386",
"207251469058233223588979060847798748666",
"260197688206117516574268416906806434397",
"270188350052514123047402395743758234257",
"55970111288830492236382369679935355198",
"43937621687462578598029918613112041832"
]
},
"id": "ASB-A-168211968-4b6f40e8",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/frameworks/native/+/adb416ac460cb28ca03e7898bdd154b1d0f8c16b",
"target": {
"file": "services/sensorservice/SensorEventConnection.cpp"
}
},
{
"digest": {
"length": 318.0,
"function_hash": "33931799434306739723823299059545368450"
},
"id": "ASB-A-168211968-62f2b0e7",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/frameworks/native/+/adb416ac460cb28ca03e7898bdd154b1d0f8c16b",
"target": {
"function": "SensorService::SensorEventConnection::enableDisable",
"file": "services/sensorservice/SensorEventConnection.cpp"
}
},
{
"digest": {
"length": 170.0,
"function_hash": "137297107811361477517210085125065757025"
},
"id": "ASB-A-168211968-90c6ba15",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/frameworks/native/+/adb416ac460cb28ca03e7898bdd154b1d0f8c16b",
"target": {
"function": "SensorService::SensorEventConnection::setEventRate",
"file": "services/sensorservice/SensorEventConnection.cpp"
}
},
{
"digest": {
"length": 243.0,
"function_hash": "225963280910332089164664548448213960643"
},
"id": "ASB-A-168211968-baf98c7d",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/frameworks/native/+/adb416ac460cb28ca03e7898bdd154b1d0f8c16b",
"target": {
"function": "SensorService::SensorEventConnection::destroy",
"file": "services/sensorservice/SensorEventConnection.cpp"
}
},
{
"digest": {
"length": 158.0,
"function_hash": "125560433277978335678868205680761343141"
},
"id": "ASB-A-168211968-c58b8bc2",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/frameworks/native/+/adb416ac460cb28ca03e7898bdd154b1d0f8c16b",
"target": {
"function": "SensorService::SensorEventConnection::~SensorEventConnection",
"file": "services/sensorservice/SensorEventConnection.cpp"
}
},
{
"digest": {
"length": 120.0,
"function_hash": "169200356894306624094865171954097805256"
},
"id": "ASB-A-168211968-c98dc41f",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/frameworks/native/+/adb416ac460cb28ca03e7898bdd154b1d0f8c16b",
"target": {
"function": "SensorService::SensorEventConnection::flush",
"file": "services/sensorservice/SensorEventConnection.cpp"
}
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"122281379492002828810663692672006764002",
"171645295499317909613465543532018460138",
"176544860176600423777909228970737669623",
"254183565615526321487899148978979568729",
"928524509260589180792834089856723854",
"68702381720170381707297165040800976011"
]
},
"id": "ASB-A-168211968-ccdd5905",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/frameworks/native/+/adb416ac460cb28ca03e7898bdd154b1d0f8c16b",
"target": {
"file": "services/sensorservice/SensorEventConnection.h"
}
}
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/native/+/adb416ac460cb28ca03e7898bdd154b1d0f8c16b"
],
"types": [
"EoP"
],
"spl": "2021-01-01",
"severity": "High"
}platform/frameworks/native
Package
- Name
- platform/frameworks/native
Ecosystem specific
{
"vanir_signatures": [
{
"digest": {
"length": 158.0,
"function_hash": "125560433277978335678868205680761343141"
},
"id": "ASB-A-168211968-47586f18",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/frameworks/native/+/adb416ac460cb28ca03e7898bdd154b1d0f8c16b",
"target": {
"function": "SensorService::SensorEventConnection::~SensorEventConnection",
"file": "services/sensorservice/SensorEventConnection.cpp"
}
},
{
"digest": {
"length": 243.0,
"function_hash": "225963280910332089164664548448213960643"
},
"id": "ASB-A-168211968-721ac9b3",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/frameworks/native/+/adb416ac460cb28ca03e7898bdd154b1d0f8c16b",
