ASB-A-150857253

See a problem?
Import Source
https://storage.googleapis.com/android-osv/ASB-A-150857253.json
JSON Data
https://api.osv.dev/v1/vulns/ASB-A-150857253
Aliases
  • A-150857253
  • CVE-2020-0401
Published
2020-09-01T00:00:00Z
Modified
2024-08-07T19:29:11.866349Z
Summary
PackageManagerService#setInstallerPackageName allows unset installers to be set by anyone
Details

In setInstallerPackageName of PackageManagerService.java, there is a missing permission check. This could lead to local escalation of privilege and granting spurious permissions with no additional execution privileges needed. User interaction is not needed for exploitation.

References

Affected packages

Android / platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
8.0:0
Fixed
8.0:2020-09-01

Affected versions

8.*

8.0

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "121385483773384471853115903474639452198",
                    "184019182808323809470149447007204861587",
                    "20886215787258101827814598664580995911",
                    "187571104971165644015437199649278715714",
                    "110887872435304263424309036355997997196",
                    "23971151535517674186024780439876312014",
                    "297388453392271801583048335964948395054",
                    "94161684239492038383641357325975761122",
                    "5033414276647347878521861143734219935",
                    "292758487146417046272027740833385359371",
                    "30812556885355799079975849148091184444",
                    "37248816305998331056277029398087325763",
                    "205146389205049220936115294651743896682",
                    "181542654102948766044434891219751375235",
                    "110139631808912567129312820625862970957"
                ]
            },
            "id": "ASB-A-150857253-341e5c5a",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/40ca8b51fa90457cc49b91eac00636d1626b3a1b",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/pm/PackageManagerService.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 1591.0,
                "function_hash": "277999990525634427442889858236049653453"
            },
            "id": "ASB-A-150857253-cb118d3b",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/40ca8b51fa90457cc49b91eac00636d1626b3a1b",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/pm/PackageManagerService.java",
                "function": "setInstallerPackageName"
            },
            "signature_type": "Function"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/40ca8b51fa90457cc49b91eac00636d1626b3a1b"
    ],
    "spl": "2020-09-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}

Android / platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
8.1:0
Fixed
8.1:2020-09-01

Affected versions

8.*

8.1

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "121385483773384471853115903474639452198",
                    "184019182808323809470149447007204861587",
                    "20886215787258101827814598664580995911",
                    "187571104971165644015437199649278715714",
                    "110887872435304263424309036355997997196",
                    "23971151535517674186024780439876312014",
                    "297388453392271801583048335964948395054",
                    "94161684239492038383641357325975761122",
                    "5033414276647347878521861143734219935",
                    "292758487146417046272027740833385359371",
                    "30812556885355799079975849148091184444",
                    "37248816305998331056277029398087325763",
                    "205146389205049220936115294651743896682",
                    "181542654102948766044434891219751375235",
                    "110139631808912567129312820625862970957"
                ]
            },
            "id": "ASB-A-150857253-112a3108",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/40ca8b51fa90457cc49b91eac00636d1626b3a1b",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/pm/PackageManagerService.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 1591.0,
                "function_hash": "277999990525634427442889858236049653453"
            },
            "id": "ASB-A-150857253-66ebf69f",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/40ca8b51fa90457cc49b91eac00636d1626b3a1b",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/pm/PackageManagerService.java",
                "function": "setInstallerPackageName"
            },
            "signature_type": "Function"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/40ca8b51fa90457cc49b91eac00636d1626b3a1b"
    ],
    "spl": "2020-09-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}

Android / platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
9:0
Fixed
9:2020-09-01

Affected versions

Other

9

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 1591.0,
                "function_hash": "277999990525634427442889858236049653453"
            },
            "id": "ASB-A-150857253-55b7ad10",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/40ca8b51fa90457cc49b91eac00636d1626b3a1b",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/pm/PackageManagerService.java",
                "function": "setInstallerPackageName"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "121385483773384471853115903474639452198",
                    "184019182808323809470149447007204861587",
                    "20886215787258101827814598664580995911",
                    "187571104971165644015437199649278715714",
                    "110887872435304263424309036355997997196",
                    "23971151535517674186024780439876312014",
                    "297388453392271801583048335964948395054",
                    "94161684239492038383641357325975761122",
                    "5033414276647347878521861143734219935",
                    "292758487146417046272027740833385359371",
                    "30812556885355799079975849148091184444",
                    "37248816305998331056277029398087325763",
                    "205146389205049220936115294651743896682",
                    "181542654102948766044434891219751375235",
                    "110139631808912567129312820625862970957"
                ]
            },
            "id": "ASB-A-150857253-5f24c2d6",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/40ca8b51fa90457cc49b91eac00636d1626b3a1b",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/pm/PackageManagerService.java"
            },
            "signature_type": "Line"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/40ca8b51fa90457cc49b91eac00636d1626b3a1b"
    ],
    "spl": "2020-09-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}

Android / platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
10:0
Fixed
10:2020-09-01

Affected versions

Other

10

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "121385483773384471853115903474639452198",
                    "184019182808323809470149447007204861587",
                    "20886215787258101827814598664580995911",
                    "187571104971165644015437199649278715714",
                    "110887872435304263424309036355997997196",
                    "23971151535517674186024780439876312014",
                    "297388453392271801583048335964948395054",
                    "94161684239492038383641357325975761122",
                    "5033414276647347878521861143734219935",
                    "292758487146417046272027740833385359371",
                    "30812556885355799079975849148091184444",
                    "37248816305998331056277029398087325763",
                    "205146389205049220936115294651743896682",
                    "181542654102948766044434891219751375235",
                    "110139631808912567129312820625862970957"
                ]
            },
            "id": "ASB-A-150857253-54d9b8ec",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/40ca8b51fa90457cc49b91eac00636d1626b3a1b",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/pm/PackageManagerService.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 1591.0,
                "function_hash": "277999990525634427442889858236049653453"
            },
            "id": "ASB-A-150857253-d56eb98c",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/40ca8b51fa90457cc49b91eac00636d1626b3a1b",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/pm/PackageManagerService.java",
                "function": "setInstallerPackageName"
            },
            "signature_type": "Function"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/40ca8b51fa90457cc49b91eac00636d1626b3a1b"
    ],
    "spl": "2020-09-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}