In setInstallerPackageName of PackageManagerService.java, there is a missing permission check. This could lead to local escalation of privilege and granting spurious permissions with no additional execution privileges needed. User interaction is not needed for exploitation.
{ "vanir_signatures": [ { "digest": { "threshold": 0.9, "line_hashes": [ "121385483773384471853115903474639452198", "184019182808323809470149447007204861587", "20886215787258101827814598664580995911", "187571104971165644015437199649278715714", "110887872435304263424309036355997997196", "23971151535517674186024780439876312014", "297388453392271801583048335964948395054", "94161684239492038383641357325975761122", "5033414276647347878521861143734219935", "292758487146417046272027740833385359371", "30812556885355799079975849148091184444", "37248816305998331056277029398087325763", "205146389205049220936115294651743896682", "181542654102948766044434891219751375235", "110139631808912567129312820625862970957" ] }, "id": "ASB-A-150857253-341e5c5a", "source": "https://android.googlesource.com/platform/frameworks/base/+/40ca8b51fa90457cc49b91eac00636d1626b3a1b", "deprecated": false, "signature_version": "v1", "target": { "file": "services/core/java/com/android/server/pm/PackageManagerService.java" }, "signature_type": "Line" }, { "digest": { "length": 1591.0, "function_hash": "277999990525634427442889858236049653453" }, "id": "ASB-A-150857253-cb118d3b", "source": "https://android.googlesource.com/platform/frameworks/base/+/40ca8b51fa90457cc49b91eac00636d1626b3a1b", "deprecated": false, "signature_version": "v1", "target": { "file": "services/core/java/com/android/server/pm/PackageManagerService.java", "function": "setInstallerPackageName" }, "signature_type": "Function" } ], "fixes": [ "https://android.googlesource.com/platform/frameworks/base/+/40ca8b51fa90457cc49b91eac00636d1626b3a1b" ], "spl": "2020-09-01", "severity": "High", "types": [ "EoP" ] }
{ "vanir_signatures": [ { "digest": { "threshold": 0.9, "line_hashes": [ "121385483773384471853115903474639452198", "184019182808323809470149447007204861587", "20886215787258101827814598664580995911", "187571104971165644015437199649278715714", "110887872435304263424309036355997997196", "23971151535517674186024780439876312014", "297388453392271801583048335964948395054", "94161684239492038383641357325975761122", "5033414276647347878521861143734219935", "292758487146417046272027740833385359371", "30812556885355799079975849148091184444", "37248816305998331056277029398087325763", "205146389205049220936115294651743896682", "181542654102948766044434891219751375235", "110139631808912567129312820625862970957" ] }, "id": "ASB-A-150857253-112a3108", "source": "https://android.googlesource.com/platform/frameworks/base/+/40ca8b51fa90457cc49b91eac00636d1626b3a1b", "deprecated": false, "signature_version": "v1", "target": { "file": "services/core/java/com/android/server/pm/PackageManagerService.java" }, "signature_type": "Line" }, { "digest": { "length": 1591.0, "function_hash": "277999990525634427442889858236049653453" }, "id": "ASB-A-150857253-66ebf69f", "source": "https://android.googlesource.com/platform/frameworks/base/+/40ca8b51fa90457cc49b91eac00636d1626b3a1b", "deprecated": false, "signature_version": "v1", "target": { "file": "services/core/java/com/android/server/pm/PackageManagerService.java", "function": "setInstallerPackageName" }, "signature_type": "Function" } ], "fixes": [ "https://android.googlesource.com/platform/frameworks/base/+/40ca8b51fa90457cc49b91eac00636d1626b3a1b" ], "spl": "2020-09-01", "severity": "High", "types": [ "EoP" ] }
{ "vanir_signatures": [ { "digest": { "length": 1591.0, "function_hash": "277999990525634427442889858236049653453" }, "id": "ASB-A-150857253-55b7ad10", "source": "https://android.googlesource.com/platform/frameworks/base/+/40ca8b51fa90457cc49b91eac00636d1626b3a1b", "deprecated": false, "signature_version": "v1", "target": { "file": "services/core/java/com/android/server/pm/PackageManagerService.java", "function": "setInstallerPackageName" }, "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "121385483773384471853115903474639452198", "184019182808323809470149447007204861587", "20886215787258101827814598664580995911", "187571104971165644015437199649278715714", "110887872435304263424309036355997997196", "23971151535517674186024780439876312014", "297388453392271801583048335964948395054", "94161684239492038383641357325975761122", "5033414276647347878521861143734219935", "292758487146417046272027740833385359371", "30812556885355799079975849148091184444", "37248816305998331056277029398087325763", "205146389205049220936115294651743896682", "181542654102948766044434891219751375235", "110139631808912567129312820625862970957" ] }, "id": "ASB-A-150857253-5f24c2d6", "source": "https://android.googlesource.com/platform/frameworks/base/+/40ca8b51fa90457cc49b91eac00636d1626b3a1b", "deprecated": false, "signature_version": "v1", "target": { "file": "services/core/java/com/android/server/pm/PackageManagerService.java" }, "signature_type": "Line" } ], "fixes": [ "https://android.googlesource.com/platform/frameworks/base/+/40ca8b51fa90457cc49b91eac00636d1626b3a1b" ], "spl": "2020-09-01", "severity": "High", "types": [ "EoP" ] }
{ "vanir_signatures": [ { "digest": { "threshold": 0.9, "line_hashes": [ "121385483773384471853115903474639452198", "184019182808323809470149447007204861587", "20886215787258101827814598664580995911", "187571104971165644015437199649278715714", "110887872435304263424309036355997997196", "23971151535517674186024780439876312014", "297388453392271801583048335964948395054", "94161684239492038383641357325975761122", "5033414276647347878521861143734219935", "292758487146417046272027740833385359371", "30812556885355799079975849148091184444", "37248816305998331056277029398087325763", "205146389205049220936115294651743896682", "181542654102948766044434891219751375235", "110139631808912567129312820625862970957" ] }, "id": "ASB-A-150857253-54d9b8ec", "source": "https://android.googlesource.com/platform/frameworks/base/+/40ca8b51fa90457cc49b91eac00636d1626b3a1b", "deprecated": false, "signature_version": "v1", "target": { "file": "services/core/java/com/android/server/pm/PackageManagerService.java" }, "signature_type": "Line" }, { "digest": { "length": 1591.0, "function_hash": "277999990525634427442889858236049653453" }, "id": "ASB-A-150857253-d56eb98c", "source": "https://android.googlesource.com/platform/frameworks/base/+/40ca8b51fa90457cc49b91eac00636d1626b3a1b", "deprecated": false, "signature_version": "v1", "target": { "file": "services/core/java/com/android/server/pm/PackageManagerService.java", "function": "setInstallerPackageName" }, "signature_type": "Function" } ], "fixes": [ "https://android.googlesource.com/platform/frameworks/base/+/40ca8b51fa90457cc49b91eac00636d1626b3a1b" ], "spl": "2020-09-01", "severity": "High", "types": [ "EoP" ] }