PUB-A-137395936
See a problem?- Import Source
- https://storage.googleapis.com/android-osv/PUB-A-137395936.json
- JSON Data
- https://api.osv.dev/v1/vulns/PUB-A-137395936
- Aliases
-
- A-137395936
- CVE-2021-0571
- Published
- 2021-06-01T00:00:00Z
- Modified
- 2024-11-06T12:16:03.231308Z
- Summary
- [none]
- Details
-
In ActivityTaskManagerService.startActivity() and AppTaskImpl.startActivity() of ActivityTaskManagerService.java and AppTaskImpl.java, there is possible access to restricted activities due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
- References
-
- https://source.android.com/security/bulletin/2021-06-01
- https://android.googlesource.com/platform/frameworks/base/+/f9e5c9fe4671813043385406dd9a49b3b9d0d89f
- https://android.googlesource.com/platform/frameworks/base/+/9e0a751edb761e1acd51893ecb154844073a35d7
- https://android.googlesource.com/platform/frameworks/base/+/520f1e7497b2edff3d54b069b793645d0462cf97
Affected packages
Android / platform/frameworks/base
Package
Ecosystem specific
{
"vanir_signatures": [
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"168002150002739841216163681226141405722",
"134001871090367896592995679405183435682",
"283649834669009943075993500140214384108",
"114919511681757600587125165555614849546",
"114653030879734487423729425510938145647",
"193153950767726930877298025010031967607",
"43013796217171146202320765303604346924",
"227627402932546077660412105895810201130",
"19431135875074681177035253269890888506",
"6223724284595797624969744586704819017",
"81028804551533510035655537728189580959",
"234036589339156461863573251643003819735",
"199178412494287388114426234181914176940",
"333812655541118583017039370273097657608",
"106048491485463350391552146488809079736",
"242542062537183986004743160777371014375",
"116861600944624206595352138524419053966",
"141259437422195616904197683218102837080",
"98838307943114504317127408193165359363",
"83034465256773543968021506380621518421",
"280028471372599161953508649678037209884",
"327396601696858655116338564557430422173",
"310899816281044323511827356622578188577",
"259584075024216973422030476753896896521",
"318633575271986805802308261958741120541",
"234430300070175370749896984302580761460",
"72017669765762045471399789468758354720",
"86624115491635204152577296465612142626",
"57526185528647667918831032746423539842",
"86142445396029018354743964988565470723",
"325773980409615731479113867071136096152",
"71277586342689198215765081214134941527",
"291345517644819558018070844493227363136",
"165031188565881914036238085846543761245",
"19977692656016183763499693955357607264",
"19817497052788510289881827690582395757",
"208711171370057405958858115622817774350",
"28940699634314466566677933179244131908",
"139283188740284109617514462172760883065",
"335705893273117451854106873336083371274",
"172163085932447417918153423968448758652",
"139462787242239230283410537744935645196",
"10274379875322417555391465675032443200",
"243996385574188928806559481022308848613",
"101822015306538523202976457563094609113",
"203636046537379567860966860993609848614",
"17330832262448084772890648158432335687",
"156243692270266840056286420696080258484",
"319597564788803758434277946181257877426",
"237928208965721304393823713237712991326",
"67178514010594455736009144185633139761",
"72573199499557185085811452661577632279",
"258803872203363228126800201592579905026",
"316299419311655281772991813172702462563",
"324227669740738292927336668891907747053",
"111208634022797067511504793178577429426",
"209093672196453915466636530611796975990"
]
},
"id": "PUB-A-137395936-05adeb70",
"source": "https://android.googlesource.com/platform/frameworks/base/+/f9e5c9fe4671813043385406dd9a49b3b9d0d89f",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/wm/ActivityTaskManagerService.java"
},
"signature_type": "Line"
},
{
"digest": {
"length": 236.0,
"function_hash": "141233750278356415247477638360520126934"
},
"id": "PUB-A-137395936-18a75224",
"source": "https://android.googlesource.com/platform/frameworks/base/+/f9e5c9fe4671813043385406dd9a49b3b9d0d89f",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/wm/ActivityTaskManagerService.java",
"function": "getAppTasks"
},
"signature_type": "Function"
},
{
"digest": {
"length": 616.0,
"function_hash": "165007624212950936217783718510644541515"
