ASB-A-204316511
See a problem?- Import Source
- https://storage.googleapis.com/android-osv/ASB-A-204316511.json
- JSON Data
- https://api.osv.dev/v1/vulns/ASB-A-204316511
- Aliases
-
- A-204316511
- CVE-2021-39690
- Published
- 2022-03-01T00:00:00Z
- Modified
- 2026-04-30T15:48:46.890647Z
- Summary
- [none]
- Details
-
In setDisplayPadding of WallpaperManagerService.java, there is a possible way to cause a persistent DoS due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
- References
Affected packages
Android / platform/frameworks/native
Package
Ecosystem specific
{
"types": [
"DoS"
],
"spl": "2022-03-01",
"fixes": [
"https://android.googlesource.com/platform/frameworks/native/+/ec7e4d9a5cc4dfc2937bb80d51cdb85193f5d72f"
],
"severity": "High",
"vanir_signatures": [
{
"signature_type": "Function",
"target": {
"function": "SurfaceFlinger::setClientStateLocked",
"file": "services/surfaceflinger/SurfaceFlinger.cpp"
},
"signature_version": "v1",
"id": "ASB-A-204316511-0861fe58",
"digest": {
"function_hash": "44791309334450844456675503081552095819",
"length": 10777.0
},
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/native/+/ec7e4d9a5cc4dfc2937bb80d51cdb85193f5d72f"
},
{
"signature_type": "Function",
"target": {
"function": "TEST_F",
"file": "services/surfaceflinger/tests/ScreenCapture_test.cpp"
},
"signature_version": "v1",
"id": "ASB-A-204316511-0b67edba",
"digest": {
"function_hash": "68970275361145897337197793897902028755",
"length": 448.0
},
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/native/+/ec7e4d9a5cc4dfc2937bb80d51cdb85193f5d72f"
},
{
"signature_type": "Line",
"target": {
"file": "services/surfaceflinger/SurfaceFlinger.h"
},
"signature_version": "v1",
"id": "ASB-A-204316511-168df7b9",
"digest": {
"line_hashes": [
"270393534189313986138406752366389592692",
"275259688982229378796214134438810533892",
"32658692480511583052221100177423045760",
"325541602959327163285295616554781221560",
"150656553309228583418935861274375229415",
"79007643362002399721069831287191174013",
"260638839433997621765035161646269865569",
"51154081431170123515244966929876425018",
"293354864219505538563937347222591001955"
],
"threshold": 0.9
},
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/native/+/ec7e4d9a5cc4dfc2937bb80d51cdb85193f5d72f"
},
{
"signature_type": "Line",
"target": {
"file": "services/surfaceflinger/SurfaceFlinger.cpp"
},
"signature_version": "v1",
"id": "ASB-A-204316511-30d9ecb9",
"digest": {
"line_hashes": [
"50831744151293563148774182705800289957",
"246199372833904166426758290384853950570",
"65259641609290005896131676617688977408",
"279126005880760193766664021394497039369",
"114752519249385513995651475033615615074",
"223068659330178039251646065577549184712",
"116805605386415337921854819471103920582",
"46940868681131104489128586934369862391",
"288853366720205307429930853653298883587",
"233984338985834847923886988015087369311",
"18657092450738869211298242413185952565",
"86695048204250042932197239666050511902",
"40418084175344883626793243264844743296",
"43438680977200929748427574570371657025",
"3780668423173098917055057446348319336",
"295639582164583522627760560888713544779",
"250396443443507962491849439221007485627",
"245702862578622383129984366220320368129",
"230294016904879018548020527969489015517",
"203097268619279677733732202238894647297",
"278766065261577349261352574376242545677",
"29906286069791369883975108308481887364",
"72906806340084835044783543252159141174",
"244090735304815118576609476576699676636",
"257692195445048202689568642402809250204",
"75965817899740505879480859937455098457",
"87490741968727612907253607811001194436",
"246792299017957834943432765355298996049",
"38086289253211337153918046234844497640",
"304760948508225125354257263857742277736",
