PUB-A-176495665

See a problem?
Import Source
https://storage.googleapis.com/android-osv/PUB-A-176495665.json
JSON Data
https://api.osv.dev/v1/vulns/PUB-A-176495665
Aliases
Published
2021-06-01T00:00:00Z
Modified
2026-03-20T16:01:55.726900Z
Summary
[none]
Details

In decrypt of CryptoPlugin.cpp, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

References

Affected packages

Android / platform/frameworks/av

Package

Name
platform/frameworks/av

Affected ranges

Type
ECOSYSTEM
Events
Introduced
11:0
Fixed
11:2021-06-01

Affected versions

Other
11

Ecosystem specific 

{
    "vanir_signatures": [
        {
            "signature_version": "v1",
            "target": {
                "file": "drm/mediadrm/plugins/clearkey/hidl/CryptoPlugin.cpp",
                "function": "CryptoPlugin::decrypt_1_2"
            },
            "source": "https://android.googlesource.com/platform/frameworks/av/+/79a6ffbdaf14cfbb597efd8545ba401f1da28a4f",
            "deprecated": false,
            "digest": {
                "function_hash": "289247886596900951187087052811627073121",
                "length": 4254.0
            },
            "id": "PUB-A-176495665-0b377d6c",
            "signature_type": "Function"
        },
        {
            "signature_version": "v1",
            "target": {
                "file": "drm/mediadrm/plugins/clearkey/hidl/include/CryptoPlugin.h"
            },
            "source": "https://android.googlesource.com/platform/frameworks/av/+/79a6ffbdaf14cfbb597efd8545ba401f1da28a4f",
            "deprecated": false,
            "digest": {
                "line_hashes": [
                    "239931648519675499196978260866577697191",
                    "101128053027266173697275272088818991632",
                    "329698376950858297192832384173979819014",
                    "153117273229964002442024244984841189871",
                    "193655110644763919988885454820860265412",
                    "207649455538724743432156768924033261911",
                    "299081592202751204780576662467884825169",
                    "198714713846547538751318032688264765306",
                    "69912771190499630331467339225644523023",
                    "329417660113387093181582154380534886800",
                    "174697306043221093471911081739033742820"
                ],
                "threshold": 0.9
            },
            "id": "PUB-A-176495665-26761c2c",
            "signature_type": "Line"
        },
        {
            "signature_version": "v1",
            "target": {
                "file": "drm/mediadrm/plugins/clearkey/hidl/CryptoPlugin.cpp",
                "function": "CryptoPlugin::setSharedBufferBase"
            },
            "source": "https://android.googlesource.com/platform/frameworks/av/+/79a6ffbdaf14cfbb597efd8545ba401f1da28a4f",
            "deprecated": false,
            "digest": {
                "function_hash": "83804324151596417791924039404182904851",
                "length": 233.0
            },
            "id": "PUB-A-176495665-307f4efb",
            "signature_type": "Function"
        },
        {
            "signature_version": "v1",
            "target": {
                "file": "drm/mediadrm/plugins/clearkey/hidl/CryptoPlugin.cpp"
            },
            "source": "https://android.googlesource.com/platform/frameworks/av/+/79a6ffbdaf14cfbb597efd8545ba401f1da28a4f",
            "deprecated": false,
            "digest": {
                "line_hashes": [
                    "80650755198225489646155818328579013244",
                    "214302883976724642944160823531773350831",
                    "228857402668709192371015871719057283554",
                    "216796585859875414685283691379126266480",
                    "133042071211530628408949559588741735994",
                    "314602904450202568066777898281698976547",
                    "264298949911011163485260866338663751604",
                    "182509013215656757272313039702013762214",
                    "79868785389749169529183912015347522416"
                ],
                "threshold": 0.9
            },
            "id": "PUB-A-176495665-859be51c",
            "signature_type": "Line"
        }
    ],
    "types": [
        "EoP"
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/av/+/79a6ffbdaf14cfbb597efd8545ba401f1da28a4f"
    ],
    "spl": "2021-06-01",
    "severity": "Moderate"
}

