PUB-A-184676316

See a problem?
Import Source
https://storage.googleapis.com/android-osv/PUB-A-184676316.json
JSON Data
https://api.osv.dev/v1/vulns/PUB-A-184676316
Aliases
Published
2021-12-01T00:00:00Z
Modified
2026-03-09T15:09:45.114269Z
Summary
[none]
Details

In onCreate of AllowBindAppWidgetActivity.java, there is a possible bypass of user interaction requirements due to unclear UI. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

References

Affected packages

Android / platform/packages/apps/Settings

Package

Name
platform/packages/apps/Settings

Affected ranges

Type
ECOSYSTEM
Events
Introduced
12:0
Fixed
12:2021-12-01

Affected versions

Other
12

Ecosystem specific 

{
    "spl": "2021-12-01",
    "severity": "Moderate",
    "fixes": [
        "https://android.googlesource.com/platform/packages/apps/Settings/+/f25e8aa74c28053efa106eca29f31d8cbdd3bf10"
    ],
    "vanir_signatures": [
        {
            "deprecated": false,
            "signature_version": "v1",
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "277070685855571080445772825910646061498",
                    "112299108208439878597652137193484332581",
                    "170203650146902295421291891499883086680",
                    "238497721516949964030720633374099848036",
                    "209250305627516059923222185807254030209",
                    "327707920722028815278622015215625782792",
                    "136088236212345913991887120439409471046",
                    "17625525726800486919750313264607134236",
                    "169416639551318675418397515674436903149",
                    "41582362725234250356221004714277453486",
                    "32673644011415985680415014262767686552",
                    "208438871902808025555704718385871345299",
                    "38632957431177099034287835622065397557",
                    "329742652017708867640110647985216618671",
                    "162771825590691441526812377456957117294",
                    "269297383747417528002876161511559769282",
                    "277450053801965143465275056469021196279",
                    "168686612315805397838618515343306795769",
                    "122070420249423543901325501755690291540",
                    "194561527000989105239038949692730685773",
                    "332140045600280330864101074016293786145",
                    "52056889956315741524506560459493390212"
                ]
            },
            "source": "https://android.googlesource.com/platform/packages/apps/Settings/+/f25e8aa74c28053efa106eca29f31d8cbdd3bf10",
            "signature_type": "Line",
            "id": "PUB-A-184676316-15ce816e",
            "target": {
                "file": "src/com/android/settings/AllowBindAppWidgetActivity.java"
            }
        },
        {
            "deprecated": false,
            "signature_version": "v1",
            "digest": {
                "function_hash": "88036562841993369444117788646510982940",
                "length": 2201.0
            },
            "source": "https://android.googlesource.com/platform/packages/apps/Settings/+/f25e8aa74c28053efa106eca29f31d8cbdd3bf10",
            "signature_type": "Function",
            "id": "PUB-A-184676316-ccb20e62",
            "target": {
                "file": "src/com/android/settings/AllowBindAppWidgetActivity.java",
                "function": "onCreate"
            }
        }
    ],
    "types": [
        "EoP"
    ]
}

Database specific

source 
"https://storage.googleapis.com/android-osv/PUB-A-184676316.json"