},
"id": "PUB-A-137395936-26dc1f97",
"source": "https://android.googlesource.com/platform/frameworks/base/+/f9e5c9fe4671813043385406dd9a49b3b9d0d89f",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/wm/ActivityTaskManagerService.java",
"function": "startActivityWithConfig"
},
"signature_type": "Function"
},
{
"digest": {
"length": 718.0,
"function_hash": "254454828739398420494681918754895712925"
},
"id": "PUB-A-137395936-3222e099",
"source": "https://android.googlesource.com/platform/frameworks/base/+/f9e5c9fe4671813043385406dd9a49b3b9d0d89f",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/wm/AppTaskImpl.java",
"function": "startActivity"
},
"signature_type": "Function"
},
{
"digest": {
"length": 804.0,
"function_hash": "80683627543310294240949723430925264010"
},
"id": "PUB-A-137395936-33706f35",
"source": "https://android.googlesource.com/platform/frameworks/base/+/9e0a751edb761e1acd51893ecb154844073a35d7",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/UiModeManagerService.java",
"function": "sendConfigurationAndStartDreamOrDockAppLocked"
},
"signature_type": "Function"
},
{
"digest": {
"length": 641.0,
"function_hash": "249945443157976983372054761248010022287"
},
"id": "PUB-A-137395936-3d83cf43",
"source": "https://android.googlesource.com/platform/frameworks/base/+/f9e5c9fe4671813043385406dd9a49b3b9d0d89f",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/wm/ActivityTaskManagerService.java",
"function": "startActivityAsUser"
},
"signature_type": "Function"
},
{
"digest": {
"length": 352.0,
"function_hash": "104230171459412815452588875810047418045"
},
"id": "PUB-A-137395936-46745310",
"source": "https://android.googlesource.com/platform/frameworks/base/+/f9e5c9fe4671813043385406dd9a49b3b9d0d89f",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/wm/ActivityTaskManagerService.java",
"function": "startActivitiesInPackage"
},
"signature_type": "Function"
},
{
"digest": {
"length": 481.0,
"function_hash": "20502195857860504595551690392692331820"
},
"id": "PUB-A-137395936-775d08e9",
"source": "https://android.googlesource.com/platform/frameworks/base/+/f9e5c9fe4671813043385406dd9a49b3b9d0d89f",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/wm/ActivityTaskManagerService.java",
"function": "startAssistantActivity"
},
"signature_type": "Function"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"329362196407775060224646270381045210596",
"114373874547952663955307802600237323298",
"178986866803594840573537345460715833823",
"143284661680706795474613429432547941490",
"250527303051710343006063998433446126061",
"27433135051089293122746371569790755495",
"325378707303461159989147193797744898228",
"54842175945111109135017946979309559893",
"318681472263896023882156917364221137030",
"19977692656016183763499693955357607264",
"195457493475686173427436862703363886531",
"1022028090547309964183528961917947844",
"38945781856767510718860027758718514511",
"131021580069016129519827063581373766153",
"69859918373355420808766785637849396468",
"232632413166406318650229108009220327108",
"247746510270556502795020643616815958216"
]
},
"id": "PUB-A-137395936-78ca0c23",
"source": "https://android.googlesource.com/platform/frameworks/base/+/f9e5c9fe4671813043385406dd9a49b3b9d0d89f",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/wm/AppTaskImpl.java"
},
"signature_type": "Line"
},
{
"digest": {
"length": 421.0,
"function_hash": "319391820664263321493639708659641833507"
},
"id": "PUB-A-137395936-861ac77a",
"source": "https://android.googlesource.com/platform/frameworks/base/+/f9e5c9fe4671813043385406dd9a49b3b9d0d89f",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/wm/ActivityTaskManagerService.java",
"function": "startActivities"
},
"signature_type": "Function"
},
{
"digest": {
"length": 666.0,
"function_hash": "92357934167385911137102987977524032055"
},
"id": "PUB-A-137395936-8faf12d1",
"source": "https://android.googlesource.com/platform/frameworks/base/+/f9e5c9fe4671813043385406dd9a49b3b9d0d89f",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/wm/ActivityTaskManagerService.java",
"function": "startActivityAndWait"
},
"signature_type": "Function"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"120133855072458302708880813791042757129",
"313377708358512695002429498442777546195",
