In updateMwi of NotificationMgr.java, there is a possible permission bypass due to a PendingIntent error. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.
{ "vanir_signatures": [ { "digest": { "length": 1817.0, "function_hash": "118891934688457000588694617252251358123" }, "id": "ASB-A-154323381-3bee39f9", "source": "https://android.googlesource.com/platform/packages/services/Telephony/+/b722e6d0bef5bdcf3cf7368b765ed08a98bdee1c", "deprecated": false, "signature_version": "v1", "target": { "file": "src/com/android/phone/NotificationMgr.java", "function": "updateCfi" }, "signature_type": "Function" }, { "digest": { "length": 3934.0, "function_hash": "106090137011265485625882723923773067534" }, "id": "ASB-A-154323381-57e84f73", "source": "https://android.googlesource.com/platform/packages/services/Telephony/+/b722e6d0bef5bdcf3cf7368b765ed08a98bdee1c", "deprecated": false, "signature_version": "v1", "target": { "file": "src/com/android/phone/NotificationMgr.java", "function": "updateMwi" }, "signature_type": "Function" }, { "digest": { "length": 1245.0, "function_hash": "50445700416993342029039016348416028384" }, "id": "ASB-A-154323381-6bc1e989", "source": "https://android.googlesource.com/platform/packages/services/Telephony/+/b722e6d0bef5bdcf3cf7368b765ed08a98bdee1c", "deprecated": false, "signature_version": "v1", "target": { "file": "src/com/android/phone/NotificationMgr.java", "function": "showNetworkSelection" }, "signature_type": "Function" }, { "digest": { "length": 935.0, "function_hash": "291758995638928117729529931136582371400" }, "id": "ASB-A-154323381-923c7f75", "source": "https://android.googlesource.com/platform/packages/services/Telephony/+/b722e6d0bef5bdcf3cf7368b765ed08a98bdee1c", "deprecated": false, "signature_version": "v1", "target": { "file": "src/com/android/phone/NotificationMgr.java", "function": "showDataDisconnectedRoaming" }, "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "265140102369180153285569643997638336446", "56764018562594915487821848992244143453", "257363152266438189000120890717951228671", "340228265644653042191994361831970247695", "40603954702908614189737089737507001609", "46172220657390890801239250354430434439", "122955238063153417043208236720308182883", "40957653701084111105334611405985659407", "153180109067042416946594760160744867278", "9579720642722567617161959736900012085", "310779639648123452954544692477443865574", "138097297092970187919989632528491147129", "327945833271495185885896893359366071469", "260806432887035010908317663305480350689", "277319764255446523099854316247119081032", "225933412891481146513674979089324314435" ] }, "id": "ASB-A-154323381-bec8d140", "source": "https://android.googlesource.com/platform/packages/services/Telephony/+/b722e6d0bef5bdcf3cf7368b765ed08a98bdee1c", "deprecated": false, "signature_version": "v1", "target": { "file": "src/com/android/phone/NotificationMgr.java" }, "signature_type": "Line" } ], "fixes": [ "https://android.googlesource.com/platform/packages/services/Telephony/+/b722e6d0bef5bdcf3cf7368b765ed08a98bdee1c" ], "spl": "2020-10-01", "severity": "High", "types": [ "ID" ] }