ASB-A-197399948

Import Source

https://storage.googleapis.com/android-osv/ASB-A-197399948.json

Aliases

CVE-2021-39619

Published

2022-02-01T00:00:00Z

Modified

2024-04-19T14:40:04Z

Details

In updatePackageMappingsData of UsageStatsService.java, there is a possible way to bypass security and privacy settings of app usage due to an unusual root cause. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

References

https://source.android.com/security/bulletin/2022-02-01
https://android.googlesource.com/platform/frameworks/base/+/a70c46b8a5ac697c87017f9c3fdebb03d3cc0292

Affected packages

Android / platform/frameworks/base

Package

Name: platform/frameworks/base

Affected ranges

Type: ECOSYSTEM
Events: Introduced

11:0

Fixed

11:2022-02-01

Introduced

12:0

Fixed

12:2022-02-01

Affected versions

Other

Ecosystem specific

{
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/a70c46b8a5ac697c87017f9c3fdebb03d3cc0292"
    ],
    "spl": "2022-02-01",
    "types": [
        "EoP"
    ],
    "severity": "High"
}