In updateDrawable of StatusBarIconView.java, there is a possible permission bypass due to an uncaught exception. This could lead to local escalation of privilege by running foreground services without notifying the user, with User execution privileges needed. User interaction is not needed for exploitation.
{
"spl": "2021-06-05",
"vanir_signatures": [
{
"target": {
"file": "packages/SystemUI/src/com/android/systemui/statusbar/StatusBarIconView.java"
},
"match_only_versions": [
"8.1"
],
"source": "https://android.googlesource.com/platform/frameworks/base/+/5791303c20964bcf83eb1a046f3ce256e10d43c6",
"digest": {
"threshold": 0.9,
"line_hashes": [
"42020041142383304235704306891537256141",
"289934566830103813684344594208716515753",
"294823526023680949263775857811810283566",
"58840809258217128192670445423050767198",
"114505818128068924874392892140143823310",
"200823653085316894711538114895378009509",
"116627824074158765931383902233516993180"
]
},
"signature_version": "v1",
"signature_type": "Line",
"id": "ASB-A-169255797-273d510b",
"deprecated": false
},
{
"id": "ASB-A-169255797-acc20021",
"target": {
"function": "updateDrawable",
"file": "packages/SystemUI/src/com/android/systemui/statusbar/StatusBarIconView.java"
},
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/base/+/8875da5207678f41b6ec90800d1bf2d03327bd05",
"signature_type": "Function",
"digest": {
"function_hash": "238518792499284688356094374625581676253",
"length": 603.0
},
"deprecated": false
},
{
"id": "ASB-A-169255797-b027e0f8",
"target": {
"function": "updateDrawable",
"file": "packages/SystemUI/src/com/android/systemui/statusbar/StatusBarIconView.java"
},
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/base/+/5791303c20964bcf83eb1a046f3ce256e10d43c6",
"signature_type": "Function",
"digest": {
"function_hash": "230009974099059748614225976415562516999",
"length": 442.0
},
"deprecated": false
},
{
"id": "ASB-A-169255797-bc473c40",
"target": {
"file": "packages/SystemUI/src/com/android/systemui/statusbar/StatusBarIconView.java"
},
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/base/+/8875da5207678f41b6ec90800d1bf2d03327bd05",
"signature_type": "Line",
"digest": {
"line_hashes": [
"209994878309430805395706290204032689098",
"125461065251237585907190888088422299913",
"224624817943320447785708540466415237733",
"71208829877305823311535501649155661884",
"206844852653315512871748239391478303695",
"264794641393320405473911995224949025240",
"229794932618266376197057428186312067384",
"9888884701803256020115703459151666033",
"248118567324138200637685791802372116318",
"176566262648722621492230475312950332568",
"73147827167205304033947538896651956086",
"157528758180396483875238243954832899485",
"115818958425564811982751823721669419214",
"2408185724002910366505306683815659384"
],
"threshold": 0.9
},
"deprecated": false
}
],
"types": [
"EoP"
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/5791303c20964bcf83eb1a046f3ce256e10d43c6",
"https://android.googlesource.com/platform/frameworks/base/+/8875da5207678f41b6ec90800d1bf2d03327bd05"
],
"severity": "High"
}
{
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/c508aed10f739352a7bbf005dea2cb672e74b1ee",
"https://android.googlesource.com/platform/frameworks/base/+/00b65a29631032fb3d7710f5c5a13d0a15fdda5d"
],
"spl": "2021-06-05",
"types": [
"EoP"
],
"vanir_signatures": [
{
"digest": {
"function_hash": "230009974099059748614225976415562516999",
"length": 442.0
},
"target": {
"function": "updateDrawable",
"file": "packages/SystemUI/src/com/android/systemui/statusbar/StatusBarIconView.java"
},
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/base/+/c508aed10f739352a7bbf005dea2cb672e74b1ee",
"signature_type": "Function",
"id": "ASB-A-169255797-84402102",
"deprecated": false
},
{
"id": "ASB-A-169255797-8542a610",
