ASB-A-200164168

See a problem?
Import Source
https://storage.googleapis.com/android-osv/ASB-A-200164168.json
JSON Data
https://api.osv.dev/v1/vulns/ASB-A-200164168
Aliases
Published
2022-03-01T00:00:00Z
Modified
2026-04-20T15:37:26.169566Z
Summary
[none]
Details

In onResume of CredentialStorage.java, there is a possible way to cleanup content of credentials storage due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

References

Affected packages

Android
platform/packages/apps/Settings

Package

Name
platform/packages/apps/Settings

Affected ranges

Type
ECOSYSTEM
Events
Introduced
10:0
Fixed
10:2022-03-01

Affected versions

Other
10

Ecosystem specific 

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "294847935106685419390405624134946482607",
                    "82906614265495310515570653317557617056",
                    "159861592737700861009703597589919275556",
                    "227542447424445244222662292374115168909",
                    "201542614339003240336485074705580277268",
                    "181950869077538877837885426374100210392",
                    "163365771531368183851379029453875709304"
                ]
            },
            "id": "ASB-A-200164168-b96ef1b6",
            "deprecated": false,
            "signature_version": "v1",
            "signature_type": "Line",
            "source": "https://android.googlesource.com/platform/packages/apps/Settings/+/35e3d0c1b0598b2032fc6c134c657255f1907594",
            "target": {
                "file": "src/com/android/settings/security/CredentialStorage.java"
            }
        },
        {
            "digest": {
                "length": 460.0,
                "function_hash": "152680907284903635233314357538861496727"
            },
            "id": "ASB-A-200164168-babd9d97",
            "deprecated": false,
            "signature_version": "v1",
            "signature_type": "Function",
            "source": "https://android.googlesource.com/platform/packages/apps/Settings/+/35e3d0c1b0598b2032fc6c134c657255f1907594",
            "target": {
                "function": "onResume",
                "file": "src/com/android/settings/security/CredentialStorage.java"
            }
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/packages/apps/Settings/+/35e3d0c1b0598b2032fc6c134c657255f1907594"
    ],
    "types": [
        "EoP"
    ],
    "spl": "2022-03-01",
    "severity": "High"
}

Database specific

source 
"https://storage.googleapis.com/android-osv/ASB-A-200164168.json"
platform/packages/apps/Car/Settings

Package

Name
platform/packages/apps/Car/Settings

Affected ranges

Type
ECOSYSTEM
Events
Introduced
11:0
Fixed
11:2022-03-01

Affected versions

Other
11

Ecosystem specific 

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "227648426079284531361252755530448575297",
                    "319836403509873846234084515950353464245",
                    "79660424378960435000974712114857405762",
                    "269091642270754071500476499506653333382",
                    "273640597411792409689188349763575105779",
                    "219276427171578401975723808035356768581",
                    "324900859351151195652448818897023516213"
                ]
            },
            "id": "ASB-A-200164168-21994fbf",
            "deprecated": false,
            "signature_version": "v1",
            "signature_type": "Line",
            "source": "https://android.googlesource.com/platform/packages/apps/Car/Settings/+/6a6489935d203715a755b21b374e1e3b3085aa3f",
            "target": {
                "file": "src/com/android/car/settings/security/CredentialStorageActivity.java"
            }
        },
        {
            "digest": {
                "length": 461.0,
                "function_hash": "113359261602367393554565238702160217651"
            },
            "id": "ASB-A-200164168-765af7bb",
            "deprecated": false,
            "signature_version": "v1",
            "signature_type": "Function",
            "source": "https://android.googlesource.com/platform/packages/apps/Car/Settings/+/6a6489935d203715a755b21b374e1e3b3085aa3f",
            "target": {
                "function": "onResume",
                "file": "src/com/android/car/settings/security/CredentialStorageActivity.java"
            }
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/packages/apps/Car/Settings/+/6a6489935d203715a755b21b374e1e3b3085aa3f"
    ],
    "types": [
        "EoP"
    ],
    "spl": "2022-03-01",
    "severity": "High"
}

Database specific

source 
"https://storage.googleapis.com/android-osv/ASB-A-200164168.json"
platform/packages/apps/Settings

