ASB-A-199754277

See a problem?
Import Source
https://storage.googleapis.com/android-osv/ASB-A-199754277.json
JSON Data
https://api.osv.dev/v1/vulns/ASB-A-199754277
Aliases
  • A-199754277
  • CVE-2021-0963
Published
2021-12-01T00:00:00Z
Modified
2026-07-02T16:52:13.655137360Z
Summary
[none]
Details

In onCreate of KeyChainActivity.java, there is a possible way to use an app certificate stored in keychain due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

References

Affected packages

Android
platform/packages/apps/KeyChain

Package

Name
platform/packages/apps/KeyChain

Affected ranges

Type
ECOSYSTEM
Events
Introduced
9:0
Fixed
9:2021-12-01

Affected versions

Other
9

Ecosystem specific

{
    "fixes": [
        "https://android.googlesource.com/platform/packages/apps/KeyChain/+/cdca35442c767d64f6d0db4af438a3856263857a",
        "https://android.googlesource.com/platform/packages/apps/KeyChain/+/42d5b5ec58893e5f7f7d3bcc4a1e069aab3481b6"
    ],
    "spl": "2021-12-01",
    "types": [
        "EoP"
    ],
    "vanir_signatures": [
        {
            "id": "ASB-A-199754277-01442b80",
            "target": {
                "function": "onCreate",
                "file": "src/com/android/keychain/KeyChainActivity.java"
            },
            "signature_version": "v1",
            "source": "https://android.googlesource.com/platform/packages/apps/KeyChain/+/cdca35442c767d64f6d0db4af438a3856263857a",
            "signature_type": "Function",
            "digest": {
                "function_hash": "150779138925376225849993218317483860163",
                "length": 229.0
            },
            "deprecated": false
        },
        {
            "digest": {
                "line_hashes": [
                    "303597175863065157596178365770904233588",
                    "48256645860803694307132140820223977274",
                    "217809699249745623648040710182897893395",
                    "125037849551146727792591082922861769984",
                    "326674869829824742598621061880651146141",
                    "74405704416687296925880408315642770338",
                    "153275313607274137358411093416341818351"
                ],
                "threshold": 0.9
            },
            "target": {
                "file": "src/com/android/keychain/KeyChainActivity.java"
            },
            "signature_version": "v1",
            "source": "https://android.googlesource.com/platform/packages/apps/KeyChain/+/cdca35442c767d64f6d0db4af438a3856263857a",
            "signature_type": "Line",
            "id": "ASB-A-199754277-2f71314e",
            "deprecated": false
        },
        {
            "id": "ASB-A-199754277-38371cc6",
            "target": {
                "function": "displayCertChooserDialog",
                "file": "src/com/android/keychain/KeyChainActivity.java"
            },
            "signature_version": "v1",
            "source": "https://android.googlesource.com/platform/packages/apps/KeyChain/+/42d5b5ec58893e5f7f7d3bcc4a1e069aab3481b6",
            "signature_type": "Function",
            "digest": {
                "function_hash": "136996276653729503400298582803212933472",
                "length": 3204.0
            },
            "deprecated": false
        },
        {
            "id": "ASB-A-199754277-f933ea8f",
            "target": {
                "file": "src/com/android/keychain/KeyChainActivity.java"
            },
            "signature_version": "v1",
            "source": "https://android.googlesource.com/platform/packages/apps/KeyChain/+/42d5b5ec58893e5f7f7d3bcc4a1e069aab3481b6",
            "signature_type": "Line",
            "digest": {
                "line_hashes": [
                    "135855190934219119756034388740564437399",
                    "235540904095868242127131780153901629847",
                    "259238752188879198495785490080792033447",
                    "142819830997902240228446618298227373261"
                ],
                "threshold": 0.9
            },
            "deprecated": false
        }
    ],
    "severity": "High"
}

Database specific

source
"https://storage.googleapis.com/android-osv/ASB-A-199754277.json"
platform/packages/apps/KeyChain