"target": {
"function": "updateDrawable",
"file": "packages/SystemUI/src/com/android/systemui/statusbar/StatusBarIconView.java"
},
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/base/+/00b65a29631032fb3d7710f5c5a13d0a15fdda5d",
"signature_type": "Function",
"digest": {
"function_hash": "238518792499284688356094374625581676253",
"length": 603.0
},
"deprecated": false
},
{
"target": {
"file": "packages/SystemUI/src/com/android/systemui/statusbar/StatusBarIconView.java"
},
"match_only_versions": [
"9"
],
"source": "https://android.googlesource.com/platform/frameworks/base/+/c508aed10f739352a7bbf005dea2cb672e74b1ee",
"digest": {
"line_hashes": [
"42020041142383304235704306891537256141",
"289934566830103813684344594208716515753",
"294823526023680949263775857811810283566",
"58840809258217128192670445423050767198",
"114505818128068924874392892140143823310",
"200823653085316894711538114895378009509",
"116627824074158765931383902233516993180"
],
"threshold": 0.9
},
"signature_version": "v1",
"signature_type": "Line",
"id": "ASB-A-169255797-bbb44a04",
"deprecated": false
},
{
"id": "ASB-A-169255797-eca68dca",
"target": {
"file": "packages/SystemUI/src/com/android/systemui/statusbar/StatusBarIconView.java"
},
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/base/+/00b65a29631032fb3d7710f5c5a13d0a15fdda5d",
"signature_type": "Line",
"digest": {
"line_hashes": [
"167682451478170391322088494545066908104",
"125461065251237585907190888088422299913",
"224624817943320447785708540466415237733",
"71208829877305823311535501649155661884",
"206844852653315512871748239391478303695",
"264794641393320405473911995224949025240",
"229794932618266376197057428186312067384",
"9888884701803256020115703459151666033",
"248118567324138200637685791802372116318",
"176566262648722621492230475312950332568",
"73147827167205304033947538896651956086",
"157528758180396483875238243954832899485",
"115818958425564811982751823721669419214",
"2408185724002910366505306683815659384"
],
"threshold": 0.9
},
"deprecated": false
}
],
"severity": "High"
}
{
"spl": "2021-06-05",
"vanir_signatures": [
{
"target": {
"file": "packages/SystemUI/src/com/android/systemui/statusbar/StatusBarIconView.java"
},
"match_only_versions": [
"10"
],
"source": "https://android.googlesource.com/platform/frameworks/base/+/46ada71fbcb36c624ff29a3cd734775bc4853e6a",
"digest": {
"line_hashes": [
"42020041142383304235704306891537256141",
"289934566830103813684344594208716515753",
"294823526023680949263775857811810283566",
"58840809258217128192670445423050767198",
"114505818128068924874392892140143823310",
"200823653085316894711538114895378009509",
"116627824074158765931383902233516993180"
],
"threshold": 0.9
},
"signature_version": "v1",
"signature_type": "Line",
"id": "ASB-A-169255797-4d060390",
"deprecated": false
},
{
"id": "ASB-A-169255797-70562fff",
"target": {
"file": "packages/SystemUI/src/com/android/systemui/statusbar/StatusBarIconView.java"
},
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/base/+/92106a58df860553ecab2adb8a6e60e53a8a31e0",
"signature_type": "Line",
"digest": {
"line_hashes": [
"167682451478170391322088494545066908104",
"125461065251237585907190888088422299913",
"224624817943320447785708540466415237733",
"71208829877305823311535501649155661884",
"206844852653315512871748239391478303695",
"264794641393320405473911995224949025240",
"229794932618266376197057428186312067384",
"9888884701803256020115703459151666033",
"248118567324138200637685791802372116318",
"176566262648722621492230475312950332568",
"73147827167205304033947538896651956086",
"157528758180396483875238243954832899485",
"115818958425564811982751823721669419214",
"2408185724002910366505306683815659384"
],
"threshold": 0.9
},
"deprecated": false
},
{
"id": "ASB-A-169255797-fa2319a1",
"target": {
