PUB-A-191954233
See a problem?- Import Source
- https://storage.googleapis.com/android-osv/PUB-A-191954233.json
- JSON Data
- https://api.osv.dev/v1/vulns/PUB-A-191954233
- Aliases
-
- A-191954233
- CVE-2021-0988
- Published
- 2021-12-01T00:00:00Z
- Modified
- 2024-11-06T12:16:03.231308Z
- Summary
- [none]
- Details
-
In getLaunchedFromUid and getLaunchedFromPackage of ActivityClientController.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
- References
Affected packages
Android / platform/frameworks/base
Package
Ecosystem specific
{
"vanir_signatures": [
{
"digest": {
"length": 170.0,
"function_hash": "264603578110578977308773915630180438313"
},
"id": "PUB-A-191954233-2851af7d",
"source": "https://android.googlesource.com/platform/frameworks/base/+/1d6bc4e1874ae4fbe2695d08464cc2b0f659f997",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/wm/ActivityClientController.java",
"function": "getLaunchedFromPackage"
},
"signature_type": "Function"
},
{
"digest": {
"length": 198.0,
"function_hash": "55536776578654624016144981176681338854"
},
"id": "PUB-A-191954233-4f57e2ab",
"source": "https://android.googlesource.com/platform/frameworks/base/+/1d6bc4e1874ae4fbe2695d08464cc2b0f659f997",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/wm/ActivityClientController.java",
"function": "getLaunchedFromUid"
},
"signature_type": "Function"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"174808922437240677627742803951708865820",
"91403675260202517997326574331789180340",
"104505683080756525383317262783599076547",
"200676763069383249658547365413262195501",
"80984503783502309787786049673550880056",
"318402902799698485461329540677182139309",
"240406913568824325809189223054481965184",
"140891950594240049632691008267011709869",
"313753903221639052457570773679952840647",
"157660133717960975700920736535171584904",
"111626024918874756711164654525579247876",
"338259431431763331576199413549624206353",
"143146395528801866658816138666432240617",
"259981170478718095876877519938940011577",
"77113707542957055727576013389438363923",
"150032992700180872538678797932959151004",
"33080956372133495114828098802514845222",
"166262659433666545654092006505689399677",
"39514825788708055998358346645583168845",
"251120741046466846427994609488412062336",
"130220749541560948158864948305238123525",
"197790123221419850924977968510345913397",
"301129931417725205060479837906148475343",
"286064385087170236546033835111873880475",
"149713084073254821689258379510616268940",
"315911703671184141190277540524306262002",
"27216449601433578156513282962170503066",
"157399221979240846057537294936248389197",
"285114824406338192301636784799044286996",
"317931236233952214730079017301386681360",
"317408155499675601352136806701692596398",
"198107751940972950360525920908809137304"
]
},
"id": "PUB-A-191954233-7abda2bb",
"source": "https://android.googlesource.com/platform/frameworks/base/+/1d6bc4e1874ae4fbe2695d08464cc2b0f659f997",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/wm/ActivityClientController.java"
},
"signature_type": "Line"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"190435056261218728453316647817527383636",
"121777323344655602847224352711325139274",
"27685480651417845615032188213408336999",
"65054089820080445111750700446708625381",
"253177753223314235181697678471224405084",
"200952331430259642276838639158616341389"
]
},
"id": "PUB-A-191954233-90dc6f61",
"source": "https://android.googlesource.com/platform/frameworks/base/+/bc817f1eff9889292bd2b3cad4d4eed56a9a4830",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/wm/ActivityTaskSupervisor.java"
},
"signature_type": "Line"
},
{
"digest": {
"length": 812.0,
"function_hash": "176950729361942540487474238663089108753"
},
"id": "PUB-A-191954233-9372ab2f",
"source": "https://android.googlesource.com/platform/frameworks/base/+/bc817f1eff9889292bd2b3cad4d4eed56a9a4830",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/wm/ActivityRecord.java",
"function": "deliverNewIntentLocked"
},
"signature_type": "Function"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"18866207012874881757920618410967321867",
"15319647225824101216585407272118790709",
"140075833828855772759590339287349760739",
"338378307837799580160120135395205141772",
"281092101559906700321422576934806442472",
"304688705216120957684217440319841903304",
"75348411922556477965778407956061857265"
]
},
"id": "PUB-A-191954233-ecf42499",
"source": "https://android.googlesource.com/platform/frameworks/base/+/bc817f1eff9889292bd2b3cad4d4eed56a9a4830",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/wm/ActivityRecord.java"
},
"signature_type": "Line"
},
{
"digest": {
"length": 5094.0,
"function_hash": "70756871042730078203506742408572370999"
},
"id": "PUB-A-191954233-edba91ca",
"source": "https://android.googlesource.com/platform/frameworks/base/+/bc817f1eff9889292bd2b3cad4d4eed56a9a4830",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/wm/ActivityTaskSupervisor.java",
"function": "realStartActivityLocked"
},
"signature_type": "Function"
}
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/bc817f1eff9889292bd2b3cad4d4eed56a9a4830",
"https://android.googlesource.com/platform/frameworks/base/+/1d6bc4e1874ae4fbe2695d08464cc2b0f659f997"
],
"spl": "2021-12-01",
"severity": "Moderate",
"types": [
"ID"
]
}