ASB-A-205836329
See a problem?- Import Source
- https://storage.googleapis.com/android-osv/ASB-A-205836329.json
- JSON Data
- https://api.osv.dev/v1/vulns/ASB-A-205836329
- Aliases
-
- A-205836329
- CVE-2021-39794
- Published
- 2022-04-01T00:00:00Z
- Modified
- 2026-05-01T15:24:27.653932Z
- Summary
- [none]
- Details
-
In broadcastPortInfo of AdbService.java, there is a possible way for apps to run code as the shell user, if wireless debugging is enabled, due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
- References
Affected packages
Android / platform/frameworks/base
Package
Ecosystem specific
{
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/398b752a440f7d60198f9267334445aba4f9d4eb"
],
"severity": "High",
"spl": "2022-04-01",
"vanir_signatures": [
{
"deprecated": false,
"signature_version": "v1",
"id": "ASB-A-205836329-3a07ed4c",
"digest": {
"line_hashes": [
"214460865753076858139981363307170759420",
"57712084791171742259055495213241112872",
"281788408117531611386521697779926993933",
"71354227178570218253232203822130507410",
"34143581265084156714169852221507932008",
"206682769734304699586288905710274821956",
"263455920462214863689287947825132999179"
],
"threshold": 0.9
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/398b752a440f7d60198f9267334445aba4f9d4eb",
"signature_type": "Line",
"target": {
"file": "core/java/android/debug/AdbManager.java"
}
},
{
"deprecated": false,
"signature_version": "v1",
"id": "ASB-A-205836329-4404b3ed",
"digest": {
"length": 450.0,
"function_hash": "1809661410811964563646412563238828875"
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/398b752a440f7d60198f9267334445aba4f9d4eb",
"signature_type": "Function",
"target": {
"file": "services/core/java/com/android/server/adb/AdbService.java",
"function": "broadcastPortInfo"
}
},
{
"deprecated": false,
"signature_version": "v1",
"id": "ASB-A-205836329-5a141d88",
"digest": {
"length": 867.0,
"function_hash": "330933175472168456026758694636519539114"
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/398b752a440f7d60198f9267334445aba4f9d4eb",
"signature_type": "Function",
"target": {
"file": "services/core/java/com/android/server/adb/AdbDebuggingManager.java",
"function": "onPairingResult"
}
},
{
"deprecated": false,
"signature_version": "v1",
"id": "ASB-A-205836329-61ba1714",
"digest": {
"length": 401.0,
"function_hash": "69443888503935950301500045610908345926"
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/398b752a440f7d60198f9267334445aba4f9d4eb",
"signature_type": "Function",
"target": {
"file": "services/core/java/com/android/server/adb/AdbDebuggingManager.java",
"function": "updateUIPairCode"
}
},
{
"deprecated": false,
"signature_version": "v1",
"id": "ASB-A-205836329-d5030866",
"digest": {
"length": 391.0,
"function_hash": "216759512312419691307194172630549751020"
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/398b752a440f7d60198f9267334445aba4f9d4eb",
"signature_type": "Function",
"target": {
"file": "services/core/java/com/android/server/adb/AdbDebuggingManager.java",
"function": "sendServerConnectionState"
}
},
{
"deprecated": false,
"signature_version": "v1",
"id": "ASB-A-205836329-d7e2bb8e",
"digest": {
"line_hashes": [
"250992010931258949528441133623276217929",
"238938865862046255046433894841989459817",
"287024772226743952697829319897336893686",
"235754430573118450327720568203859539942",
"285961896369217352623033459806180695196",
"79966270103071456072311347210828268136",
"117319914789414433299735823314905553893",
"214445018262832220616068497676724827780",
"256374124716744703704109059140891801788",
"141310101586384782804719740356505934828",
"71432980429338597679584283512183218559",
"50011728795990130188653291872941003947",
"177852429003666205744188007255958262889",
"86615966631382548580541170759825407446",
"54220915018434099458027709304193193372",
"172352361912215064953713772687882833753",
"52090689273353326284206217491614166848",
"138569408808450206197128135988355074933",
"82695979731248669925140286977722392081",
"230027686912320493609694297595475150734",
"31762888068000186702998477970379553200",
"251551285150777538662565568171108305815",
"192130505632250956040125212124228595405",
"115056291531635762877163774590794326839",
"223069806025697820854791390506337289988",
"207064133989545484935813539786867371922",