"target": {
"function": "SensorService::SensorEventConnection::destroy",
"file": "services/sensorservice/SensorEventConnection.cpp"
}
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"202368162637071165403492011988823194783",
"121104729448867220595608183493770835687",
"293483056608763997962834505626895548119",
"142822261472916088772458385887388879543",
"54688159848720015509561153431329904789",
"4277870523749451347662473076295229414",
"300306834319706072564686893329399314156",
"288508651323435783821469633011772846326",
"278248246036607606048281863112930083024",
"226599680908214427281814260888099075190",
"67674543247936684167742947757204455558",
"151215926628002863242663729258108071898",
"15069736780096551286450254408379903251",
"89204402314811274667127098496563295789",
"118836781511721118979551795024603328147",
"48624523166459769892248248668580047688",
"61120592048590206267109638804359711989",
"20894016542014276904274705222809748103",
"160387362135192214326949618991660477992",
"302123035189751588749838170976561479386",
"207251469058233223588979060847798748666",
"260197688206117516574268416906806434397",
"270188350052514123047402395743758234257",
"55970111288830492236382369679935355198",
"43937621687462578598029918613112041832"
]
},
"id": "ASB-A-168211968-846c4cee",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/frameworks/native/+/adb416ac460cb28ca03e7898bdd154b1d0f8c16b",
"target": {
"file": "services/sensorservice/SensorEventConnection.cpp"
}
},
{
"digest": {
"length": 120.0,
"function_hash": "169200356894306624094865171954097805256"
},
"id": "ASB-A-168211968-9f300c16",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/frameworks/native/+/adb416ac460cb28ca03e7898bdd154b1d0f8c16b",
"target": {
"function": "SensorService::SensorEventConnection::flush",
"file": "services/sensorservice/SensorEventConnection.cpp"
}
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"122281379492002828810663692672006764002",
"171645295499317909613465543532018460138",
"176544860176600423777909228970737669623",
"254183565615526321487899148978979568729",
"928524509260589180792834089856723854",
"68702381720170381707297165040800976011"
]
},
"id": "ASB-A-168211968-aa30693f",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/frameworks/native/+/adb416ac460cb28ca03e7898bdd154b1d0f8c16b",
"target": {
"file": "services/sensorservice/SensorEventConnection.h"
}
},
{
"digest": {
"length": 170.0,
"function_hash": "137297107811361477517210085125065757025"
},
"id": "ASB-A-168211968-ce35a513",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/frameworks/native/+/adb416ac460cb28ca03e7898bdd154b1d0f8c16b",
"target": {
"function": "SensorService::SensorEventConnection::setEventRate",
"file": "services/sensorservice/SensorEventConnection.cpp"
}
},
{
"digest": {
"length": 318.0,
"function_hash": "33931799434306739723823299059545368450"
},
"id": "ASB-A-168211968-e9813f10",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/frameworks/native/+/adb416ac460cb28ca03e7898bdd154b1d0f8c16b",
"target": {
"function": "SensorService::SensorEventConnection::enableDisable",
"file": "services/sensorservice/SensorEventConnection.cpp"
}
}
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/native/+/adb416ac460cb28ca03e7898bdd154b1d0f8c16b"
],
"types": [
"EoP"
],
"spl": "2021-01-01",
"severity": "High"
}platform/frameworks/native
Package
- Name
- platform/frameworks/native
Ecosystem specific
{
"vanir_signatures": [
{
"digest": {
"length": 120.0,
"function_hash": "169200356894306624094865171954097805256"
},
"id": "ASB-A-168211968-0023f1b5",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/frameworks/native/+/adb416ac460cb28ca03e7898bdd154b1d0f8c16b",
"target": {
"function": "SensorService::SensorEventConnection::flush",
"file": "services/sensorservice/SensorEventConnection.cpp"
}
},
{
"digest": {
