ASB-A-203847542
See a problem?- Import Source
- https://storage.googleapis.com/android-osv/ASB-A-203847542.json
- JSON Data
- https://api.osv.dev/v1/vulns/ASB-A-203847542
- Aliases
-
- A-203847542
- CVE-2021-39620
- Published
- 2022-01-01T00:00:00Z
- Modified
- 2026-04-17T15:55:28.020024Z
- Summary
- [none]
- Details
-
In ipcSetDataReference of Parcel.cpp, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
- References
Affected packages
Android / platform/frameworks/native
Package
Ecosystem specific
{
"severity": "High",
"fixes": [
"https://android.googlesource.com/platform/frameworks/native/+/d668098e4714025b41052207c9332de86dc3936a"
],
"spl": "2022-01-01",
"vanir_signatures": [
{
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/native/+/d668098e4714025b41052207c9332de86dc3936a",
"target": {
"function": "Parcel::ipcSetDataReference",
"file": "libs/binder/Parcel.cpp"
},
"deprecated": false,
"digest": {
"function_hash": "144609664463200789840411049854569021572",
"length": 1276.0
},
"signature_type": "Function",
"id": "ASB-A-203847542-b60b1a8c"
},
{
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/native/+/d668098e4714025b41052207c9332de86dc3936a",
"target": {
"file": "libs/binder/Parcel.cpp"
},
"deprecated": false,
"digest": {
"line_hashes": [
"98137480975788759579922814741327671228",
"296481944491939447479301249339620908390",
"255680770530481632092119999480852922173",
"335918368435902695206397568346019004575",
"132768507783080792642256092800878294969",
"103982756747036362728424074686863731880",
"185907099120875731621615021484317954078"
],
"threshold": 0.9
},
"signature_type": "Line",
"id": "ASB-A-203847542-c4233554"
}
],
"types": [
"EoP"
]
}
Android / platform/frameworks/native
Package
Ecosystem specific
{
"severity": "High",
"fixes": [
"https://android.googlesource.com/platform/frameworks/native/+/7c8497e0127dde63957ee39e90e62b119d09948d"
],
"spl": "2022-01-01",
"vanir_signatures": [
{
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/native/+/7c8497e0127dde63957ee39e90e62b119d09948d",
"target": {
"file": "libs/binder/Parcel.cpp"
},
"deprecated": false,
"digest": {
"line_hashes": [
"98137480975788759579922814741327671228",
"296481944491939447479301249339620908390",
"255680770530481632092119999480852922173",
"335918368435902695206397568346019004575",
"132768507783080792642256092800878294969",
"103982756747036362728424074686863731880",
"185907099120875731621615021484317954078"
],
"threshold": 0.9
},
"signature_type": "Line",
"id": "ASB-A-203847542-5ce76df0"
},
{
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/native/+/7c8497e0127dde63957ee39e90e62b119d09948d",
"target": {
"function": "Parcel::ipcSetDataReference",
"file": "libs/binder/Parcel.cpp"
},
"deprecated": false,
"digest": {
"function_hash": "332897563253174728649794722178199941684",
"length": 1139.0
},
"signature_type": "Function",
"id": "ASB-A-203847542-c9140953"
}
],
"types": [
"EoP"
]
}