"321530385934897649262916508893414142493"
],
"threshold": 0.9
},
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/native/+/ec7e4d9a5cc4dfc2937bb80d51cdb85193f5d72f"
},
{
"signature_type": "Line",
"target": {
"file": "services/surfaceflinger/BufferQueueLayer.cpp"
},
"signature_version": "v1",
"id": "ASB-A-204316511-af82110b",
"digest": {
"line_hashes": [
"326617142731568385770532707510707597822",
"47224220044425117570889795875636002776",
"266900134505728704137495987384257683944",
"12034557646692221699214601096237409888",
"70221427526257988746382306026655633745",
"73995432580248685550342145545719205906",
"11258871478258743572994716079609741247"
],
"threshold": 0.9
},
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/native/+/ec7e4d9a5cc4dfc2937bb80d51cdb85193f5d72f"
},
{
"signature_type": "Line",
"target": {
"file": "services/surfaceflinger/tests/unittests/TestableSurfaceFlinger.h"
},
"signature_version": "v1",
"id": "ASB-A-204316511-b8fbbe91",
"digest": {
"line_hashes": [
"156929728718137448873133453971998890982",
"324896239003313475224695704815249716963",
"157859793816611732865379366320154745581",
"213776545598237756212767554286521257586"
],
"threshold": 0.9
},
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/native/+/ec7e4d9a5cc4dfc2937bb80d51cdb85193f5d72f"
},
{
"signature_type": "Function",
"target": {
"function": "SurfaceFlinger::captureScreenCommon",
"file": "services/surfaceflinger/SurfaceFlinger.cpp"
},
"signature_version": "v1",
"id": "ASB-A-204316511-cf763faf",
"digest": {
"function_hash": "267808185272358036404270983592380047937",
"length": 1192.0
},
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/native/+/ec7e4d9a5cc4dfc2937bb80d51cdb85193f5d72f"
},
{
"signature_type": "Function",
"target": {
"function": "BufferQueueLayer::setDefaultBufferProperties",
"file": "services/surfaceflinger/BufferQueueLayer.cpp"
},
"signature_version": "v1",
"id": "ASB-A-204316511-d1082d8c",
"digest": {
"function_hash": "178068123687975233729835503111490358002",
"length": 523.0
},
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/native/+/ec7e4d9a5cc4dfc2937bb80d51cdb85193f5d72f"
},
{
"signature_type": "Line",
"target": {
"file": "services/surfaceflinger/tests/ScreenCapture_test.cpp"
},
"signature_version": "v1",
"id": "ASB-A-204316511-df7ed311",
"digest": {
"line_hashes": [
"251512948118852365255095896215843666341",
"18271132180437244950113978482901102267",
"195922620811718844315764548131075066561",
"273208535694031873339281917213734725627",
"317254991244631110115633483299150761479",
"184247728271956556618092849541992375104",
"81972724684050499725850284010752823515"
],
"threshold": 0.9
},
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/native/+/ec7e4d9a5cc4dfc2937bb80d51cdb85193f5d72f"
},
{
"signature_type": "Function",
"target": {
"function": "SurfaceFlinger::getMaxViewportDims",
"file": "services/surfaceflinger/SurfaceFlinger.cpp"
},
"signature_version": "v1",
"id": "ASB-A-204316511-e061132e",
"digest": {
"function_hash": "198360065419706188038951677303151724041",
"length": 103.0
},
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/native/+/ec7e4d9a5cc4dfc2937bb80d51cdb85193f5d72f"
},
{
"signature_type": "Function",
"target": {
"function": "SurfaceFlinger::getMaxTextureSize",
"file": "services/surfaceflinger/SurfaceFlinger.cpp"
},
"signature_version": "v1",
"id": "ASB-A-204316511-f8a2a7fb",
"digest": {
"function_hash": "73337789091569781885641322594455116534",
"length": 101.0
},
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/native/+/ec7e4d9a5cc4dfc2937bb80d51cdb85193f5d72f"
},
{
"signature_type": "Function",
"target": {
"function": "SurfaceFlinger::init",
"file": "services/surfaceflinger/SurfaceFlinger.cpp"
},
