ASB-A-202768292

See a problem?
Import Source
https://storage.googleapis.com/android-osv/ASB-A-202768292.json
JSON Data
https://api.osv.dev/v1/vulns/ASB-A-202768292
Aliases
  • A-202768292
  • CVE-2021-39630
Published
2022-01-01T00:00:00Z
Modified
2026-07-03T16:08:45.503432344Z
Summary
[none]
Details

In executeRequest of OverlayManagerService.java, there is a possible way to control fabricated overlays from adb shell due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

References

Affected packages

Android / platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
12:0
Fixed
12:2022-01-01

Affected versions

Other
12

Ecosystem specific

{
    "vanir_signatures": [
        {
            "id": "ASB-A-202768292-12db0af8",
            "target": {
                "function": "OverlayManagerService",
                "file": "services/core/java/com/android/server/om/OverlayManagerService.java"
            },
            "signature_version": "v1",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/627d5eb68e19a8ea18c3c1405701b3a33f073315",
            "signature_type": "Function",
            "digest": {
                "function_hash": "326322751240508323355186466492298396434",
                "length": 1337.0
            },
            "deprecated": false
        },
        {
            "id": "ASB-A-202768292-638c12c8",
            "target": {
                "function": "executeRequest",
                "file": "services/core/java/com/android/server/om/OverlayManagerService.java"
            },
            "signature_version": "v1",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/627d5eb68e19a8ea18c3c1405701b3a33f073315",
            "signature_type": "Function",
            "digest": {
                "function_hash": "22931789430284818538229315262645915337",
                "length": 1784.0
            },
            "deprecated": false
        },
        {
            "id": "ASB-A-202768292-e7a115a8",
            "target": {
                "file": "services/core/java/com/android/server/om/OverlayManagerService.java"
            },
            "signature_version": "v1",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/627d5eb68e19a8ea18c3c1405701b3a33f073315",
            "signature_type": "Line",
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "264047575499705013826057957145778461627",
                    "74772262489499897834733044985686582819",
                    "119807025025831525566320421356378051124",
                    "91008912170575886755658254909050260530",
                    "308322145304475201728355297492677055162",
                    "275155973538704798048365005284701952787",
                    "32400124045898944545581680566210961286",
                    "274268388700510425115480133473086407073",
                    "42702381939894791518723683671897731020",
                    "181485930362381194113622465111492284765",
                    "74878875272942187113388173881169542538",
                    "326663632130122039236458743459309863891",
                    "254975610931225471233459325600541047397",
                    "124160822546388015943020434133872821608"
                ]
            },
            "deprecated": false
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/627d5eb68e19a8ea18c3c1405701b3a33f073315"
    ],
    "types": [
        "EoP"
    ],
    "spl": "2022-01-01",
    "severity": "High"
}

Database specific

source
"https://storage.googleapis.com/android-osv/ASB-A-202768292.json"