"length": 158.0,
"function_hash": "125560433277978335678868205680761343141"
},
"id": "ASB-A-168211968-02e25bc4",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/frameworks/native/+/adb416ac460cb28ca03e7898bdd154b1d0f8c16b",
"target": {
"function": "SensorService::SensorEventConnection::~SensorEventConnection",
"file": "services/sensorservice/SensorEventConnection.cpp"
}
},
{
"digest": {
"length": 318.0,
"function_hash": "33931799434306739723823299059545368450"
},
"id": "ASB-A-168211968-2d80f79e",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/frameworks/native/+/adb416ac460cb28ca03e7898bdd154b1d0f8c16b",
"target": {
"function": "SensorService::SensorEventConnection::enableDisable",
"file": "services/sensorservice/SensorEventConnection.cpp"
}
},
{
"digest": {
"length": 243.0,
"function_hash": "225963280910332089164664548448213960643"
},
"id": "ASB-A-168211968-7baf05ec",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/frameworks/native/+/adb416ac460cb28ca03e7898bdd154b1d0f8c16b",
"target": {
"function": "SensorService::SensorEventConnection::destroy",
"file": "services/sensorservice/SensorEventConnection.cpp"
}
},
{
"digest": {
"length": 170.0,
"function_hash": "137297107811361477517210085125065757025"
},
"id": "ASB-A-168211968-855f879c",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/frameworks/native/+/adb416ac460cb28ca03e7898bdd154b1d0f8c16b",
"target": {
"function": "SensorService::SensorEventConnection::setEventRate",
"file": "services/sensorservice/SensorEventConnection.cpp"
}
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"122281379492002828810663692672006764002",
"171645295499317909613465543532018460138",
"176544860176600423777909228970737669623",
"254183565615526321487899148978979568729",
"928524509260589180792834089856723854",
"68702381720170381707297165040800976011"
]
},
"id": "ASB-A-168211968-8c46c682",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/frameworks/native/+/adb416ac460cb28ca03e7898bdd154b1d0f8c16b",
"target": {
"file": "services/sensorservice/SensorEventConnection.h"
}
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"202368162637071165403492011988823194783",
"121104729448867220595608183493770835687",
"293483056608763997962834505626895548119",
"142822261472916088772458385887388879543",
"54688159848720015509561153431329904789",
"4277870523749451347662473076295229414",
"300306834319706072564686893329399314156",
"288508651323435783821469633011772846326",
"278248246036607606048281863112930083024",
"226599680908214427281814260888099075190",
"67674543247936684167742947757204455558",
"151215926628002863242663729258108071898",
"15069736780096551286450254408379903251",
"89204402314811274667127098496563295789",
"118836781511721118979551795024603328147",
"48624523166459769892248248668580047688",
"61120592048590206267109638804359711989",
"20894016542014276904274705222809748103",
"160387362135192214326949618991660477992",
"302123035189751588749838170976561479386",
"207251469058233223588979060847798748666",
"260197688206117516574268416906806434397",
"270188350052514123047402395743758234257",
"55970111288830492236382369679935355198",
"43937621687462578598029918613112041832"
]
},
"id": "ASB-A-168211968-97aae3e9",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/frameworks/native/+/adb416ac460cb28ca03e7898bdd154b1d0f8c16b",
"target": {
"file": "services/sensorservice/SensorEventConnection.cpp"
}
}
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/native/+/adb416ac460cb28ca03e7898bdd154b1d0f8c16b"
],
"types": [
"EoP"
],
"spl": "2021-01-01",
"severity": "High"
}platform/frameworks/native
Package
- Name
- platform/frameworks/native
Ecosystem specific
{
"vanir_signatures": [
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"122281379492002828810663692672006764002",
"171645295499317909613465543532018460138",