"signature_version": "v1",
"id": "ASB-A-204316511-f9fb53aa",
"digest": {
"function_hash": "295098899868169209202705964467570467921",
"length": 2406.0
},
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/native/+/ec7e4d9a5cc4dfc2937bb80d51cdb85193f5d72f"
}
]
}
Android / platform/frameworks/native
Package
Ecosystem specific
{
"types": [
"DoS"
],
"spl": "2022-03-01",
"fixes": [
"https://android.googlesource.com/platform/frameworks/native/+/9c9c19134593655c36fe70aaa45a91ad4f75e36f"
],
"severity": "High",
"vanir_signatures": [
{
"signature_type": "Function",
"target": {
"function": "SurfaceFlinger::getMaxViewportDims",
"file": "services/surfaceflinger/SurfaceFlinger.cpp"
},
"signature_version": "v1",
"id": "ASB-A-204316511-00524bfa",
"digest": {
"function_hash": "198360065419706188038951677303151724041",
"length": 103.0
},
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/native/+/9c9c19134593655c36fe70aaa45a91ad4f75e36f"
},
{
"signature_type": "Line",
"target": {
"file": "services/surfaceflinger/tests/unittests/TestableSurfaceFlinger.h"
},
"signature_version": "v1",
"id": "ASB-A-204316511-02b83fe4",
"digest": {
"line_hashes": [
"156929728718137448873133453971998890982",
"324896239003313475224695704815249716963",
"157859793816611732865379366320154745581",
"213776545598237756212767554286521257586"
],
"threshold": 0.9
},
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/native/+/9c9c19134593655c36fe70aaa45a91ad4f75e36f"
},
{
"signature_type": "Function",
"target": {
"function": "BufferQueueLayer::setDefaultBufferProperties",
"file": "services/surfaceflinger/BufferQueueLayer.cpp"
},
"signature_version": "v1",
"id": "ASB-A-204316511-06662e27",
"digest": {
"function_hash": "178068123687975233729835503111490358002",
"length": 523.0
},
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/native/+/9c9c19134593655c36fe70aaa45a91ad4f75e36f"
},
{
"signature_type": "Line",
"target": {
"file": "services/surfaceflinger/SurfaceFlinger.cpp"
},
"signature_version": "v1",
"id": "ASB-A-204316511-1a3dedfe",
"digest": {
"line_hashes": [
"50831744151293563148774182705800289957",
"246199372833904166426758290384853950570",
"65259641609290005896131676617688977408",
"279126005880760193766664021394497039369",
"114752519249385513995651475033615615074",
"223068659330178039251646065577549184712",
"116805605386415337921854819471103920582",
"46940868681131104489128586934369862391",
"288853366720205307429930853653298883587",
"233984338985834847923886988015087369311",
"18657092450738869211298242413185952565",
"86695048204250042932197239666050511902",
"40418084175344883626793243264844743296",
"43438680977200929748427574570371657025",
"3780668423173098917055057446348319336",
"295639582164583522627760560888713544779",
"250396443443507962491849439221007485627",
"245702862578622383129984366220320368129",
"230294016904879018548020527969489015517",
"203097268619279677733732202238894647297",
"278766065261577349261352574376242545677",
"29906286069791369883975108308481887364",
"72906806340084835044783543252159141174",
"244090735304815118576609476576699676636",
"257692195445048202689568642402809250204",
"75965817899740505879480859937455098457",
"87490741968727612907253607811001194436",
"246792299017957834943432765355298996049",
"38086289253211337153918046234844497640",
"304760948508225125354257263857742277736",
"321530385934897649262916508893414142493"
],
"threshold": 0.9
},
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/native/+/9c9c19134593655c36fe70aaa45a91ad4f75e36f"
},
{
"signature_type": "Function",
"target": {
"function": "TEST_F",
"file": "services/surfaceflinger/tests/ScreenCapture_test.cpp"
},
"signature_version": "v1",
"id": "ASB-A-204316511-599d680a",
"digest": {