"205210580948247478497266171960886321747",
"89274961258228163901377061442167766785",
"328934991541292926540536101031988684141",
"198932135795226965432400219121188818179"
],
"threshold": 0.9
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/398b752a440f7d60198f9267334445aba4f9d4eb",
"signature_type": "Line",
"target": {
"file": "services/core/java/com/android/server/adb/AdbDebuggingManager.java"
}
},
{
"deprecated": false,
"signature_version": "v1",
"id": "ASB-A-205836329-dbd595af",
"digest": {
"length": 326.0,
"function_hash": "225159457873463063356354899792285648828"
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/398b752a440f7d60198f9267334445aba4f9d4eb",
"signature_type": "Function",
"target": {
"file": "services/core/java/com/android/server/adb/AdbDebuggingManager.java",
"function": "sendPairingPortToUI"
}
},
{
"deprecated": false,
"signature_version": "v1",
"id": "ASB-A-205836329-e9cab6f4",
"digest": {
"line_hashes": [
"79966270103071456072311347210828268136",
"178895722724654217078468495541203041176",
"101940901381823098014669629818112466589",
"315453850069888374681992760279197617176"
],
"threshold": 0.9
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/398b752a440f7d60198f9267334445aba4f9d4eb",
"signature_type": "Line",
"target": {
"file": "services/core/java/com/android/server/adb/AdbService.java"
}
},
{
"deprecated": false,
"signature_version": "v1",
"id": "ASB-A-205836329-f8717882",
"digest": {
"length": 236.0,
"function_hash": "31452819176191329589609936869751506078"
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/398b752a440f7d60198f9267334445aba4f9d4eb",
"signature_type": "Function",
"target": {
"file": "services/core/java/com/android/server/adb/AdbDebuggingManager.java",
"function": "sendPairedDevicesToUI"
}
}
],
"types": [
"EoP"
]
}
Android / platform/frameworks/base
Package
Ecosystem specific
{
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/dc7d96c9e50fb2cc38c1c53eb03b975f6de9d0e7"
],
"severity": "High",
"spl": "2022-04-01",
"vanir_signatures": [
{
"deprecated": false,
"signature_version": "v1",
"id": "ASB-A-205836329-13f448b6",
"digest": {
"length": 867.0,
"function_hash": "330933175472168456026758694636519539114"
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/dc7d96c9e50fb2cc38c1c53eb03b975f6de9d0e7",
"signature_type": "Function",
"target": {
"file": "services/core/java/com/android/server/adb/AdbDebuggingManager.java",
"function": "onPairingResult"
}
},
{
"deprecated": false,
"signature_version": "v1",
"id": "ASB-A-205836329-3c7a00ef",
"digest": {
"length": 236.0,
"function_hash": "31452819176191329589609936869751506078"
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/dc7d96c9e50fb2cc38c1c53eb03b975f6de9d0e7",
"signature_type": "Function",
"target": {
"file": "services/core/java/com/android/server/adb/AdbDebuggingManager.java",
"function": "sendPairedDevicesToUI"
}
},
{
"deprecated": false,
"signature_version": "v1",
"id": "ASB-A-205836329-4afc1d35",
"digest": {
"line_hashes": [
"79966270103071456072311347210828268136",
"178895722724654217078468495541203041176",
"101940901381823098014669629818112466589",
"315453850069888374681992760279197617176"
],
"threshold": 0.9
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/dc7d96c9e50fb2cc38c1c53eb03b975f6de9d0e7",
"signature_type": "Line",
"target": {
"file": "services/core/java/com/android/server/adb/AdbService.java"
}
},
{
"deprecated": false,
"signature_version": "v1",
"id": "ASB-A-205836329-7a943e77",
"digest": {
"line_hashes": [
"214460865753076858139981363307170759420",
"57712084791171742259055495213241112872",
"281788408117531611386521697779926993933",
"71354227178570218253232203822130507410",
"34143581265084156714169852221507932008",
"206682769734304699586288905710274821956",
"263455920462214863689287947825132999179"
],
"threshold": 0.9
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/dc7d96c9e50fb2cc38c1c53eb03b975f6de9d0e7",
"signature_type": "Line",
"target": {
"file": "core/java/android/debug/AdbManager.java"
}
},
{
"deprecated": false,
"signature_version": "v1",
"id": "ASB-A-205836329-83d97736",
"digest": {
"length": 450.0,
"function_hash": "1809661410811964563646412563238828875"
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/dc7d96c9e50fb2cc38c1c53eb03b975f6de9d0e7",
"signature_type": "Function",
