ASB-A-202768292

Import Source
https://storage.googleapis.com/android-osv/ASB-A-202768292.json
Aliases
  • CVE-2021-39630
Published
2022-01-01T00:00:00Z
Modified
2024-03-27T14:40:40Z
Details

In executeRequest of OverlayManagerService.java, there is a possible way to control fabricated overlays from adb shell due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

References

Affected packages

Android / platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
12:0
Fixed
12:2022-01-01

Affected versions

Other

12

Ecosystem specific

{
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/b2dc041a4e84986e3a6932b127d3a18ef02b6d0a"
    ],
    "spl": "2022-01-01",
    "types": [
        "EoP"
    ],
    "severity": "High"
}