ASB-A-185810717
See a problem?- Import Source
- https://storage.googleapis.com/android-osv/ASB-A-185810717.json
- JSON Data
- https://api.osv.dev/v1/vulns/ASB-A-185810717
- Aliases
-
- A-185810717
- CVE-2021-39696
- Published
- 2022-08-01T00:00:00Z
- Modified
- 2026-04-30T15:48:46.890647Z
- Summary
- [none]
- Details
-
In Task.java, there is a possible escalation of privilege due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
- References
Affected packages
Android / platform/frameworks/base
Package
Ecosystem specific
{
"severity": "High",
"spl": "2022-08-01",
"vanir_signatures": [
{
"signature_type": "Function",
"digest": {
"length": 1697.0,
"function_hash": "114249753329107087525391617389938837229"
},
"id": "ASB-A-185810717-18dd2717",
"signature_version": "v1",
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/cd1f9e72cf9752c9a31e990822ab34ae3d475fec",
"target": {
"file": "services/core/java/com/android/server/wm/TaskRecord.java",
"function": "updateTaskDescription"
}
},
{
"signature_type": "Function",
"digest": {
"length": 188.0,
"function_hash": "62019064814636103343664505072038970591"
},
"id": "ASB-A-185810717-401f52e3",
"signature_version": "v1",
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/cd1f9e72cf9752c9a31e990822ab34ae3d475fec",
"target": {
"file": "services/core/java/com/android/server/wm/TaskRecord.java",
"function": "setIntent"
}
},
{
"signature_type": "Line",
"digest": {
"line_hashes": [
"30360541158541498531301756461858228202",
"3514164200356127184443281256543517324",
"156036005671822800397929965898971209882",
"40932554667166922836237017915543376523",
"291904945844506897884815895668139604083",
"102723793227783992674986099692445639340",
"258841496115491640405859192614166378335",
"183077281465461956233309633883556334568",
"295423418368279808382593190180421323910",
"37161111418155250775281148592579906163",
"50833405293117833279415935327022836630",
"138014922861602889885975517389690195226",
"252063939245601009146420462652573004020",
"339733656564648532702095189611842122394",
"34479264088719289698657397483948250011",
"236802627812529280341923007124956661938",
"133153876722754042077793862079581596582",
"251789395544594388926596920568489929042",
"62003219187718509093994587176542682893",
"54700797171610032591371120809388323223",
"222189884300879595813186476941217263398",
"176060237286998589155617803537211818495",
"270430745615343053950386888560668369758",
"83333480928160377198890704101406992375",
"72900625664743943506835128900318134880",
"54737755366401656817833916192087562946",
"68700392199755740678690698967609718529",
"12999593050953470861858369245350678094",
"205843455455341981996900983496815805046",
"104354163961701047805843948492739466768",
"131726437111566703208411867857732469803",
"323045736658015902952337602168969264518",
"219610675203985275730562048953214720054",
"336183370629074514338328775332098232682",
"144929111754066236071393533552665001206",
"52237475449065380491226544910851728974",
"263420766519400170252950440108882399945",
"84357180193666935567022253850383057811",
"148662239779904816260159534483958622448",
"231085951127056114188229272483847737783",
"286244540789519161386871161485334670571",
"41146210076656651251647344028780213285",
"49238975494241385451681588626869753064",
"247450066453139465086866621600444130586",
"328032100225726135103140968243823755546"
],
"threshold": 0.9
},
"id": "ASB-A-185810717-63a41aa7",
"signature_version": "v1",
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/cd1f9e72cf9752c9a31e990822ab34ae3d475fec",
"target": {
"file": "services/core/java/com/android/server/wm/TaskRecord.java"
}
},
{
"signature_type": "Function",
"digest": {
"length": 2097.0,
"function_hash": "310692813872728003298386454620585542072"
},
"id": "ASB-A-185810717-ea25479b",
"signature_version": "v1",
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/cd1f9e72cf9752c9a31e990822ab34ae3d475fec",
"target": {
"file": "services/core/java/com/android/server/wm/TaskRecord.java",
"function": "setIntent"
}
},
{
"signature_type": "Function",
"digest": {
"length": 330.0,
"function_hash": "8782411516555310003248883134178163591"
},
"id": "ASB-A-185810717-f90e595e",
"signature_version": "v1",
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/cd1f9e72cf9752c9a31e990822ab34ae3d475fec",
"target": {
"file": "services/core/java/com/android/server/wm/TaskRecord.java",
"function": "findEffectiveRootIndex"
}
}
],
"types": [
"EoP"
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/cd1f9e72cf9752c9a31e990822ab34ae3d475fec"
]
}
