PUB-A-174801970

See a problem?
Import Source
https://storage.googleapis.com/android-osv/PUB-A-174801970.json
JSON Data
https://api.osv.dev/v1/vulns/PUB-A-174801970
Aliases
  • A-174801970
  • CVE-2021-0565
Published
2021-06-01T00:00:00Z
Modified
2025-11-18T16:17:57.446691Z
Summary
[none]
Details

In wrapUserThread of AudioStream.cpp, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

References

Affected packages

Android / platform/frameworks/av

Package

Name
platform/frameworks/av

Affected ranges

Type
ECOSYSTEM
Events
Introduced
11:0
Fixed
11:2021-06-01

Affected versions

Other

11

Ecosystem specific 

{
    "types": [
        "EoP"
    ],
    "severity": "High",
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/av/+/4719048ce0e6f8656a417a2f2fe6fbb848ed2ba7"
    ],
    "vanir_signatures": [
        {
            "id": "PUB-A-174801970-0b270cdc",
            "deprecated": false,
            "signature_version": "v1",
            "source": "https://android.googlesource.com/platform/frameworks/av/+/4719048ce0e6f8656a417a2f2fe6fbb848ed2ba7",
            "target": {
                "function": "AAudioStream_close",
                "file": "media/libaaudio/src/core/AAudioAudio.cpp"
            },
            "digest": {
                "length": 530.0,
                "function_hash": "139614980165858783589694880404695982359"
            },
            "signature_type": "Function"
        },
        {
            "id": "PUB-A-174801970-16b27f58",
            "deprecated": false,
            "signature_version": "v1",
            "source": "https://android.googlesource.com/platform/frameworks/av/+/4719048ce0e6f8656a417a2f2fe6fbb848ed2ba7",
            "target": {
                "function": "AudioStreamTrack::release_l",
                "file": "media/libaaudio/src/legacy/AudioStreamTrack.cpp"
            },
            "digest": {
                "length": 274.0,
                "function_hash": "284710114138898893703193932237953656032"
            },
            "signature_type": "Function"
        },
        {
            "id": "PUB-A-174801970-229af3c0",
            "deprecated": false,
            "signature_version": "v1",
            "source": "https://android.googlesource.com/platform/frameworks/av/+/4719048ce0e6f8656a417a2f2fe6fbb848ed2ba7",
            "target": {
                "function": "AAudioServiceEndpointShared::close",
                "file": "services/oboeservice/AAudioServiceEndpointShared.cpp"
            },
            "digest": {
                "length": 97.0,
                "function_hash": "236676239577778867338676764187553506754"
            },
            "signature_type": "Function"
        },
        {
            "id": "PUB-A-174801970-22aed5e0",
            "deprecated": false,
            "signature_version": "v1",
            "source": "https://android.googlesource.com/platform/frameworks/av/+/4719048ce0e6f8656a417a2f2fe6fbb848ed2ba7",
            "target": {
                "file": "services/oboeservice/AAudioServiceEndpointMMAP.cpp"
            },
            "digest": {
                "line_hashes": [
                    "281787820670727253720044660064265189921",
                    "143342773137027008245027694151827098079",
                    "306749727331442365831964329276630158966",
                    "63967917979503308382703250868214568103",
                    "69189987775076602422138647753946287361",
                    "316726849070947604139594672265102344743",
                    "66667391240581903173750653823879902866",
                    "140710104865231336921300119374505029733"
                ],
                "threshold": 0.9
            },
            "signature_type": "Line"
        },
        {
            "id": "PUB-A-174801970-2ac4d027",
            "deprecated": false,
            "signature_version": "v1",
            "source": "https://android.googlesource.com/platform/frameworks/av/+/4719048ce0e6f8656a417a2f2fe6fbb848ed2ba7",
            "target": {
                "file": "services/oboeservice/AAudioServiceEndpointShared.h"
            },
            "digest": {
                "line_hashes": [
                    "159915425677998633708360886071041163672",
                    "3986892579954722299164417327083767893",
                    "140940207752040076021843747509291126579",
                    "223665701398880327102818484047193900201"
                ],
                "threshold": 0.9
            },
            "signature_type": "Line"
        },
        {
            "id": "PUB-A-174801970-2c388b4d",
            "deprecated": false,
            "signature_version": "v1",
            "source": "https://android.googlesource.com/platform/frameworks/av/+/4719048ce0e6f8656a417a2f2fe6fbb848ed2ba7",
            "target": {
                "file": "media/libaaudio/src/legacy/AudioStreamRecord.h"
            },
            "digest": {
                "line_hashes": [
                    "296375467353242548125434776754048674851",
                    "65664169522638055013092614561735091607",
                    "278969325492621899834140624076187153221",
                    "249814952915921652371916458074287307756"
                ],
                "threshold": 0.9
            },
            "signature_type": "Line"
        },
        {
            "id": "PUB-A-174801970-2e8dd173",
            "deprecated": false,
            "signature_version": "v1",