Package

Name
platform/packages/apps/Settings

Affected ranges

Type
ECOSYSTEM
Events
Introduced
11:0
Fixed
11:2022-03-01

Affected versions

Other
11

Ecosystem specific 

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 460.0,
                "function_hash": "152680907284903635233314357538861496727"
            },
            "id": "ASB-A-200164168-4f2d6cd4",
            "deprecated": false,
            "signature_version": "v1",
            "signature_type": "Function",
            "source": "https://android.googlesource.com/platform/packages/apps/Settings/+/f8a1a563c7c598db6fe5f902e35d968ea7dc0003",
            "target": {
                "function": "onResume",
                "file": "src/com/android/settings/security/CredentialStorage.java"
            }
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "294847935106685419390405624134946482607",
                    "82906614265495310515570653317557617056",
                    "159861592737700861009703597589919275556",
                    "227542447424445244222662292374115168909",
                    "264447109541725377457525668426737859850",
                    "2489955176728554666695627062628097152",
                    "163365771531368183851379029453875709304"
                ]
            },
            "id": "ASB-A-200164168-c04c1337",
            "deprecated": false,
            "signature_version": "v1",
            "signature_type": "Line",
            "source": "https://android.googlesource.com/platform/packages/apps/Settings/+/f8a1a563c7c598db6fe5f902e35d968ea7dc0003",
            "target": {
                "file": "src/com/android/settings/security/CredentialStorage.java"
            }
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/packages/apps/Settings/+/f8a1a563c7c598db6fe5f902e35d968ea7dc0003"
    ],
    "types": [
        "EoP"
    ],
    "spl": "2022-03-01",
    "severity": "High"
}

Database specific

source 
"https://storage.googleapis.com/android-osv/ASB-A-200164168.json"
platform/packages/apps/Car/Settings

Package

Name
platform/packages/apps/Car/Settings

Affected ranges

Type
ECOSYSTEM
Events
Introduced
12:0
Fixed
12:2022-03-01

Affected versions

Other
12

Ecosystem specific 

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 599.0,
                "function_hash": "328604024871667527238186183680934489091"
            },
            "id": "ASB-A-200164168-0655a3c2",
            "deprecated": false,
            "signature_version": "v1",
            "signature_type": "Function",
            "source": "https://android.googlesource.com/platform/packages/apps/Car/Settings/+/571f4c5b88c1e1ba3d7f04687d906cc89bfa6dc3",
            "target": {
                "function": "onCreate",
                "file": "src/com/android/car/settings/security/CredentialStorageActivity.java"
            }
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "227648426079284531361252755530448575297",
                    "319836403509873846234084515950353464245",
                    "79660424378960435000974712114857405762",
                    "269091642270754071500476499506653333382",
                    "273640597411792409689188349763575105779",
                    "219276427171578401975723808035356768581",
                    "324900859351151195652448818897023516213"
                ]
            },
            "id": "ASB-A-200164168-24386706",
            "deprecated": false,
            "signature_version": "v1",
            "signature_type": "Line",
            "source": "https://android.googlesource.com/platform/packages/apps/Car/Settings/+/571f4c5b88c1e1ba3d7f04687d906cc89bfa6dc3",
            "target": {
                "file": "src/com/android/car/settings/security/CredentialStorageActivity.java"
            }
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/packages/apps/Car/Settings/+/571f4c5b88c1e1ba3d7f04687d906cc89bfa6dc3"
    ],
    "types": [
        "EoP"
    ],
    "spl": "2022-03-01",
    "severity": "High"
}

Database specific

source 
"https://storage.googleapis.com/android-osv/ASB-A-200164168.json"
platform/packages/apps/Settings

Package

Name
platform/packages/apps/Settings

Affected ranges

Type
ECOSYSTEM
Events
Introduced
12:0
Fixed
12:2022-03-01

Affected versions

Other
12

Ecosystem specific 

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 460.0,
                "function_hash": "152680907284903635233314357538861496727"
            },
            "id": "ASB-A-200164168-920fde37",
            "deprecated": false,
            "signature_version": "v1",
            "signature_type": "Function",
            "source": "https://android.googlesource.com/platform/packages/apps/Settings/+/6407b20ab3ab49318ba5cbfc0d6b59c675df67b4",
            "target": {
                "function": "onResume",
                "file": "src/com/android/settings/security/CredentialStorage.java"
            }
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "294847935106685419390405624134946482607",
                    "82906614265495310515570653317557617056",
                    "159861592737700861009703597589919275556",
                    "227542447424445244222662292374115168909",
                    "264447109541725377457525668426737859850",
                    "2489955176728554666695627062628097152",
                    "163365771531368183851379029453875709304"
                ]
            },
            "id": "ASB-A-200164168-93218dff",
            "deprecated": false,
            "signature_version": "v1",
            "signature_type": "Line",
            "source": "https://android.googlesource.com/platform/packages/apps/Settings/+/6407b20ab3ab49318ba5cbfc0d6b59c675df67b4",
            "target": {
                "file": "src/com/android/settings/security/CredentialStorage.java"
            }
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/packages/apps/Settings/+/6407b20ab3ab49318ba5cbfc0d6b59c675df67b4"
    ],
    "types": [
        "EoP"
    ],
    "spl": "2022-03-01",
    "severity": "High"
}

