ASB-A-175190844

Import Source

https://storage.googleapis.com/android-osv/ASB-A-175190844.json

Aliases

CVE-2021-39617

Published

2023-05-01T00:00:00Z

Modified

2024-04-25T14:40:10Z

Details

In multiple buttons of grant_permissions.xml, there is a possible way to bypass permissions dialogs due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

References

Affected packages

Android / platform/frameworks/native

Package

Name: platform/frameworks/native

Affected ranges

Type: ECOSYSTEM
Events: Introduced

11:0

Fixed

11:2023-05-01

Introduced

12:0

Fixed

12:2023-05-01

Introduced

12L:0

Fixed

12L:2023-05-01

Affected versions

Other

12L

Ecosystem specific

{
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/native/+/edb375df82f6b48688d85c11dbca91adef088bc8"
    ],
    "spl": "2023-05-01",
    "types": [
        "EoP"
    ],
    "severity": "High"
}

Android / platform/packages/modules/Permission

Package

Name: platform/packages/modules/Permission

Affected ranges

Type: ECOSYSTEM
Events: Introduced

11:0

Fixed

11:2023-05-01

Introduced

12:0

Fixed

12:2023-05-01

Introduced

12L:0

Fixed

12L:2023-05-01

Affected versions

Other

12L

Ecosystem specific

{
    "fixes": [
        "https://android.googlesource.com/platform/packages/modules/Permission/+/c21a46a3be29a139e29c1d47b8a89e92211564ed"
    ],
    "spl": "2023-05-01",
    "types": [
        "EoP"
    ],
    "severity": "High"
}