            "source": "https://android.googlesource.com/platform/frameworks/av/+/4719048ce0e6f8656a417a2f2fe6fbb848ed2ba7",
            "target": {
                "function": "AudioStreamRecord::release_l",
                "file": "media/libaaudio/src/legacy/AudioStreamRecord.cpp"
            },
            "digest": {
                "length": 303.0,
                "function_hash": "252823391997121911133119843026986017728"
            },
            "signature_type": "Function"
        },
        {
            "id": "PUB-A-174801970-5e6bc746",
            "deprecated": false,
            "signature_version": "v1",
            "source": "https://android.googlesource.com/platform/frameworks/av/+/4719048ce0e6f8656a417a2f2fe6fbb848ed2ba7",
            "target": {
                "file": "media/libaaudio/src/core/AudioStream.cpp"
            },
            "digest": {
                "line_hashes": [
                    "196070555072885078025531739161228396812",
                    "105707448411985617085711894604898499451",
                    "219141087739992271262590372347779334917",
                    "337709641474310233833539692650250185840",
                    "204234232290178846221480071004427728321",
                    "83782044899816998109582882361696505381",
                    "29255303956425710426585226383074505739",
                    "306296291795229687390061121415270953153",
                    "3197286984077211218145784524474453525",
                    "8760325906087468587280988914679868245",
                    "28737448992954534201080666481094129598",
                    "229335509626786206742228878985831136557",
                    "117258452015463598987582681161627441770"
                ],
                "threshold": 0.9
            },
            "signature_type": "Line"
        },
        {
            "id": "PUB-A-174801970-6e1cee46",
            "deprecated": false,
            "signature_version": "v1",
            "source": "https://android.googlesource.com/platform/frameworks/av/+/4719048ce0e6f8656a417a2f2fe6fbb848ed2ba7",
            "target": {
                "file": "media/libaaudio/src/legacy/AudioStreamTrack.cpp"
            },
            "digest": {
                "line_hashes": [
                    "223268134181866597092427108202332905157",
                    "267773747500716155630585167499126441054",
                    "28889593610433508107303067648665805068",
                    "291211713123993845623855624406796100884",
                    "6009978050318666052114943795347715447",
                    "149179142162701876042379706921019170547",
                    "275345954108699826334096284439344895237",
                    "224397904416062749026560074139523022923",
                    "60640473735251624429728632760004895324"
                ],
                "threshold": 0.9
            },
            "signature_type": "Line"
        },
        {
            "id": "PUB-A-174801970-72fa1887",
            "deprecated": false,
            "signature_version": "v1",
            "source": "https://android.googlesource.com/platform/frameworks/av/+/4719048ce0e6f8656a417a2f2fe6fbb848ed2ba7",
            "target": {
                "file": "services/oboeservice/AAudioServiceEndpointMMAP.h"
            },
            "digest": {
                "line_hashes": [
                    "138308000147954670255719411645784741841",
                    "3986892579954722299164417327083767893",
                    "140940207752040076021843747509291126579",
                    "223665701398880327102818484047193900201"
                ],
                "threshold": 0.9
            },
            "signature_type": "Line"
        },
        {
            "id": "PUB-A-174801970-7d046996",
            "deprecated": false,
            "signature_version": "v1",
            "source": "https://android.googlesource.com/platform/frameworks/av/+/4719048ce0e6f8656a417a2f2fe6fbb848ed2ba7",
            "target": {
                "file": "media/libaaudio/src/core/AAudioAudio.cpp"
            },
            "digest": {
                "line_hashes": [
                    "54218227290195898416277200133252913724",
                    "7604587408120795285411780459083515618",
                    "295105256019524822658891580333570280404",
                    "84996635956053140685722718924996465929",
                    "186550684614668826600663661507058017790",
                    "54710912364336725460344946534482325683",
                    "286743222774800613961976126378028282434",
                    "228696837716531675267604384238019145671",
                    "269398634677032652687960495643418251450",
                    "263509510487563230553004999489355018061"
                ],
                "threshold": 0.9
            },
            "signature_type": "Line"
        },
        {
            "id": "PUB-A-174801970-809b7ddf",
            "deprecated": false,
            "signature_version": "v1",
            "source": "https://android.googlesource.com/platform/frameworks/av/+/4719048ce0e6f8656a417a2f2fe6fbb848ed2ba7",
            "target": {
                "file": "media/libaaudio/src/legacy/AudioStreamRecord.cpp"
            },
            "digest": {
                "line_hashes": [
                    "171233457037611892175862607637222469866",
                    "256975218576862948349205889735400132374",
                    "20251578944483618316344522367714113563",