Package

Name
platform/packages/apps/KeyChain

Affected ranges

Type
ECOSYSTEM
Events
Introduced
10:0
Fixed
10:2021-12-01

Affected versions

Other
10

Ecosystem specific

{
    "spl": "2021-12-01",
    "vanir_signatures": [
        {
            "id": "ASB-A-199754277-0f35481e",
            "target": {
                "file": "src/com/android/keychain/KeyChainActivity.java"
            },
            "signature_version": "v1",
            "source": "https://android.googlesource.com/platform/packages/apps/KeyChain/+/7771b58966715ef430f5cb6d81344192ab6d258f",
            "signature_type": "Line",
            "digest": {
                "line_hashes": [
                    "303597175863065157596178365770904233588",
                    "48256645860803694307132140820223977274",
                    "217809699249745623648040710182897893395",
                    "149797091561683545734968523231355275794",
                    "59096776248267728189978126642021086297",
                    "223171761866261416097529983750924596398"
                ],
                "threshold": 0.9
            },
            "deprecated": false
        },
        {
            "id": "ASB-A-199754277-a0ed1fb2",
            "target": {
                "file": "src/com/android/keychain/KeyChainActivity.java"
            },
            "signature_version": "v1",
            "source": "https://android.googlesource.com/platform/packages/apps/KeyChain/+/2b7ea9710d2069f9768cc3c2350df74b60f9ecbf",
            "signature_type": "Line",
            "digest": {
                "line_hashes": [
                    "135855190934219119756034388740564437399",
                    "235540904095868242127131780153901629847",
                    "259238752188879198495785490080792033447",
                    "142819830997902240228446618298227373261"
                ],
                "threshold": 0.9
            },
            "deprecated": false
        },
        {
            "id": "ASB-A-199754277-c5fb9d5c",
            "target": {
                "function": "displayCertChooserDialog",
                "file": "src/com/android/keychain/KeyChainActivity.java"
            },
            "signature_version": "v1",
            "source": "https://android.googlesource.com/platform/packages/apps/KeyChain/+/2b7ea9710d2069f9768cc3c2350df74b60f9ecbf",
            "signature_type": "Function",
            "digest": {
                "function_hash": "73505772937041119365331112705127743616",
                "length": 2980.0
            },
            "deprecated": false
        }
    ],
    "types": [
        "EoP"
    ],
    "fixes": [
        "https://android.googlesource.com/platform/packages/apps/KeyChain/+/7771b58966715ef430f5cb6d81344192ab6d258f",
        "https://android.googlesource.com/platform/packages/apps/KeyChain/+/2b7ea9710d2069f9768cc3c2350df74b60f9ecbf"
    ],
    "severity": "High"
}

Database specific

source
"https://storage.googleapis.com/android-osv/ASB-A-199754277.json"
platform/packages/apps/KeyChain

Package

Name
platform/packages/apps/KeyChain

Affected ranges

Type
ECOSYSTEM
Events
Introduced
11:0
Fixed
11:2021-12-01

Affected versions

Other
11

Ecosystem specific

{
    "fixes": [
        "https://android.googlesource.com/platform/packages/apps/KeyChain/+/3de513868e45f022fce83d738032fc69b8c6b0f5",
        "https://android.googlesource.com/platform/packages/apps/KeyChain/+/90c6182ef5933ec69383115e2703a177a0c5929b"
    ],
    "spl": "2021-12-01",
    "types": [
        "EoP"
    ],
    "vanir_signatures": [
        {
            "id": "ASB-A-199754277-1019e4a8",
            "target": {
                "function": "displayCertChooserDialog",
                "file": "src/com/android/keychain/KeyChainActivity.java"
            },
            "signature_version": "v1",
            "source": "https://android.googlesource.com/platform/packages/apps/KeyChain/+/90c6182ef5933ec69383115e2703a177a0c5929b",
            "signature_type": "Function",
            "digest": {
                "function_hash": "203824814824031038019991900579206230944",
                "length": 3011.0
            },
            "deprecated": false
        },
        {
            "id": "ASB-A-199754277-1024affc",
            "target": {
                "file": "src/com/android/keychain/KeyChainActivity.java"
            },
            "signature_version": "v1",
            "source": "https://android.googlesource.com/platform/packages/apps/KeyChain/+/90c6182ef5933ec69383115e2703a177a0c5929b",
            "signature_type": "Line",
            "digest": {
                "line_hashes": [
                    "135855190934219119756034388740564437399",
                    "235540904095868242127131780153901629847",
                    "259238752188879198495785490080792033447",
                    "142819830997902240228446618298227373261"
                ],
                "threshold": 0.9
            },
            "deprecated": false
        },
        {
            "id": "ASB-A-199754277-184c19c6",
            "target": {
                "file": "src/com/android/keychain/KeyChainActivity.java"
            },
            "signature_version": "v1",
            "source": "https://android.googlesource.com/platform/packages/apps/KeyChain/+/3de513868e45f022fce83d738032fc69b8c6b0f5",
            "signature_type": "Line",
            "digest": {
                "line_hashes": [
                    "128691875263131775220820109058442280430",
                    "168206557357049122735330899459189004701",
                    "41045489127893675357598209381160343343",
                    "59364463441045711836603236181276549075",
                    "273197236036770507062995719670167860476",
                    "48256645860803694307132140820223977274",
                    "219824241320010701138802366041289464563",
                    "24326035824782186584841896781093620413",
                    "180873309683049572042491718958890115237",
                    "244121184130991112938393343813406232222"
                ],
                "threshold": 0.9
            },
            "deprecated": false
        }
    ],
    "severity": "High"
}

