ASB-A-170212632

See a problem?
Import Source
https://storage.googleapis.com/android-osv/ASB-A-170212632.json
JSON Data
https://api.osv.dev/v1/vulns/ASB-A-170212632
Aliases
Published
2021-01-01T00:00:00Z
Modified
2026-04-21T15:25:42.831358Z
Summary
[none]
Details

In LazyServiceRegistrar of LazyServiceRegistrar.cpp, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

References

Affected packages

Android / platform/frameworks/native

Package

Name
platform/frameworks/native

Affected ranges

Type
ECOSYSTEM
Events
Introduced
11:0
Fixed
11:2021-01-01

Affected versions

Other
11

Ecosystem specific 

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 129.0,
                "function_hash": "11837082547475677884209568133950236196"
            },
            "id": "ASB-A-170212632-36cf706f",
            "deprecated": false,
            "signature_version": "v1",
            "signature_type": "Function",
            "source": "https://android.googlesource.com/platform/frameworks/native/+/dc6cb05ebe2cefdce215d797a8e418ba26c8c86c",
            "target": {
                "function": "ClientCounterCallback::forcePersist",
                "file": "libs/binder/LazyServiceRegistrar.cpp"
            }
        },
        {
            "digest": {
                "length": 825.0,
                "function_hash": "290648631386539840945849818482796118009"
            },
            "id": "ASB-A-170212632-4a5303fc",
            "deprecated": false,
            "signature_version": "v1",
            "signature_type": "Function",
            "source": "https://android.googlesource.com/platform/frameworks/native/+/dc6cb05ebe2cefdce215d797a8e418ba26c8c86c",
            "target": {
                "function": "ClientCounterCallback::registerService",
                "file": "libs/binder/LazyServiceRegistrar.cpp"
            }
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "273587440020132394551717509177102098292",
                    "118649271454645108918194347816797516516",
                    "60652214434420690929947116771932856649",
                    "176160748899813461103740475772807580271",
                    "207177581811711365039551266837370419405",
                    "46404827100799793697682655318037562713",
                    "307974972386696463500930767116791240657",
                    "174522796799402902291425313229634861793",
                    "16159322485704712292833981554549201089",
                    "45078968673492922097365397440224884302",
                    "331585062677449616910547332232224022411",
                    "196059623757699306660269847147050337166",
                    "20808678094597736096050845836007362697",
                    "49602335974835420464484986010633345017",
                    "32120147516303671230856763101019480394",
                    "53755956152706314058068673531028725171",
                    "8685726680975852767446720799669007713",
                    "2860296919848840076694380839946969228",
                    "58850785664355796967004366983701766332",
                    "225052934039848611721039256763042973470",
                    "116279839078549042673514120279843062934",
                    "203621807291916840204335740919959693573",
                    "46476042241032252117503407074423553123",
                    "315337517061447713345640992435767124712",
                    "36286016301228776485534193380553700340",
                    "261930145311988904532153410527458109415",
                    "131221462193476368395504752487973033742",
                    "108587633537507210242609878158511307392",
                    "21561605024418196760161681604929840141",
                    "48599417794759984776483785340188047779"
                ]
            },
            "id": "ASB-A-170212632-5c6c442c",
            "deprecated": false,
            "signature_version": "v1",
            "signature_type": "Line",
            "source": "https://android.googlesource.com/platform/frameworks/native/+/dc6cb05ebe2cefdce215d797a8e418ba26c8c86c",
            "target": {
                "file": "libs/binder/LazyServiceRegistrar.cpp"
            }
        },
        {
            "digest": {
                "length": 438.0,
                "function_hash": "43248824239700235851614281142215946118"
            },
            "id": "ASB-A-170212632-ab8aa34e",
            "deprecated": false,
            "signature_version": "v1",
            "signature_type": "Function",
            "source": "https://android.googlesource.com/platform/frameworks/native/+/dc6cb05ebe2cefdce215d797a8e418ba26c8c86c",
            "target": {
                "function": "ClientCounterCallback::onClients",
                "file": "libs/binder/LazyServiceRegistrar.cpp"
            }
        },
        {
            "digest": {
                "length": 1115.0,
                "function_hash": "75160528859637791868650932159065793636"
            },
            "id": "ASB-A-170212632-bc02ec99",
            "deprecated": false,
            "signature_version": "v1",
            "signature_type": "Function",
            "source": "https://android.googlesource.com/platform/frameworks/native/+/dc6cb05ebe2cefdce215d797a8e418ba26c8c86c",
            "target": {
                "function": "ClientCounterCallback::tryShutdown",
                "file": "libs/binder/LazyServiceRegistrar.cpp"
            }
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/native/+/dc6cb05ebe2cefdce215d797a8e418ba26c8c86c"
    ],
    "types": [
        "EoP"
    ],
    "spl": "2021-01-01",
    "severity": "High"
}

Database specific

source 
"https://storage.googleapis.com/android-osv/ASB-A-170212632.json"