                    "26513276847396811509644332421627523167",
                    "231837441837758898129077361407833656995",
                    "6009978050318666052114943795347715447",
                    "149179142162701876042379706921019170547",
                    "75515096408171148235770630775743236316",
                    "83318934688086468185599943590033350131",
                    "179292413493027094457110516288820655401"
                ],
                "threshold": 0.9
            },
            "signature_type": "Line"
        },
        {
            "id": "PUB-A-174801970-a3302ccd",
            "deprecated": false,
            "signature_version": "v1",
            "source": "https://android.googlesource.com/platform/frameworks/av/+/4719048ce0e6f8656a417a2f2fe6fbb848ed2ba7",
            "target": {
                "function": "AAudioServiceEndpointMMAP::close",
                "file": "services/oboeservice/AAudioServiceEndpointMMAP.cpp"
            },
            "digest": {
                "length": 196.0,
                "function_hash": "176651214149299193849519549348812557642"
            },
            "signature_type": "Function"
        },
        {
            "id": "PUB-A-174801970-ac9d2f4d",
            "deprecated": false,
            "signature_version": "v1",
            "source": "https://android.googlesource.com/platform/frameworks/av/+/4719048ce0e6f8656a417a2f2fe6fbb848ed2ba7",
            "target": {
                "file": "media/libaaudio/src/core/AudioStream.h"
            },
            "digest": {
                "line_hashes": [
                    "213551316154395914360255716971716142821",
                    "228993919608138147148651094441911975723",
                    "274089019340197142265383347135275664384",
                    "200599376122028488416001225785716372737",
                    "183272969719113907056488593423924321061",
                    "163593162470519578431894200678857127035",
                    "58795102209253700540829540757203641252",
                    "72328496922737768401131313389976931790",
                    "192458404849679491041311623473581514830",
                    "107160271459050059030427549802024824145",
                    "225231431714533303195368402847609328633",
                    "156985876278144894427900298786894737703",
                    "89269756142635332498121099473658481830",
                    "264973015085272474205707085502775081836",
                    "317674194016975262010493107589698527515",
                    "13851453484797678535523272752689633492",
                    "82559678301987930589556971359695608988",
                    "276295042054975172256098244072017151481",
                    "205230162382674081235505216231543887884",
                    "75843914492793173710546891834149904732"
                ],
                "threshold": 0.9
            },
            "signature_type": "Line"
        },
        {
            "id": "PUB-A-174801970-c8ce21b5",
            "deprecated": false,
            "signature_version": "v1",
            "source": "https://android.googlesource.com/platform/frameworks/av/+/4719048ce0e6f8656a417a2f2fe6fbb848ed2ba7",
            "target": {
                "file": "media/libaaudio/src/legacy/AudioStreamTrack.h"
            },
            "digest": {
                "line_hashes": [
                    "21494141105392373684186664322719924188",
                    "40932097289607115560976628170179171166",
                    "75106859081186526841548216350425158146",
                    "236476705738012992469831647637151138698"
                ],
                "threshold": 0.9
            },
            "signature_type": "Line"
        },
        {
            "id": "PUB-A-174801970-d80e6377",
            "deprecated": false,
            "signature_version": "v1",
            "source": "https://android.googlesource.com/platform/frameworks/av/+/4719048ce0e6f8656a417a2f2fe6fbb848ed2ba7",
            "target": {
                "file": "services/oboeservice/AAudioServiceEndpointShared.cpp"
            },
            "digest": {
                "line_hashes": [
                    "100941249235493133634267842408171740297",
                    "128614695812127460621824038385563898139",
                    "258386942316292771493219030662458268846",
                    "304718278023657704757755727142482594956",
                    "273832504547236062963744445111622122488"
                ],
                "threshold": 0.9
            },
            "signature_type": "Line"
        },
        {
            "id": "PUB-A-174801970-f98f503e",
            "deprecated": false,
            "signature_version": "v1",
            "source": "https://android.googlesource.com/platform/frameworks/av/+/4719048ce0e6f8656a417a2f2fe6fbb848ed2ba7",
            "target": {
                "file": "services/oboeservice/AAudioServiceEndpoint.h"
            },
            "digest": {
                "line_hashes": [
                    "74965827258306365781553929641278037141",
                    "75447487586561707643488323804274494615",
                    "140508897464051384633849615758231520693",
                    "35394968589167343693049559830880258211"
                ],
                "threshold": 0.9
            },
            "signature_type": "Line"
        }
    ],
    "spl": "2021-06-01"
}