"198653262975074420650704456818989273425",
"97105502174761260707753732152002318771",
"135779943471888418407536876270755124417"
]
},
"id": "PUB-A-137395936-bc0ae433",
"source": "https://android.googlesource.com/platform/frameworks/base/+/9e0a751edb761e1acd51893ecb154844073a35d7",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/UiModeManagerService.java"
},
"signature_type": "Line"
},
{
"digest": {
"length": 705.0,
"function_hash": "81279417598857111710546957814737053060"
},
"id": "PUB-A-137395936-becc705e",
"source": "https://android.googlesource.com/platform/frameworks/base/+/f9e5c9fe4671813043385406dd9a49b3b9d0d89f",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/wm/ActivityTaskManagerService.java",
"function": "startVoiceActivity"
},
"signature_type": "Function"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"66749074526194242030944232447760428162",
"17459012581173878130978390013546608566",
"83976425293805186350994445804737817211",
"272950675460115238438366488829158775001",
"302648306616857165946800382045739521614",
"248081305242231474049293081813798928776",
"30446384021628305209843556498497096154",
"255776652827034237454716963463250172764"
]
},
"id": "PUB-A-137395936-c3fa2d62",
"source": "https://android.googlesource.com/platform/frameworks/base/+/9e0a751edb761e1acd51893ecb154844073a35d7",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/policy/PhoneWindowManager.java"
},
"signature_type": "Line"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"265417339396258012684593381357532180899",
"15210335708124496907401137095957383270",
"27605101375669741956055703004038240797",
"256924176236647211266048454880562547422"
]
},
"id": "PUB-A-137395936-d09c9a8a",
"source": "https://android.googlesource.com/platform/frameworks/base/+/f9e5c9fe4671813043385406dd9a49b3b9d0d89f",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/wm/ActivityStackSupervisor.java"
},
"signature_type": "Line"
},
{
"digest": {
"length": 1165.0,
"function_hash": "315949899020848254423689844796501465554"
},
"id": "PUB-A-137395936-e21db41f",
"source": "https://android.googlesource.com/platform/frameworks/base/+/9e0a751edb761e1acd51893ecb154844073a35d7",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/policy/PhoneWindowManager.java",
"function": "goHome"
},
"signature_type": "Function"
},
{
"digest": {
"length": 1088.0,
"function_hash": "337749010423866867468838380460361667694"
},
"id": "PUB-A-137395936-e75013ba",
"source": "https://android.googlesource.com/platform/frameworks/base/+/f9e5c9fe4671813043385406dd9a49b3b9d0d89f",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/wm/ActivityStackSupervisor.java",
"function": "getActionRestrictionForCallingPackage"
},
"signature_type": "Function"
},
{
"digest": {
"length": 1506.0,
"function_hash": "264031356635378254347255764229287469093"
},
"id": "PUB-A-137395936-f1798eac",
"source": "https://android.googlesource.com/platform/frameworks/base/+/f9e5c9fe4671813043385406dd9a49b3b9d0d89f",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/wm/ActivityTaskManagerService.java",
"function": "moveTaskToFrontLocked"
},
"signature_type": "Function"
},
{
"digest": {
"length": 462.0,
"function_hash": "84510986583101754706421048430227129944"
},
"id": "PUB-A-137395936-f6ea12dd",
"source": "https://android.googlesource.com/platform/frameworks/base/+/f9e5c9fe4671813043385406dd9a49b3b9d0d89f",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/wm/ActivityTaskManagerService.java",
"function": "startActivityInPackage"
},
"signature_type": "Function"
},
{
"digest": {
"length": 953.0,
"function_hash": "203228634119653363759680835009376471065"
},
"id": "PUB-A-137395936-f77a1b86",
"source": "https://android.googlesource.com/platform/frameworks/base/+/f9e5c9fe4671813043385406dd9a49b3b9d0d89f",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/wm/AppTaskImpl.java",
"function": "moveToFront"
},
"signature_type": "Function"
}
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/f9e5c9fe4671813043385406dd9a49b3b9d0d89f",
"https://android.googlesource.com/platform/frameworks/base/+/9e0a751edb761e1acd51893ecb154844073a35d7",
"https://android.googlesource.com/platform/frameworks/base/+/520f1e7497b2edff3d54b069b793645d0462cf97"
],
"spl": "2021-06-01",
"severity": "High",
"types": [
"EoP"
]
}