"function": "updateDrawable",
"file": "packages/SystemUI/src/com/android/systemui/statusbar/StatusBarIconView.java"
},
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/base/+/92106a58df860553ecab2adb8a6e60e53a8a31e0",
"signature_type": "Function",
"digest": {
"function_hash": "238518792499284688356094374625581676253",
"length": 603.0
},
"deprecated": false
},
{
"id": "ASB-A-169255797-fecc3ae0",
"target": {
"function": "updateDrawable",
"file": "packages/SystemUI/src/com/android/systemui/statusbar/StatusBarIconView.java"
},
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/base/+/46ada71fbcb36c624ff29a3cd734775bc4853e6a",
"signature_type": "Function",
"digest": {
"function_hash": "230009974099059748614225976415562516999",
"length": 442.0
},
"deprecated": false
}
],
"types": [
"EoP"
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/46ada71fbcb36c624ff29a3cd734775bc4853e6a",
"https://android.googlesource.com/platform/frameworks/base/+/92106a58df860553ecab2adb8a6e60e53a8a31e0"
],
"severity": "High"
}
{
"vanir_signatures": [
{
"target": {
"file": "packages/SystemUI/src/com/android/systemui/statusbar/StatusBarIconView.java"
},
"match_only_versions": [
"11"
],
"source": "https://android.googlesource.com/platform/frameworks/base/+/def75584a3f1a375685f1520fe5df506e8dcfa77",
"digest": {
"threshold": 0.9,
"line_hashes": [
"42020041142383304235704306891537256141",
"289934566830103813684344594208716515753",
"294823526023680949263775857811810283566",
"58840809258217128192670445423050767198",
"114505818128068924874392892140143823310",
"200823653085316894711538114895378009509",
"116627824074158765931383902233516993180"
]
},
"signature_version": "v1",
"signature_type": "Line",
"id": "ASB-A-169255797-25712e80",
"deprecated": false
},
{
"id": "ASB-A-169255797-4f41ae06",
"target": {
"function": "updateDrawable",
"file": "packages/SystemUI/src/com/android/systemui/statusbar/StatusBarIconView.java"
},
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/base/+/001d4e68bbebc14132a13b21c38c5fb6af9034a3",
"signature_type": "Function",
"digest": {
"function_hash": "238518792499284688356094374625581676253",
"length": 603.0
},
"deprecated": false
},
{
"id": "ASB-A-169255797-768f5d7a",
"target": {
"file": "packages/SystemUI/src/com/android/systemui/statusbar/StatusBarIconView.java"
},
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/base/+/001d4e68bbebc14132a13b21c38c5fb6af9034a3",
"signature_type": "Line",
"digest": {
"line_hashes": [
"167682451478170391322088494545066908104",
"125461065251237585907190888088422299913",
"224624817943320447785708540466415237733",
"71208829877305823311535501649155661884",
"206844852653315512871748239391478303695",
"264794641393320405473911995224949025240",
"229794932618266376197057428186312067384",
"9888884701803256020115703459151666033",
"248118567324138200637685791802372116318",
"176566262648722621492230475312950332568",
"73147827167205304033947538896651956086",
"157528758180396483875238243954832899485",
"115818958425564811982751823721669419214",
"2408185724002910366505306683815659384"
],
"threshold": 0.9
},
"deprecated": false
},
{
"id": "ASB-A-169255797-ac41a920",
"target": {
"function": "updateDrawable",
"file": "packages/SystemUI/src/com/android/systemui/statusbar/StatusBarIconView.java"
},
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/base/+/def75584a3f1a375685f1520fe5df506e8dcfa77",
"signature_type": "Function",
"digest": {
"function_hash": "230009974099059748614225976415562516999",
"length": 442.0
},
"deprecated": false
}
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/def75584a3f1a375685f1520fe5df506e8dcfa77",
"https://android.googlesource.com/platform/frameworks/base/+/001d4e68bbebc14132a13b21c38c5fb6af9034a3"
],
"types": [
"EoP"
],
"spl": "2021-06-05",
"severity": "High"
}