PUB-A-188219307

See a problem?
Import Source
https://storage.googleapis.com/android-osv/PUB-A-188219307.json
JSON Data
https://api.osv.dev/v1/vulns/PUB-A-188219307
Aliases
  • A-188219307
  • CVE-2021-1011
Published
2021-12-01T00:00:00Z
Modified
2024-11-06T12:16:03.231308Z
Summary
[none]
Details

In setPackageStoppedState of PackageManagerService.java, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

References

Affected packages

Android / platform/frameworks/base

Package

Name
platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
12:0
Fixed
12:2021-12-01

Affected versions

Other

12

Ecosystem specific 

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "248288502745360145587113369201883597818",
                    "187885695649267500458876508762431505118",
                    "38589098222459545645273185752692080543",
                    "27864417869734041734459830048141805275",
                    "228716167390115108442825133253058457212",
                    "81606005663576324338806360943246686445",
                    "234995863242779510340217155127190747015",
                    "27360440478332239752968029852954548306",
                    "142110162820807955582942616221204034457"
                ]
            },
            "id": "PUB-A-188219307-1d76d343",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/44a4529285f514c7cdbe0777004e853503399c35",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/pm/PackageManagerService.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "205076840782117860855025683080164841036",
                    "263564451018149687351407217020230214682",
                    "135298803417011739828131412056636791105",
                    "3813877246876349088123451405682226763",
                    "250121116697882860832109887673071951151",
                    "305804676621850979729295448782132000401",
                    "226393296350702719899928476069089365351",
                    "95099956319131499057726802266540084687",
                    "20987026784971052941912524032048547787",
                    "337260685222169544542613997715352069205",
                    "278825004740674325862848292872795454616",
                    "262396198905564093725787048195908252614",
                    "180818649611551091240992966375228620958",
                    "152482317248299455791791819544251416763",
                    "33421342791544445829693411101614268423"
                ]
            },
            "id": "PUB-A-188219307-40262ae6",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/44a4529285f514c7cdbe0777004e853503399c35",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/pm/Settings.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 918.0,
                "function_hash": "94775138723964750065483615781259111986"
            },
            "id": "PUB-A-188219307-8c1c84b9",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/44a4529285f514c7cdbe0777004e853503399c35",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/pm/PackageManagerService.java",
                "function": "setPackageStoppedState"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 971.0,
                "function_hash": "59669115405938965986268615046622644303"
            },
            "id": "PUB-A-188219307-f93e69c1",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/44a4529285f514c7cdbe0777004e853503399c35",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/pm/Settings.java",
                "function": "setPackageStoppedStateLPw"
            },
            "signature_type": "Function"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/44a4529285f514c7cdbe0777004e853503399c35"
    ],
    "spl": "2021-12-01",
    "severity": "Moderate",
    "types": [
        "ID"
    ]
}