PUB-A-174151048
See a problem?- Import Source
- https://storage.googleapis.com/android-osv/PUB-A-174151048.json
- JSON Data
- https://api.osv.dev/v1/vulns/PUB-A-174151048
- Aliases
-
- A-174151048
- CVE-2021-0547
- Published
- 2021-06-01T00:00:00Z
- Modified
- 2024-11-06T12:16:03.231308Z
- Summary
- [none]
- Details
-
In onReceive of NetInitiatedActivity.java, there is a possible way to supply an attacker-controlled value to a GPS HAL handler due to a missing permission check. This could lead to local escalation of privilege that may result in undefined behavior in some HAL implementations with no additional execution privileges needed. User interaction is not needed for exploitation.
- References
Affected packages
Android / platform/frameworks/base
Package
Ecosystem specific
{
"vanir_signatures": [
{
"digest": {
"length": 132.0,
"function_hash": "181015247207349073492919755195439063083"
},
"id": "PUB-A-174151048-815fe527",
"source": "https://android.googlesource.com/platform/frameworks/base/+/196bafdc64d3a4062ead108d6c871773c5ec722c",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "core/java/com/android/internal/app/NetInitiatedActivity.java",
"function": "onPause"
},
"signature_type": "Function"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"13876821682807296022022141686168890896",
"254849237515608384081978157688552346659",
"330892487683189453760824403763405745865",
"251123924701509586012645436839865765248",
"178310345636140341500129424250228662924",
"156323271583825307250329461630333393277",
"155837920888354086749394832334448533488",
"173650533203127228337770140607912970248",
"189165940984714946398544289543443698082",
"228279881145251911974278947526161287448",
"144799798782887098036425055407684123658",
"115364068360388672005187811698897226627",
"14125305300470762064099569655440454496",
"287893816443340920435933380556024605723",
"155266553607704676522874456518743255006",
"207304704112655892759786522707889869723",
"82996618695626219681244174588002438317",
"6320745096429633441468055389874522047",
"27926105938437566161814005511139582081",
"175318397938240998026325017050144142493",
"329452338444527938481912199683629836990",
"97577690958496102552838553560239914696",
"57052320281998823876922721152045428948",
"270202175459132586129665935806085021396",
"134675474675392017875227079809082205428",
"283042053859347166723949399438358693200",
"133460169278720007696338765442361946749",
"74351684303085991950581651200029531998",
"156255737985463607972106915897623850246",
"271225020204392878996119918173352789731",
"285978797241559983838266502416955839565",
"306470847922091802321163809064846838070",
"103018355788915994996276321090567344906",
"252242365912066236327430969829474100021",
"167896397448195141483409650265302781305",
"165206658272016390067732786090098168393",
"292340212667191554018763242389794463663",
"91619911534427935990607808696151628773",
"247740610048195016470030352904493204936",
"21420347825321445445046476757956454507",
"272533452238140444381439005325877147572",
"74386998812504917821398942789419577874",
"135078650968986433614585673268859750642",
"65741500639557066891347207806544759488",
"137813077672551348662416383927125274712",
"120971678087256916441054905973443889874",
"252383721768102911042529988093444830013",
"178876287941171351199084414376724454092",
"311492458210290849101848001411387597616",
"181419792018673630095289544930011742411",
"29653558044161666416489739948131971112"
]
},
"id": "PUB-A-174151048-974f9870",
"source": "https://android.googlesource.com/platform/frameworks/base/+/196bafdc64d3a4062ead108d6c871773c5ec722c",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "core/java/com/android/internal/app/NetInitiatedActivity.java"
},
"signature_type": "Line"
},
{
"digest": {
"length": 244.0,
"function_hash": "219822455307935611807095159010698074928"
},
"id": "PUB-A-174151048-a42e5af4",
"source": "https://android.googlesource.com/platform/frameworks/base/+/196bafdc64d3a4062ead108d6c871773c5ec722c",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "core/java/com/android/internal/app/NetInitiatedActivity.java",
"function": "onReceive"
},
"signature_type": "Function"
},
{
"digest": {
"length": 194.0,
"function_hash": "148038091968694888421994658380218236872"
},
"id": "PUB-A-174151048-bd25d035",
"source": "https://android.googlesource.com/platform/frameworks/base/+/196bafdc64d3a4062ead108d6c871773c5ec722c",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "core/java/com/android/internal/app/NetInitiatedActivity.java",
"function": "onResume"
},
"signature_type": "Function"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"22432842664673820857673107840424045680",
"28691107708789251752691642555982123793",
"298518206971328924135335578757752249460",
"215261740472868095634356824605595567855"
]
},
"id": "PUB-A-174151048-d834db52",
"source": "https://android.googlesource.com/platform/frameworks/base/+/196bafdc64d3a4062ead108d6c871773c5ec722c",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "location/java/com/android/internal/location/GpsNetInitiatedHandler.java"
},
"signature_type": "Line"
},
{
"digest": {
"length": 235.0,
"function_hash": "248780885810753551088406338774271497211"
},
"id": "PUB-A-174151048-e5d3256d",
"source": "https://android.googlesource.com/platform/frameworks/base/+/196bafdc64d3a4062ead108d6c871773c5ec722c",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "core/java/com/android/internal/app/NetInitiatedActivity.java",
"function": "handleNIVerify"
},
"signature_type": "Function"
},
{
"digest": {
"length": 100.0,
"function_hash": "14136277101674602889079378449659081084"
},
"id": "PUB-A-174151048-fba96530",
"source": "https://android.googlesource.com/platform/frameworks/base/+/196bafdc64d3a4062ead108d6c871773c5ec722c",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "core/java/com/android/internal/app/NetInitiatedActivity.java",
"function": "showNIError"
},
"signature_type": "Function"
}
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/196bafdc64d3a4062ead108d6c871773c5ec722c"
],
"spl": "2021-06-01",
"severity": "Moderate",
"types": [
"EoP"
]
}