"176544860176600423777909228970737669623",
"254183565615526321487899148978979568729",
"928524509260589180792834089856723854",
"68702381720170381707297165040800976011"
]
},
"id": "ASB-A-168211968-2edb8018",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/frameworks/native/+/adb416ac460cb28ca03e7898bdd154b1d0f8c16b",
"target": {
"file": "services/sensorservice/SensorEventConnection.h"
}
},
{
"digest": {
"length": 170.0,
"function_hash": "137297107811361477517210085125065757025"
},
"id": "ASB-A-168211968-31b2d87b",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/frameworks/native/+/adb416ac460cb28ca03e7898bdd154b1d0f8c16b",
"target": {
"function": "SensorService::SensorEventConnection::setEventRate",
"file": "services/sensorservice/SensorEventConnection.cpp"
}
},
{
"digest": {
"length": 158.0,
"function_hash": "125560433277978335678868205680761343141"
},
"id": "ASB-A-168211968-3b471301",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/frameworks/native/+/adb416ac460cb28ca03e7898bdd154b1d0f8c16b",
"target": {
"function": "SensorService::SensorEventConnection::~SensorEventConnection",
"file": "services/sensorservice/SensorEventConnection.cpp"
}
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"202368162637071165403492011988823194783",
"121104729448867220595608183493770835687",
"293483056608763997962834505626895548119",
"142822261472916088772458385887388879543",
"54688159848720015509561153431329904789",
"4277870523749451347662473076295229414",
"300306834319706072564686893329399314156",
"288508651323435783821469633011772846326",
"278248246036607606048281863112930083024",
"226599680908214427281814260888099075190",
"67674543247936684167742947757204455558",
"151215926628002863242663729258108071898",
"15069736780096551286450254408379903251",
"89204402314811274667127098496563295789",
"118836781511721118979551795024603328147",
"48624523166459769892248248668580047688",
"61120592048590206267109638804359711989",
"20894016542014276904274705222809748103",
"160387362135192214326949618991660477992",
"302123035189751588749838170976561479386",
"207251469058233223588979060847798748666",
"260197688206117516574268416906806434397",
"270188350052514123047402395743758234257",
"55970111288830492236382369679935355198",
"43937621687462578598029918613112041832"
]
},
"id": "ASB-A-168211968-8567af1e",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/frameworks/native/+/adb416ac460cb28ca03e7898bdd154b1d0f8c16b",
"target": {
"file": "services/sensorservice/SensorEventConnection.cpp"
}
},
{
"digest": {
"length": 243.0,
"function_hash": "225963280910332089164664548448213960643"
},
"id": "ASB-A-168211968-9746f222",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/frameworks/native/+/adb416ac460cb28ca03e7898bdd154b1d0f8c16b",
"target": {
"function": "SensorService::SensorEventConnection::destroy",
"file": "services/sensorservice/SensorEventConnection.cpp"
}
},
{
"digest": {
"length": 318.0,
"function_hash": "33931799434306739723823299059545368450"
},
"id": "ASB-A-168211968-a3e80b35",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/frameworks/native/+/adb416ac460cb28ca03e7898bdd154b1d0f8c16b",
"target": {
"function": "SensorService::SensorEventConnection::enableDisable",
"file": "services/sensorservice/SensorEventConnection.cpp"
}
},
{
"digest": {
"length": 120.0,
"function_hash": "169200356894306624094865171954097805256"
},
"id": "ASB-A-168211968-d0fc6c94",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/frameworks/native/+/adb416ac460cb28ca03e7898bdd154b1d0f8c16b",
"target": {
"function": "SensorService::SensorEventConnection::flush",
"file": "services/sensorservice/SensorEventConnection.cpp"
}
}
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/native/+/adb416ac460cb28ca03e7898bdd154b1d0f8c16b"
],
"types": [
"EoP"
],
"spl": "2021-01-01",
"severity": "High"
}