ASB-A-200284993

See a problem?

Import Source

https://storage.googleapis.com/android-osv/ASB-A-200284993.json

JSON Data

https://api.osv.dev/v1/vulns/ASB-A-200284993

Aliases

A-200284993
CVE-2021-0959

Published

2022-01-01T00:00:00Z

Modified

2026-03-10T17:06:09.438720Z

Summary

[none]

Details

In jitmemoryregion.cc, there is a possible bypass of memory restrictions due to a logic error in the code. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.

References

Affected packages

Android / platform/art

Package

Name: platform/art

Affected ranges

Type: ECOSYSTEM
Events: Introduced

12:0

Fixed

12:2022-01-05

Affected versions

Other

Ecosystem specific

{
    "types": [
        "EoP"
    ],
    "fixes": [
        "https://android.googlesource.com/platform/art/+/c95b63042306aba985bb2902663c759b38b0ac81",
        "https://android.googlesource.com/platform/art/+/94e2fc9465e9a2c9d62902b09ed9a18d9250ccd8"
    ],
    "spl": "2022-01-05",
    "vanir_signatures": [
        {
            "source": "https://android.googlesource.com/platform/art/+/c95b63042306aba985bb2902663c759b38b0ac81",
            "deprecated": false,
            "signature_version": "v1",
            "id": "ASB-A-200284993-27046eaf",
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "313769786165012970247156840556998380759",
                    "7192541558220260550692670078882643956",
                    "244433072460863252127122317462668729704",
                    "167667077681278366514001627240110016015",
                    "69220992446764526161623880950664055704",
                    "335234744081955465784295949672820317414",
                    "87537805710947837879638876880624454026"
                ]
            },
            "signature_type": "Line",
            "target": {
                "file": "runtime/jit/jit_memory_region_test.cc"
            }
        },
        {
            "source": "https://android.googlesource.com/platform/art/+/c95b63042306aba985bb2902663c759b38b0ac81",
            "deprecated": false,
            "signature_version": "v1",
            "id": "ASB-A-200284993-331cf4cb",
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "101377583804034911880488950387349915873",
                    "43875174431002387215738951208057090463",
                    "175251801755861065420416482148409636720",
                    "86633728713538026547507609825826114792",
                    "207068821523675007144379974753971034298",
                    "35021973928557180532539380573928673447",
                    "6794208807716292950186278047549614208",
                    "330010683594744387873274044319693495230",
                    "192898501692735086360044587678499929005",
                    "184156343029145021748620069695704801932",
                    "45031671449925048445162341957255603807",
                    "95994658093808982894755901305787495412",
                    "282892341157278775927413378335781482326",
                    "285619687401312303863088458775907994753",
                    "59139534156782179110752698502236697478",
                    "331738762768307958879932921061538186422",
                    "141649008207310288829301062985547366507",
                    "118523608036293860221782104786572737108",
                    "173920210838750147787995927561804846869",
                    "75764839701857998307063787395082285238",
                    "152201916079643461930706149911318149789",
                    "108456151300731104224816049391156232837",
                    "337190121913758761737083790646717381770",
                    "119785630824365573678675763674687158254",
                    "233404607451833809519147780652795129701",
                    "277488276929954111307371396931586127817",
                    "237535871146545282329230357786748653767",
                    "329441499969120034622488479117347882327",
                    "188669342751850398703229680856335352424",
                    "58803724340493218045146532251010677581",
                    "291337417358617683860950401336313021099",
                    "214230581991960476657970152800460621135",
                    "322141697056241378719538067427028633414",
                    "21783396700307626522631610895513158251",
                    "36104381141494180881967891485691420783",
                    "148612979417717238573823925089252325870",
                    "211831002776604513402586575923649519105",
                    "253047768186737000907699252175661814395",
                    "245936102494528117537097647049704366207",
                    "238645938560705105460746178381928012692",
                    "191768592574326122081253966970287464436",
                    "241554115812486573747221800468539970088",
                    "106415165940029188961588463773956761789",
                    "84699519894760764275327731167098884290",
                    "113693003631622683736544087907078253246",
                    "223255390266092224168217370230466678189",
                    "260977815016174492787949847736705767055",
                    "94340211496772676298937537860602159311",
                    "167250201513287636719875257953586418002",
                    "338647641078601532088138890711984633280",
                    "65588672902329879375339475759391741614",
                    "177774880308112041877561964229032280938",
                    "236600324531751331732500971460370286103",
                    "220165640666603722746425156561418703813",
                    "160600590713002124079669420295938393954",
                    "30167801730396928213087548133024720666",
                    "301668974248296136295347392875971812139",
                    "318226008465312355361730718382088750509",
                    "129499282297447504415662047450670851274",
                    "148597100294127026233419198304487886404",
                    "151049568205606155848920974716457650611",
                    "174415122682603001274285732883504625616",
                    "145956696072236800160531700959534659964",
                    "300527579214245709405838685739902121075",
                    "23399723171852013904542918825137194415",
                    "15235030818515826617170166630971336195",
                    "242196971313882578858962184372537437639",
                    "96371592385782310024067783704164055236",
                    "330840053272376455533137807072429634830",
                    "19667442798071618042460190559913295169",
                    "218898444773122912477353476860122325387",
                    "229762052393173162944474752875540427303",
                    "178781537382420709307941266672148082030"
                ]
            },
            "signature_type": "Line",
            "target": {
                "file": "runtime/jit/jit_memory_region.cc"
            }
        },
        {
            "source": "https://android.googlesource.com/platform/art/+/94e2fc9465e9a2c9d62902b09ed9a18d9250ccd8",
            "deprecated": false,
            "signature_version": "v1",
            "id": "ASB-A-200284993-51776817",
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "113164951984197949154163442678874269062",
                    "157649382146645842443481417001422842274",
                    "281632205697975650041395507703987138485",
                    "76410359553733138422615188894422947472"
                ]
            },
            "signature_type": "Line",
            "target": {
                "file": "runtime/jit/jit_memory_region.cc"
            }
        },
        {
            "source": "https://android.googlesource.com/platform/art/+/c95b63042306aba985bb2902663c759b38b0ac81",
            "deprecated": false,
            "signature_version": "v1",
            "id": "ASB-A-200284993-84b9483b",
            "digest": {
                "length": 4464.0,
                "function_hash": "312266886202539856587997002351029081721"
            },
            "signature_type": "Function",
            "target": {
                "file": "runtime/jit/jit_memory_region.cc",
                "function": "JitMemoryRegion::Initialize"
            }
        },
        {
            "source": "https://android.googlesource.com/platform/art/+/94e2fc9465e9a2c9d62902b09ed9a18d9250ccd8",
            "deprecated": false,
            "signature_version": "v1",
            "id": "ASB-A-200284993-fb58f711",
            "digest": {
                "length": 640.0,
                "function_hash": "16372073891541434953868861536757561508"
            },
            "signature_type": "Function",
            "target": {
                "file": "runtime/jit/jit_memory_region.cc",
                "function": "JitMemoryRegion::ProtectZygoteMemory"
            }
        }
    ],
    "severity": "High"
}

Database specific

source

"https://storage.googleapis.com/android-osv/ASB-A-200284993.json"