Android / platform/frameworks/base
Package
Ecosystem specific
{
"severity": "High",
"spl": "2022-08-01",
"vanir_signatures": [
{
"signature_type": "Line",
"digest": {
"line_hashes": [
"52595531883840164852486254551178876795",
"154062033777965420023310222039535300906",
"262569442894312989936857751120848020609",
"74661298110234276737496755581400151879",
"297058171381607430058513335385694073661",
"42324559335298679099023454069409252154",
"14057519644253320131840377833787113601",
"148956871793272930027126321071786471301",
"273501821027985886128103485821024605584",
"104191343101939331533767672701237649596",
"28930306529248088288761223068953048148",
"331434379975274989704032711985558570991",
"141446953136170541669863070774974127006",
"279908319037663914224815648926905417944",
"47765870511665856545470235716616919474",
"185695585190966584225455543563284580414",
"110113713064953918238505665971822408524",
"317295907264898612408862227631009760426",
"206076769427817003270205358177470286269",
"166623853546666804376003782511857093807",
"121424296394949635876442572798478371883"
],
"threshold": 0.9
},
"id": "ASB-A-185810717-0b366929",
"signature_version": "v1",
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/c5aaf99df5656fde68a4aaf2801fe30b0f5e44ae",
"target": {
"file": "services/core/java/com/android/server/wm/Task.java"
}
},
{
"signature_type": "Function",
"digest": {
"length": 2390.0,
"function_hash": "212709493541495812727960142275378253451"
},
"id": "ASB-A-185810717-3b0447c2",
"signature_version": "v1",
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/c5aaf99df5656fde68a4aaf2801fe30b0f5e44ae",
"target": {
"file": "services/core/java/com/android/server/wm/Task.java",
"function": "setIntent"
}
},
{
"signature_type": "Line",
"digest": {
"line_hashes": [
"308552683213346870058688407294738668298",
"278716541481851296818841190286809426677",
"315761850000771438408633455162439727858",
"167299014211513934606048582938306035617"
],
"threshold": 0.9
},
"id": "ASB-A-185810717-40061e86",
"signature_version": "v1",
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/7221a25a035bc7397492e15460b40395efce7023",
"target": {
"file": "services/core/java/com/android/server/wm/LaunchParamsPersister.java"
}
},
{
"signature_type": "Function",
"digest": {
"length": 787.0,
"function_hash": "103009817535832037988649160498157209401"
},
"id": "ASB-A-185810717-65afdba9",
"signature_version": "v1",
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/c5aaf99df5656fde68a4aaf2801fe30b0f5e44ae",
"target": {
"file": "services/core/java/com/android/server/wm/Task.java",
"function": "setIntent"
}
},
{
"signature_type": "Line",
"digest": {
"line_hashes": [
"270267953656468438518563010163479801018",
"113689335942243225269370079443296225165",
"56574999981327346990439269239635968344",
"255760020223444401083937830647181095557",
"95312432404155446654344847206999726902",
"234205518186457803052450179824608321220",
"210501686425343537950874358343699266995",
"88380941902565113212907298595913992897",
"268774905517820627813214429034184272535",
"202849182357323347719366141825897807845",
"337987487053846119195264261911490400658",
"202870691787698768385066861407014432964",
"101486682895096704713854736964085283199",
"77888250498156048942380498913764368822",
"231648317017581035471595418148087572272",
"67858898552590349168156722563153956211",
"148558139831752693360995294971830589149",
"166798505782220541920039972027162052772",
"74196875491008610533364407704394809790",
"8129973408310764468139125785590461044",
"74661298110234276737496755581400151879",
"297058171381607430058513335385694073661",
"42324559335298679099023454069409252154",
"14057519644253320131840377833787113601",
"148956871793272930027126321071786471301",
"127159712984520244076913140424508851741",
"284162875520143767686284517147922809629",
"141446953136170541669863070774974127006",
"117622921226904855528179967496546268483",
"69133172342198953785305958677470613644",
"73073340269886335719511329704359111918",
"127957146646921559588792381572624453136",
"196525442180716213461374868019562642117",
"54700797171610032591371120809388323223",
"222189884300879595813186476941217263398",
"176060237286998589155617803537211818495",
"270430745615343053950386888560668369758"
],
"threshold": 0.9
},
"id": "ASB-A-185810717-84f9e293",
"signature_version": "v1",
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/7221a25a035bc7397492e15460b40395efce7023",
"target": {
"file": "services/core/java/com/android/server/wm/Task.java"
}
},
{
"signature_type": "Function",
