ASB-A-195338390

See a problem?

Import Source

https://storage.googleapis.com/android-osv/ASB-A-195338390.json

JSON Data

https://api.osv.dev/v1/vulns/ASB-A-195338390

Aliases

A-195338390
CVE-2021-0923

Published

2021-11-01T00:00:00Z

Modified

2026-05-01T15:24:27.653932Z

Summary

[none]

Details

In createOrUpdate of Permission.java, there is a possible way to gain internal permissions due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

References

Affected packages

Android / platform/frameworks/base

Package

Name: platform/frameworks/base

Affected ranges

Type: ECOSYSTEM
Events: Introduced

12:0

Fixed

12:2021-11-01

Affected versions

Other

Ecosystem specific

{
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/ce576f8f6831d46d71fb74df4e95fa36dc433e87"
    ],
    "severity": "High",
    "spl": "2021-11-01",
    "vanir_signatures": [
        {
            "deprecated": false,
            "signature_version": "v1",
            "id": "ASB-A-195338390-106f5326",
            "digest": {
                "length": 1619.0,
                "function_hash": "10398377879930122985996826165233028513"
            },
            "source": "https://android.googlesource.com/platform/frameworks/base/+/ce576f8f6831d46d71fb74df4e95fa36dc433e87",
            "signature_type": "Function",
            "target": {
                "file": "services/core/java/com/android/server/pm/permission/PermissionManagerService.java",
                "function": "revokeRuntimePermissionsIfPermissionDefinitionChangedInternal"
            }
        },
        {
            "deprecated": false,
            "signature_version": "v1",
            "id": "ASB-A-195338390-4e9a1e7e",
            "digest": {
                "length": 3022.0,
                "function_hash": "173310955961255058604024706731620038496"
            },
            "source": "https://android.googlesource.com/platform/frameworks/base/+/ce576f8f6831d46d71fb74df4e95fa36dc433e87",
            "signature_type": "Function",
            "target": {
                "file": "services/core/java/com/android/server/pm/permission/PermissionManagerService.java",
                "function": "revokeRuntimePermissionInternal"
            }
        },
        {
            "deprecated": false,
            "signature_version": "v1",
            "id": "ASB-A-195338390-67426d84",
            "digest": {
                "line_hashes": [
                    "222273581131476333251158200754876163989",
                    "114525043889790144806268605988273313788",
                    "32355866003698517076087548646093884894",
                    "194614932531463864324452253302642484140",
                    "82414703211227529030403701170223469642",
                    "104314630980706397450659964061909642381",
                    "66192663707392411850494339439980666620",
                    "153695918165227233423521605332753522211",
                    "64482130110292781664011638300455111943",
                    "242901863083591288339634272987136709504",
                    "266058369859306509244983760191260860487",
                    "150198578947028193438057291642360518411",
                    "124390315483722004241672626364171039183",
                    "51326007226365411267361335414310487497",
                    "328992153803158932237137733695972051040",
                    "282548361383701040461331675301269815039",
                    "158172164881551266841965878222066981184",
                    "55648652649340219512009517599118066374",
                    "64821213720775443408314476760079419205",
                    "164620961177324021686775905883990090172",
                    "77922158108255598997812320132122134424",
                    "129809764039649965438120694068743365818"
                ],
                "threshold": 0.9
            },
            "source": "https://android.googlesource.com/platform/frameworks/base/+/ce576f8f6831d46d71fb74df4e95fa36dc433e87",
            "signature_type": "Line",
            "target": {
                "file": "services/core/java/com/android/server/pm/permission/PermissionManagerService.java"
            }
        },
        {
            "deprecated": false,
            "signature_version": "v1",
            "id": "ASB-A-195338390-720bc642",
            "digest": {
                "line_hashes": [
                    "149889175907308862112246394769003122151",
                    "57126926199514680371015733813943539902",
                    "164123177424740117392696444616546638506",
                    "169909794344193229313091115174225767762"
                ],
                "threshold": 0.9
            },
            "source": "https://android.googlesource.com/platform/frameworks/base/+/ce576f8f6831d46d71fb74df4e95fa36dc433e87",
            "signature_type": "Line",
            "target": {
                "file": "services/core/java/com/android/server/pm/permission/Permission.java"
            }
        },
        {
            "deprecated": false,
            "signature_version": "v1",
            "id": "ASB-A-195338390-f4634eb6",
            "digest": {
                "length": 2388.0,
                "function_hash": "250786376110665315634871076352086685974"
            },
            "source": "https://android.googlesource.com/platform/frameworks/base/+/ce576f8f6831d46d71fb74df4e95fa36dc433e87",
            "signature_type": "Function",
            "target": {
                "file": "services/core/java/com/android/server/pm/permission/Permission.java",
                "function": "createOrUpdate"
            }
        }
    ],
    "types": [
        "EoP"
    ]
}

Database specific

source

"https://storage.googleapis.com/android-osv/ASB-A-195338390.json"