Database specific

source 
"https://storage.googleapis.com/android-osv/ASB-A-200164168.json"
platform/packages/apps/Car/Settings

Package

Name
platform/packages/apps/Car/Settings

Affected ranges

Type
ECOSYSTEM
Events
Introduced
12L:0
Fixed
12L:2022-03-01

Affected versions

Other
12L

Ecosystem specific 

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "227648426079284531361252755530448575297",
                    "319836403509873846234084515950353464245",
                    "79660424378960435000974712114857405762",
                    "269091642270754071500476499506653333382",
                    "273640597411792409689188349763575105779",
                    "219276427171578401975723808035356768581",
                    "324900859351151195652448818897023516213"
                ]
            },
            "id": "ASB-A-200164168-882999a5",
            "deprecated": false,
            "signature_version": "v1",
            "signature_type": "Line",
            "source": "https://android.googlesource.com/platform/packages/apps/Car/Settings/+/571f4c5b88c1e1ba3d7f04687d906cc89bfa6dc3",
            "target": {
                "file": "src/com/android/car/settings/security/CredentialStorageActivity.java"
            }
        },
        {
            "digest": {
                "length": 599.0,
                "function_hash": "328604024871667527238186183680934489091"
            },
            "id": "ASB-A-200164168-bbfbb2d2",
            "deprecated": false,
            "signature_version": "v1",
            "signature_type": "Function",
            "source": "https://android.googlesource.com/platform/packages/apps/Car/Settings/+/571f4c5b88c1e1ba3d7f04687d906cc89bfa6dc3",
            "target": {
                "function": "onCreate",
                "file": "src/com/android/car/settings/security/CredentialStorageActivity.java"
            }
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/packages/apps/Car/Settings/+/571f4c5b88c1e1ba3d7f04687d906cc89bfa6dc3"
    ],
    "types": [
        "EoP"
    ],
    "spl": "2022-03-01",
    "severity": "High"
}

Database specific

source 
"https://storage.googleapis.com/android-osv/ASB-A-200164168.json"
platform/packages/apps/Settings

Package

Name
platform/packages/apps/Settings

Affected ranges

Type
ECOSYSTEM
Events
Introduced
12L:0
Fixed
12L:2022-03-01

Affected versions

Other
12L

Ecosystem specific 

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 460.0,
                "function_hash": "152680907284903635233314357538861496727"
            },
            "id": "ASB-A-200164168-24f7eb5e",
            "deprecated": false,
            "signature_version": "v1",
            "signature_type": "Function",
            "source": "https://android.googlesource.com/platform/packages/apps/Settings/+/6407b20ab3ab49318ba5cbfc0d6b59c675df67b4",
            "target": {
                "function": "onResume",
                "file": "src/com/android/settings/security/CredentialStorage.java"
            }
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "294847935106685419390405624134946482607",
                    "82906614265495310515570653317557617056",
                    "159861592737700861009703597589919275556",
                    "227542447424445244222662292374115168909",
                    "264447109541725377457525668426737859850",
                    "2489955176728554666695627062628097152",
                    "163365771531368183851379029453875709304"
                ]
            },
            "id": "ASB-A-200164168-c4f6d901",
            "deprecated": false,
            "signature_version": "v1",
            "signature_type": "Line",
            "source": "https://android.googlesource.com/platform/packages/apps/Settings/+/6407b20ab3ab49318ba5cbfc0d6b59c675df67b4",
            "target": {
                "file": "src/com/android/settings/security/CredentialStorage.java"
            }
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/packages/apps/Settings/+/6407b20ab3ab49318ba5cbfc0d6b59c675df67b4"
    ],
    "types": [
        "EoP"
    ],
    "spl": "2022-03-01",
    "severity": "High"
}

Database specific

source 
"https://storage.googleapis.com/android-osv/ASB-A-200164168.json"