In getSigningKeySet of PackageManagerService.java, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
{ "vanir_signatures": [ { "digest": { "length": 869.0, "function_hash": "132584928615221730268150791750476423550" }, "id": "PUB-A-189857801-60efad0e", "source": "https://android.googlesource.com/platform/frameworks/base/+/5228b4cf3a55e2abfc833f23f6ed683d5ef35bb8", "deprecated": false, "signature_version": "v1", "target": { "file": "services/core/java/com/android/server/pm/PackageManagerService.java", "function": "getSigningKeySet" }, "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "269872727543979060273050115687526126547", "236636862371516801432910501098450022312", "231262560110106771437992143478379125344", "244768083747770656005397341329372162045", "13406896532638826383005944769576071522", "34486164087355723149574297097066475362", "249833021071024907082647275849633242455", "20735436386915824579006483356741752492", "19158146158145962835957127313103159540", "213738950766423406319545604270963899843" ] }, "id": "PUB-A-189857801-6f6d12c7", "source": "https://android.googlesource.com/platform/frameworks/base/+/5228b4cf3a55e2abfc833f23f6ed683d5ef35bb8", "deprecated": false, "signature_version": "v1", "target": { "file": "services/core/java/com/android/server/pm/PackageManagerService.java" }, "signature_type": "Line" } ], "fixes": [ "https://android.googlesource.com/platform/frameworks/base/+/5228b4cf3a55e2abfc833f23f6ed683d5ef35bb8" ], "spl": "2021-12-01", "severity": "Moderate", "types": [ "ID" ] }