"target": {
"file": "services/core/java/com/android/server/adb/AdbService.java",
"function": "broadcastPortInfo"
}
},
{
"deprecated": false,
"signature_version": "v1",
"id": "ASB-A-205836329-85794a12",
"digest": {
"length": 326.0,
"function_hash": "225159457873463063356354899792285648828"
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/dc7d96c9e50fb2cc38c1c53eb03b975f6de9d0e7",
"signature_type": "Function",
"target": {
"file": "services/core/java/com/android/server/adb/AdbDebuggingManager.java",
"function": "sendPairingPortToUI"
}
},
{
"deprecated": false,
"signature_version": "v1",
"id": "ASB-A-205836329-98a00589",
"digest": {
"line_hashes": [
"250992010931258949528441133623276217929",
"238938865862046255046433894841989459817",
"287024772226743952697829319897336893686",
"235754430573118450327720568203859539942",
"285961896369217352623033459806180695196",
"79966270103071456072311347210828268136",
"117319914789414433299735823314905553893",
"214445018262832220616068497676724827780",
"256374124716744703704109059140891801788",
"141310101586384782804719740356505934828",
"71432980429338597679584283512183218559",
"50011728795990130188653291872941003947",
"177852429003666205744188007255958262889",
"86615966631382548580541170759825407446",
"54220915018434099458027709304193193372",
"172352361912215064953713772687882833753",
"52090689273353326284206217491614166848",
"138569408808450206197128135988355074933",
"82695979731248669925140286977722392081",
"230027686912320493609694297595475150734",
"31762888068000186702998477970379553200",
"251551285150777538662565568171108305815",
"192130505632250956040125212124228595405",
"115056291531635762877163774590794326839",
"223069806025697820854791390506337289988",
"207064133989545484935813539786867371922",
"205210580948247478497266171960886321747",
"89274961258228163901377061442167766785",
"328934991541292926540536101031988684141",
"198932135795226965432400219121188818179"
],
"threshold": 0.9
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/dc7d96c9e50fb2cc38c1c53eb03b975f6de9d0e7",
"signature_type": "Line",
"target": {
"file": "services/core/java/com/android/server/adb/AdbDebuggingManager.java"
}
},
{
"deprecated": false,
"signature_version": "v1",
"id": "ASB-A-205836329-9b914832",
"digest": {
"length": 391.0,
"function_hash": "216759512312419691307194172630549751020"
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/dc7d96c9e50fb2cc38c1c53eb03b975f6de9d0e7",
"signature_type": "Function",
"target": {
"file": "services/core/java/com/android/server/adb/AdbDebuggingManager.java",
"function": "sendServerConnectionState"
}
},
{
"deprecated": false,
"signature_version": "v1",
"id": "ASB-A-205836329-bc1ca153",
"digest": {
"length": 401.0,
"function_hash": "69443888503935950301500045610908345926"
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/dc7d96c9e50fb2cc38c1c53eb03b975f6de9d0e7",
"signature_type": "Function",
"target": {
"file": "services/core/java/com/android/server/adb/AdbDebuggingManager.java",
"function": "updateUIPairCode"
}
}
],
"types": [
"EoP"
]
}
Android / platform/frameworks/base
Package
Ecosystem specific
{
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/dc7d96c9e50fb2cc38c1c53eb03b975f6de9d0e7"
],
"severity": "High",
"spl": "2022-04-01",
"vanir_signatures": [
{
"deprecated": false,
"signature_version": "v1",
"id": "ASB-A-205836329-1e70350e",
"digest": {
"line_hashes": [
"250992010931258949528441133623276217929",
"238938865862046255046433894841989459817",
"287024772226743952697829319897336893686",
"235754430573118450327720568203859539942",
"285961896369217352623033459806180695196",
"79966270103071456072311347210828268136",
"117319914789414433299735823314905553893",
"214445018262832220616068497676724827780",
"256374124716744703704109059140891801788",
"141310101586384782804719740356505934828",
"71432980429338597679584283512183218559",
"50011728795990130188653291872941003947",
"177852429003666205744188007255958262889",
"86615966631382548580541170759825407446",
"54220915018434099458027709304193193372",
"172352361912215064953713772687882833753",
"52090689273353326284206217491614166848",
"138569408808450206197128135988355074933",
"82695979731248669925140286977722392081",
"230027686912320493609694297595475150734",
"31762888068000186702998477970379553200",