Database specific

source
"https://storage.googleapis.com/android-osv/ASB-A-199754277.json"
platform/packages/apps/KeyChain

Package

Name
platform/packages/apps/KeyChain

Affected ranges

Type
ECOSYSTEM
Events
Introduced
12:0
Fixed
12:2021-12-01

Affected versions

Other
12

Ecosystem specific

{
    "vanir_signatures": [
        {
            "id": "ASB-A-199754277-231b5806",
            "target": {
                "file": "src/com/android/keychain/KeyChainActivity.java"
            },
            "signature_version": "v1",
            "source": "https://android.googlesource.com/platform/packages/apps/KeyChain/+/d2c543f9670ce4c6abc27fdc47d730b0c532d9fb",
            "signature_type": "Line",
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "208145163328167472748897027555711714882",
                    "30674088855709114898709890290627615336",
                    "254801975279325279560290300634665894950",
                    "196498049348011577982911759103546494316",
                    "56162162265642485860413942937486547499",
                    "100392728771381320547015046049976835169",
                    "106258610578275625944997385992487392222"
                ]
            },
            "deprecated": false
        },
        {
            "id": "ASB-A-199754277-b9e6c704",
            "target": {
                "function": "displayCertChooserDialog",
                "file": "src/com/android/keychain/KeyChainActivity.java"
            },
            "signature_version": "v1",
            "source": "https://android.googlesource.com/platform/packages/apps/KeyChain/+/0b90da9e52f53d089d34a895256f048729b36661",
            "signature_type": "Function",
            "digest": {
                "function_hash": "118549816647082231951580483889162385421",
                "length": 2776.0
            },
            "deprecated": false
        },
        {
            "id": "ASB-A-199754277-c2ca4d46",
            "target": {
                "file": "src/com/android/keychain/KeyChainActivity.java"
            },
            "signature_version": "v1",
            "source": "https://android.googlesource.com/platform/packages/apps/KeyChain/+/0b90da9e52f53d089d34a895256f048729b36661",
            "signature_type": "Line",
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "135855190934219119756034388740564437399",
                    "235540904095868242127131780153901629847",
                    "259238752188879198495785490080792033447",
                    "111842385937988146741835959770460073843"
                ]
            },
            "deprecated": false
        },
        {
            "id": "ASB-A-199754277-dca04a64",
            "target": {
                "function": "onCreate",
                "file": "src/com/android/keychain/KeyChainActivity.java"
            },
            "signature_version": "v1",
            "source": "https://android.googlesource.com/platform/packages/apps/KeyChain/+/d2c543f9670ce4c6abc27fdc47d730b0c532d9fb",
            "signature_type": "Function",
            "digest": {
                "function_hash": "71065350424441331116573748980346557509",
                "length": 109.0
            },
            "deprecated": false
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/packages/apps/KeyChain/+/d2c543f9670ce4c6abc27fdc47d730b0c532d9fb",
        "https://android.googlesource.com/platform/packages/apps/KeyChain/+/0b90da9e52f53d089d34a895256f048729b36661"
    ],
    "types": [
        "EoP"
    ],
    "spl": "2021-12-01",
    "severity": "High"
}

Database specific

source
"https://storage.googleapis.com/android-osv/ASB-A-199754277.json"