Database specific

source 
"https://storage.googleapis.com/android-osv/PUB-A-176495665.json"

Android / platform/hardware/interfaces

Package

Name
platform/hardware/interfaces

Affected ranges

Type
ECOSYSTEM
Events
Introduced
11:0
Fixed
11:2021-06-01

Affected versions

Other
11

Ecosystem specific 

{
    "vanir_signatures": [
        {
            "signature_version": "v1",
            "target": {
                "file": "drm/1.0/default/CryptoPlugin.h"
            },
            "source": "https://android.googlesource.com/platform/hardware/interfaces/+/a4e76aab230a565dd0cef11e2e6e2d782b685327",
            "deprecated": false,
            "digest": {
                "line_hashes": [
                    "338734003058650768117569873538913139211",
                    "48334840324752538220133656459956211134",
                    "74219866353171461841539864830050274457",
                    "222290197317652465409581001700111359761",
                    "87089908589932915432556193581794380754",
                    "54706185110868442096262177696595696279",
                    "324607132481506265150981429704786906864",
                    "136556778993816125910016875516885690619",
                    "68342775054458916267650814659772342317",
                    "303034744072508462164836128000890610502",
                    "298561505625679081913440228746743709653",
                    "244686149178940169759062632632814000223",
                    "326167035501015315238203021377548683500",
                    "199164574376375895138658068341247569159",
                    "173622098562518735989600364692111324601",
                    "8820646153323049783395416090839125310",
                    "61786442267307842068128269464010653229",
                    "184832951823819122292927511161264090234",
                    "18208972824218449988403253158397327668"
                ],
                "threshold": 0.9
            },
            "id": "PUB-A-176495665-3bef26e7",
            "signature_type": "Line"
        },
        {
            "signature_version": "v1",
            "target": {
                "file": "drm/1.0/default/CryptoPlugin.cpp",
                "function": "CryptoPlugin::setSharedBufferBase"
            },
            "source": "https://android.googlesource.com/platform/hardware/interfaces/+/a4e76aab230a565dd0cef11e2e6e2d782b685327",
            "deprecated": false,
            "digest": {
                "function_hash": "30327710380002908183031134057555754975",
                "length": 173.0
            },
            "id": "PUB-A-176495665-87bb82da",
            "signature_type": "Function"
        },
        {
            "signature_version": "v1",
            "target": {
                "file": "drm/1.0/default/CryptoPlugin.cpp"
            },
            "source": "https://android.googlesource.com/platform/hardware/interfaces/+/a4e76aab230a565dd0cef11e2e6e2d782b685327",
            "deprecated": false,
            "digest": {
                "line_hashes": [
                    "332590428842297416598272175294071262211",
                    "112520708469331746017134768630155321874",
                    "101135519993293756381725003488514858462",
                    "178009918267011045620188023231884283364",
                    "240019402275460157740975095727168640207",
                    "276498128064374268632420638483112505272",
                    "137378813570596590094778362080755671176",
                    "90106377484174975455564131918402057136",
                    "246524809232248934677036880304414481783",
                    "154143101464377361727192659246603798336",
                    "114433394657626372821910648266472716077",
                    "291141292063522259182343516414589168415",
                    "973311319970186573685297772982176662",
                    "198449186455470176282285785883624712342"
                ],
                "threshold": 0.9
            },
            "id": "PUB-A-176495665-a0b35baf",
            "signature_type": "Line"
        }
    ],
    "types": [
        "EoP"
    ],
    "fixes": [
        "https://android.googlesource.com/platform/hardware/interfaces/+/a4e76aab230a565dd0cef11e2e6e2d782b685327"
    ],
    "spl": "2021-06-01",
    "severity": "Moderate"
}

Database specific

source 
"https://storage.googleapis.com/android-osv/PUB-A-176495665.json"