ASB-A-206090748

See a problem?

Import Source

https://storage.googleapis.com/android-osv/ASB-A-206090748.json

JSON Data

https://api.osv.dev/v1/vulns/ASB-A-206090748

Aliases

A-206090748
CVE-2021-39689

Published

2022-03-01T00:00:00Z

Modified

2026-04-03T15:37:31.002635Z

Summary

[none]

Details

In multiple functions of odsign_main.cpp, there is a possible way to persist system attack due to a logic error in the code. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

References

Affected packages

Android / platform/system/security

Package

Name: platform/system/security

Affected ranges

Type: ECOSYSTEM
Events: Introduced

12:0

Fixed

12:2022-03-01

Affected versions

Other

Ecosystem specific

{
    "fixes": [
        "https://android.googlesource.com/platform/system/security/+/9a374680df1912fb983bf174d88ddeb71932cec1"
    ],
    "spl": "2022-03-01",
    "severity": "Moderate",
    "types": [
        "EoP"
    ],
    "vanir_signatures": [
        {
            "deprecated": false,
            "signature_type": "Function",
            "signature_version": "v1",
            "digest": {
                "function_hash": "115174242607445837283827550791433440053",
                "length": 3127.0
            },
            "source": "https://android.googlesource.com/platform/system/security/+/9a374680df1912fb983bf174d88ddeb71932cec1",
            "id": "ASB-A-206090748-1e752266",
            "target": {
                "file": "ondevice-signing/odsign_main.cpp",
                "function": "main"
            }
        },
        {
            "deprecated": false,
            "signature_type": "Line",
            "signature_version": "v1",
            "digest": {
                "line_hashes": [
                    "155002132074404346642667567063298957642",
                    "297260879976898572002085567125824570400",
                    "188117423437172400110849304914488873278",
                    "157142425212623079288036371350014858728",
                    "204697804969151301657652142831750749263",
                    "246063165005463238593878401576263943808",
                    "46466359620560727117279535738104699931",
                    "141059372346926048512427331198909030998",
                    "2730617571386842996949351571057359371",
                    "231174964654211160397274464679379716942",
                    "79564985896302873437179230076078962713",
                    "66258345296755914229722793912710658752",
                    "119779208966118517802654399430476717338",
                    "77624105651785219220920525729304708538",
                    "251820337726636477205310617262680283716",
                    "4251731988487157458031956612984751316",
                    "272146446085519213110283545910970836919",
                    "326391328849996974035268250804048831285",
                    "302112193165383670968896532470765648117",
                    "193934157389329987789925357200475432871",
                    "27788796301632880293569162245196199580",
                    "93910542072745963730906210286960621174",
                    "143651183351945654395008936788862968309",
                    "153565588807519245516641321357548138267",
                    "181518540221266179414657618596067690955",
                    "79190526905929199974984233414112142614",
                    "226990917230412597926031777425518894451",
                    "192038301750522978732304252332380591310",
                    "73712142896677038537369976998197256465",
                    "55819269734436224158671719536097316376",
                    "178908855247042236448030067729071985011",
                    "291864525956619739958175182635457124986",
                    "159187200350724936694553768699727121852",
                    "2840041652715579188324822575814674158",
                    "25265074336690209759976022906363770937",
                    "135838650960097277714843292576097054593",
                    "28467515644553834983081233901945956675",
                    "213516555238620568387563257684182639544",
                    "182105187982994865056634254009835838869",
                    "238646132370444170511494890340449228166",
                    "309208033224288258558599515700297799420",
                    "122663547908006295962942936874099607553",
                    "104194636075107744279129509670243687737"
                ],
                "threshold": 0.9
            },
            "source": "https://android.googlesource.com/platform/system/security/+/9a374680df1912fb983bf174d88ddeb71932cec1",
            "id": "ASB-A-206090748-c9c7a03e",
            "target": {
                "file": "ondevice-signing/odsign_main.cpp"
            }
        },
        {
            "deprecated": false,
            "signature_type": "Function",
            "signature_version": "v1",
            "digest": {
                "function_hash": "284493981387205415012846669277598690417",
                "length": 539.0
            },
            "source": "https://android.googlesource.com/platform/system/security/+/9a374680df1912fb983bf174d88ddeb71932cec1",
            "id": "ASB-A-206090748-edf45161",
            "target": {
                "file": "ondevice-signing/odsign_main.cpp",
                "function": "verifyArtifacts"
            }
        }
    ]
}

Database specific

source

"https://storage.googleapis.com/android-osv/ASB-A-206090748.json"