"function_hash": "68970275361145897337197793897902028755",
"length": 448.0
},
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/native/+/9c9c19134593655c36fe70aaa45a91ad4f75e36f"
},
{
"signature_type": "Line",
"target": {
"file": "services/surfaceflinger/BufferQueueLayer.cpp"
},
"signature_version": "v1",
"id": "ASB-A-204316511-61b6eea1",
"digest": {
"line_hashes": [
"326617142731568385770532707510707597822",
"47224220044425117570889795875636002776",
"266900134505728704137495987384257683944",
"12034557646692221699214601096237409888",
"70221427526257988746382306026655633745",
"73995432580248685550342145545719205906",
"11258871478258743572994716079609741247"
],
"threshold": 0.9
},
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/native/+/9c9c19134593655c36fe70aaa45a91ad4f75e36f"
},
{
"signature_type": "Function",
"target": {
"function": "SurfaceFlinger::setClientStateLocked",
"file": "services/surfaceflinger/SurfaceFlinger.cpp"
},
"signature_version": "v1",
"id": "ASB-A-204316511-8077fa5f",
"digest": {
"function_hash": "184616818336390287183711972313303437495",
"length": 10523.0
},
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/native/+/9c9c19134593655c36fe70aaa45a91ad4f75e36f"
},
{
"signature_type": "Line",
"target": {
"file": "services/surfaceflinger/tests/ScreenCapture_test.cpp"
},
"signature_version": "v1",
"id": "ASB-A-204316511-814c2845",
"digest": {
"line_hashes": [
"251512948118852365255095896215843666341",
"18271132180437244950113978482901102267",
"195922620811718844315764548131075066561",
"273208535694031873339281917213734725627",
"317254991244631110115633483299150761479",
"184247728271956556618092849541992375104",
"81972724684050499725850284010752823515"
],
"threshold": 0.9
},
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/native/+/9c9c19134593655c36fe70aaa45a91ad4f75e36f"
},
{
"signature_type": "Function",
"target": {
"function": "SurfaceFlinger::captureScreenCommon",
"file": "services/surfaceflinger/SurfaceFlinger.cpp"
},
"signature_version": "v1",
"id": "ASB-A-204316511-95570f34",
"digest": {
"function_hash": "267808185272358036404270983592380047937",
"length": 1192.0
},
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/native/+/9c9c19134593655c36fe70aaa45a91ad4f75e36f"
},
{
"signature_type": "Function",
"target": {
"function": "SurfaceFlinger::init",
"file": "services/surfaceflinger/SurfaceFlinger.cpp"
},
"signature_version": "v1",
"id": "ASB-A-204316511-a18c57a7",
"digest": {
"function_hash": "210867802122516337948994985812555593841",
"length": 2357.0
},
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/native/+/9c9c19134593655c36fe70aaa45a91ad4f75e36f"
},
{
"signature_type": "Line",
"target": {
"file": "services/surfaceflinger/SurfaceFlinger.h"
},
"signature_version": "v1",
"id": "ASB-A-204316511-bfbc29e4",
"digest": {
"line_hashes": [
"270393534189313986138406752366389592692",
"275259688982229378796214134438810533892",
"32658692480511583052221100177423045760",
"325541602959327163285295616554781221560",
"150656553309228583418935861274375229415",
"79007643362002399721069831287191174013",
"260638839433997621765035161646269865569",
"51154081431170123515244966929876425018",
"293354864219505538563937347222591001955"
],
"threshold": 0.9
},
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/native/+/9c9c19134593655c36fe70aaa45a91ad4f75e36f"
},
{
"signature_type": "Function",
"target": {
"function": "SurfaceFlinger::getMaxTextureSize",
"file": "services/surfaceflinger/SurfaceFlinger.cpp"
},
"signature_version": "v1",
"id": "ASB-A-204316511-d2cdefa9",
"digest": {
"function_hash": "73337789091569781885641322594455116534",
"length": 101.0
},
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/native/+/9c9c19134593655c36fe70aaa45a91ad4f75e36f"
}
]
}