"digest": {
"length": 483.0,
"function_hash": "244755902879353845954371395257098414906"
},
"id": "ASB-A-185810717-98e4ac28",
"signature_version": "v1",
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/7221a25a035bc7397492e15460b40395efce7023",
"target": {
"file": "services/core/java/com/android/server/wm/Task.java",
"function": "setIntent"
}
},
{
"signature_type": "Function",
"digest": {
"length": 248.0,
"function_hash": "93310086254095991867519117253775860515"
},
"id": "ASB-A-185810717-a5fc2c6b",
"signature_version": "v1",
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/7221a25a035bc7397492e15460b40395efce7023",
"target": {
"file": "services/core/java/com/android/server/wm/Task.java",
"function": "processActivity"
}
},
{
"signature_type": "Function",
"digest": {
"length": 538.0,
"function_hash": "299749214242481983182204029661073510566"
},
"id": "ASB-A-185810717-e09a9950",
"signature_version": "v1",
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/7221a25a035bc7397492e15460b40395efce7023",
"target": {
"file": "services/core/java/com/android/server/wm/LaunchParamsPersister.java",
"function": "saveTask"
}
},
{
"signature_type": "Function",
"digest": {
"length": 2323.0,
"function_hash": "113519283436401956857457209946164661682"
},
"id": "ASB-A-185810717-e46620cc",
"signature_version": "v1",
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/7221a25a035bc7397492e15460b40395efce7023",
"target": {
"file": "services/core/java/com/android/server/wm/Task.java",
"function": "setIntent"
}
}
],
"types": [
"EoP"
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/7221a25a035bc7397492e15460b40395efce7023",
"https://android.googlesource.com/platform/frameworks/base/+/c5aaf99df5656fde68a4aaf2801fe30b0f5e44ae"
]
}
Android / platform/frameworks/base
Package
Ecosystem specific
{
"severity": "High",
"spl": "2022-08-01",
"vanir_signatures": [
{
"signature_type": "Function",
"digest": {
"length": 248.0,
"function_hash": "93310086254095991867519117253775860515"
},
"id": "ASB-A-185810717-31ab5915",
"signature_version": "v1",
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/339f4ca753b3ecf3bac520e8d70541a7223fb7c2",
"target": {
"file": "services/core/java/com/android/server/wm/Task.java",
"function": "processActivity"
}
},
{
"signature_type": "Function",
"digest": {
"length": 409.0,
"function_hash": "303421974648205830524305549598901999292"
},
"id": "ASB-A-185810717-61c733b9",
"signature_version": "v1",
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/339f4ca753b3ecf3bac520e8d70541a7223fb7c2",
"target": {
"file": "services/core/java/com/android/server/wm/Task.java",
"function": "setIntent"
}
},
{
"signature_type": "Line",
"digest": {
"line_hashes": [
"176977018547643727165555349925919150112",
"61273032671010555112067042498848993705",
"210952737140323125617952079181036189101",
"63638498230607656154402415079115304945",
"238975493386478583003188720778095227941",
"324851195226224905193267755883425278878",
"70551364984156456703525134292317396185",
"88380941902565113212907298595913992897",
"268774905517820627813214429034184272535",
"202849182357323347719366141825897807845",
"337987487053846119195264261911490400658",
"202870691787698768385066861407014432964",
"243945114704921271115249838784025814286",
"276707104677153373588836404732608918917",
"272283132870058892448415143441713351837",
"18577647923828561894255092725633003720",
"67858898552590349168156722563153956211",
"336127415114684718460904837652194315614",
"318534229968897798837508631791009361356",
"161614524541539143309079290724643929727",
"42651205751565668215105703900885047507",
"54700797171610032591371120809388323223",
"222189884300879595813186476941217263398",
"176060237286998589155617803537211818495",
"270430745615343053950386888560668369758"
],
"threshold": 0.9
},
"id": "ASB-A-185810717-a85ce500",
"signature_version": "v1",
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/339f4ca753b3ecf3bac520e8d70541a7223fb7c2",
"target": {
"file": "services/core/java/com/android/server/wm/Task.java"
}
},
{
"signature_type": "Function",
"digest": {
"length": 2203.0,
"function_hash": "332131789057311100416810362742688402519"
},
"id": "ASB-A-185810717-f2e6d6f4",
"signature_version": "v1",
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/339f4ca753b3ecf3bac520e8d70541a7223fb7c2",
"target": {
"file": "services/core/java/com/android/server/wm/Task.java",
"function": "setIntent"
}
}
],
"types": [
"EoP"
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/339f4ca753b3ecf3bac520e8d70541a7223fb7c2"
]
}