ASB-A-170407229

See a problem?

Import Source

https://storage.googleapis.com/android-osv/ASB-A-170407229.json

JSON Data

https://api.osv.dev/v1/vulns/ASB-A-170407229

Aliases

A-170407229
CVE-2021-0303

Published

2021-01-01T00:00:00Z

Modified

2026-04-27T15:40:08.012512Z

Summary

[none]

Details

In dispatchGraphTerminationMessage() of packages/services/Car/computepipe/runner/graph/StreamSetObserver.cpp, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.

References

Affected packages

Android / platform/packages/services/Car

Package

Name: platform/packages/services/Car

Affected ranges

Type: ECOSYSTEM
Events: Introduced

11:0

Fixed

11:2021-01-01

Affected versions

Other

Ecosystem specific

{
    "severity": "High",
    "spl": "2021-01-01",
    "vanir_signatures": [
        {
            "signature_type": "Line",
            "signature_version": "v1",
            "source": "https://android.googlesource.com/platform/packages/services/Car/+/768c8bfbe91db71e11eae2c57fb678ff2a5bf15e",
            "digest": {
                "line_hashes": [
                    "149034651446994225714339430338901109799",
                    "303017522966066426508121419274081024675",
                    "127825902284716770998849616093624273684",
                    "270542647819393024699947286036225425437"
                ],
                "threshold": 0.9
            },
            "id": "ASB-A-170407229-2219ae0e",
            "target": {
                "file": "computepipe/runner/graph/GrpcGraph.h"
            },
            "deprecated": false
        },
        {
            "signature_type": "Line",
            "signature_version": "v1",
            "source": "https://android.googlesource.com/platform/packages/services/Car/+/768c8bfbe91db71e11eae2c57fb678ff2a5bf15e",
            "digest": {
                "line_hashes": [
                    "198007000969203456944154763932761291711",
                    "233278460311280763429806768702509240780",
                    "242321736343132880548076034681360583778",
                    "261649821002671132808691193212676781905",
                    "179999821055994617598909711599811062253",
                    "232605659286078810198664314566775403037",
                    "136021596008883875080555851564103243455",
                    "243639013444837486967567106174339511951",
                    "243913294725583533054863163876602740616",
                    "257513727361335770917118843526115911658",
                    "261649821002671132808691193212676781905",
                    "52927731441009658946324702406837992505",
                    "51213215182040076933079111548084304599",
                    "331880209193717711827003125226260512618"
                ],
                "threshold": 0.9
            },
            "id": "ASB-A-170407229-4703bd81",
            "target": {
                "file": "computepipe/runner/graph/StreamSetObserver.cpp"
            },
            "deprecated": false
        },
        {
            "signature_type": "Line",
            "signature_version": "v1",
            "source": "https://android.googlesource.com/platform/packages/services/Car/+/768c8bfbe91db71e11eae2c57fb678ff2a5bf15e",
            "digest": {
                "line_hashes": [
                    "14686108483290435074736450552861036318",
                    "5194399126077119717971446225245765594",
                    "322474105435136414587291573065825012860",
                    "61167545376560958259121273536453259655",
                    "86760702733378374970471321665019226463",
                    "78965180015137783044089025848615127434",
                    "228253597487838976214456325674782091032",
                    "173160551245796013574467385735708626229"
                ],
                "threshold": 0.9
            },
            "id": "ASB-A-170407229-49534a5b",
            "target": {
                "file": "computepipe/runner/graph/StreamSetObserver.h"
            },
            "deprecated": false
        },
        {
            "signature_type": "Function",
            "signature_version": "v1",
            "source": "https://android.googlesource.com/platform/packages/services/Car/+/768c8bfbe91db71e11eae2c57fb678ff2a5bf15e",
            "digest": {
                "function_hash": "140770819237822934173887726050920113736",
                "length": 495.0
            },
            "id": "ASB-A-170407229-a6e1f2b9",
            "target": {
                "file": "computepipe/runner/graph/StreamSetObserver.cpp",
                "function": "StreamSetObserver::reportStreamClosed"
            },
            "deprecated": false
        },
        {
            "signature_type": "Line",
            "signature_version": "v1",
            "source": "https://android.googlesource.com/platform/packages/services/Car/+/768c8bfbe91db71e11eae2c57fb678ff2a5bf15e",
            "digest": {
                "line_hashes": [
                    "171879069369734606005693753317037232833",
                    "264137279557660056454489603906596033092",
                    "161667849154710287324658626257242348613"
                ],
                "threshold": 0.9
            },
            "id": "ASB-A-170407229-cd91fc19",
            "target": {
                "file": "computepipe/runner/graph/GrpcGraph.cpp"
            },
            "deprecated": false
        },
        {
            "signature_type": "Function",
            "signature_version": "v1",
            "source": "https://android.googlesource.com/platform/packages/services/Car/+/768c8bfbe91db71e11eae2c57fb678ff2a5bf15e",
            "digest": {
                "function_hash": "322101897216613372303853391801165898844",
                "length": 474.0
            },
            "id": "ASB-A-170407229-d30eb84a",
            "target": {
                "file": "computepipe/runner/graph/StreamSetObserver.cpp",
                "function": "StreamSetObserver::stopObservingStreams"
            },
            "deprecated": false
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/packages/services/Car/+/768c8bfbe91db71e11eae2c57fb678ff2a5bf15e"
    ],
    "types": [
        "EoP"
    ]
}

Database specific

source

"https://storage.googleapis.com/android-osv/ASB-A-170407229.json"