PUB-A-193441322

See a problem?
Import Source
https://storage.googleapis.com/android-osv/PUB-A-193441322.json
JSON Data
https://api.osv.dev/v1/vulns/PUB-A-193441322
Aliases
  • A-193441322
  • CVE-2021-1034
Published
2021-12-01T00:00:00Z
Modified
2025-11-17T16:39:28.955843Z
Summary
[none]
Details

In getLine1NumberForDisplay of PhoneInterfaceManager.java, there is a possible way to determine whether an app is installed, without query permissions due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

References

Affected packages

Android / platform/frameworks/base

Package

Name
platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
12:0
Fixed
12:2021-12-01

Affected versions

Other

12

Ecosystem specific 

{
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/f4d8bd16b7788abd26313ec2be3a630b43c233c9"
    ],
    "severity": "Moderate",
    "types": [
        "ID"
    ],
    "vanir_signatures": [
        {
            "id": "PUB-A-193441322-00e01df7",
            "target": {
                "file": "services/core/java/com/android/server/pm/permission/LegacyPermissionManagerService.java",
                "function": "Injector"
            },
            "source": "https://android.googlesource.com/platform/frameworks/base/+/f4d8bd16b7788abd26313ec2be3a630b43c233c9",
            "signature_type": "Function",
            "digest": {
                "function_hash": "85677675975524556012474132864057463680",
                "length": 57.0
            },
            "deprecated": false,
            "signature_version": "v1"
        },
        {
            "id": "PUB-A-193441322-259b757a",
            "target": {
                "file": "services/core/java/com/android/server/pm/permission/LegacyPermissionManagerService.java"
            },
            "source": "https://android.googlesource.com/platform/frameworks/base/+/f4d8bd16b7788abd26313ec2be3a630b43c233c9",
            "signature_type": "Line",
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "3541416487324464590081690504005567420",
                    "77838314015197802726733171529578085269",
                    "282322925625428627428502579998212114679",
                    "185110749274560011140621287983786539126",
                    "270314208920105180670352781286982220594",
                    "99677907936208215302936562861408956116",
                    "120410263357331973728474258793670725326",
                    "312217953377122187160617899748054281414",
                    "289350725698846797723436941501004440013",
                    "93809137008868782148591101266489391907",
                    "229969220499354969579715229437250766686",
                    "46801236371684790830157573315104383697",
                    "311805268179833515445976674429498871984",
                    "180244309055467705076611473958587117671",
                    "58613562035555278663501552823690651474",
                    "13006709373647326752133655462919574963",
                    "251882607319576966850125203706775760851",
                    "259541251922868379987913601092789763542",
                    "171712597539862831801195007227848350748",
                    "94374281234011843316935019975945909842"
                ]
            },
            "deprecated": false,
            "signature_version": "v1"
        },
        {
            "id": "PUB-A-193441322-281e3bd0",
            "target": {
                "file": "services/core/java/com/android/server/pm/permission/LegacyPermissionManagerService.java",
                "function": "verifyCallerCanCheckAccess"
            },
            "source": "https://android.googlesource.com/platform/frameworks/base/+/f4d8bd16b7788abd26313ec2be3a630b43c233c9",
            "signature_type": "Function",
            "digest": {
                "function_hash": "325643107789986794313621943277621254447",
                "length": 480.0
            },
            "deprecated": false,
            "signature_version": "v1"
        }
    ],
    "spl": "2021-12-01"
}