"251551285150777538662565568171108305815",
"192130505632250956040125212124228595405",
"115056291531635762877163774590794326839",
"223069806025697820854791390506337289988",
"207064133989545484935813539786867371922",
"205210580948247478497266171960886321747",
"89274961258228163901377061442167766785",
"328934991541292926540536101031988684141",
"198932135795226965432400219121188818179"
],
"threshold": 0.9
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/dc7d96c9e50fb2cc38c1c53eb03b975f6de9d0e7",
"signature_type": "Line",
"target": {
"file": "services/core/java/com/android/server/adb/AdbDebuggingManager.java"
}
},
{
"deprecated": false,
"signature_version": "v1",
"id": "ASB-A-205836329-21554da8",
"digest": {
"length": 236.0,
"function_hash": "31452819176191329589609936869751506078"
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/dc7d96c9e50fb2cc38c1c53eb03b975f6de9d0e7",
"signature_type": "Function",
"target": {
"file": "services/core/java/com/android/server/adb/AdbDebuggingManager.java",
"function": "sendPairedDevicesToUI"
}
},
{
"deprecated": false,
"signature_version": "v1",
"id": "ASB-A-205836329-26e71d57",
"digest": {
"length": 867.0,
"function_hash": "330933175472168456026758694636519539114"
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/dc7d96c9e50fb2cc38c1c53eb03b975f6de9d0e7",
"signature_type": "Function",
"target": {
"file": "services/core/java/com/android/server/adb/AdbDebuggingManager.java",
"function": "onPairingResult"
}
},
{
"deprecated": false,
"signature_version": "v1",
"id": "ASB-A-205836329-2704e454",
"digest": {
"length": 391.0,
"function_hash": "216759512312419691307194172630549751020"
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/dc7d96c9e50fb2cc38c1c53eb03b975f6de9d0e7",
"signature_type": "Function",
"target": {
"file": "services/core/java/com/android/server/adb/AdbDebuggingManager.java",
"function": "sendServerConnectionState"
}
},
{
"deprecated": false,
"signature_version": "v1",
"id": "ASB-A-205836329-3802f5d4",
"digest": {
"line_hashes": [
"214460865753076858139981363307170759420",
"57712084791171742259055495213241112872",
"281788408117531611386521697779926993933",
"71354227178570218253232203822130507410",
"34143581265084156714169852221507932008",
"206682769734304699586288905710274821956",
"263455920462214863689287947825132999179"
],
"threshold": 0.9
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/dc7d96c9e50fb2cc38c1c53eb03b975f6de9d0e7",
"signature_type": "Line",
"target": {
"file": "core/java/android/debug/AdbManager.java"
}
},
{
"deprecated": false,
"signature_version": "v1",
"id": "ASB-A-205836329-493654cc",
"digest": {
"length": 326.0,
"function_hash": "225159457873463063356354899792285648828"
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/dc7d96c9e50fb2cc38c1c53eb03b975f6de9d0e7",
"signature_type": "Function",
"target": {
"file": "services/core/java/com/android/server/adb/AdbDebuggingManager.java",
"function": "sendPairingPortToUI"
}
},
{
"deprecated": false,
"signature_version": "v1",
"id": "ASB-A-205836329-66f22333",
"digest": {
"length": 401.0,
"function_hash": "69443888503935950301500045610908345926"
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/dc7d96c9e50fb2cc38c1c53eb03b975f6de9d0e7",
"signature_type": "Function",
"target": {
"file": "services/core/java/com/android/server/adb/AdbDebuggingManager.java",
"function": "updateUIPairCode"
}
},
{
"deprecated": false,
"signature_version": "v1",
"id": "ASB-A-205836329-8c1828f3",
"digest": {
"line_hashes": [
"79966270103071456072311347210828268136",
"178895722724654217078468495541203041176",
"101940901381823098014669629818112466589",
"315453850069888374681992760279197617176"
],
"threshold": 0.9
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/dc7d96c9e50fb2cc38c1c53eb03b975f6de9d0e7",
"signature_type": "Line",
"target": {
"file": "services/core/java/com/android/server/adb/AdbService.java"
}
},
{
"deprecated": false,
"signature_version": "v1",
"id": "ASB-A-205836329-ccb3a964",
"digest": {
"length": 450.0,
"function_hash": "1809661410811964563646412563238828875"
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/dc7d96c9e50fb2cc38c1c53eb03b975f6de9d0e7",
"signature_type": "Function",
"target": {
"file": "services/core/java/com/android/server/adb/AdbService.java",
"function": "broadcastPortInfo"
}
}
],
"types": [
"EoP"
]
}