ASB-A-155648771

See a problem?
Import Source
https://storage.googleapis.com/android-osv/ASB-A-155648771.json
JSON Data
https://api.osv.dev/v1/vulns/ASB-A-155648771
Aliases
  • A-155648771
  • CVE-2021-0307
Published
2021-01-01T00:00:00Z
Modified
2024-08-07T19:29:54.773987Z
Summary
privilege escalation - obtain dangerous platform permissions silently through custom permissions
Details

In updatePermissionSourcePackage of PermissionManagerService.java, there is a possible automatic runtime permission grant due to a confused deputy. This could lead to local escalation of privilege allowing a malicious app to silently gain access to a dangerous permission with no additional execution privileges needed. User interaction is not needed for exploitation.

References

Affected packages

Android / platform/cts

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
10:0
Fixed
10:2021-01-01

Affected versions

Other

10

Ecosystem specific

{
    "fixes": [
        "https://android.googlesource.com/platform/cts/+/a8a90255d43845e307b6d133c710b802dbece622"
    ],
    "spl": "2021-01-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}

Android / platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
10:0
Fixed
10:2021-01-01

Affected versions

Other

10

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "42944500549505635161036987220393129218",
                    "32374468865149567811517005251175270874",
                    "182416145722170882610837408393988471387",
                    "73133442436564090363183519967048906082"
                ]
            },
            "id": "ASB-A-155648771-4acbd12e",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/a9f825922e1870575aeab11a2035903c217233c9",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/pm/permission/PermissionManagerService.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 1646.0,
                "function_hash": "260801340390853921484827258252259891230"
            },
            "id": "ASB-A-155648771-ea459bf9",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/a9f825922e1870575aeab11a2035903c217233c9",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/pm/permission/PermissionManagerService.java",
                "function": "updatePermissionSourcePackage"
            },
            "signature_type": "Function"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/a9f825922e1870575aeab11a2035903c217233c9"
    ],
    "spl": "2021-01-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}

Android / platform/cts

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
11:0
Fixed
11:2021-01-01

Affected versions

Other

11

Ecosystem specific

{
    "fixes": [
        "https://android.googlesource.com/platform/cts/+/a8a90255d43845e307b6d133c710b802dbece622"
    ],
    "spl": "2021-01-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}

Android / platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
11:0
Fixed
11:2021-01-01

Affected versions

Other

11

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 1646.0,
                "function_hash": "260801340390853921484827258252259891230"
            },
            "id": "ASB-A-155648771-9979c947",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/a9f825922e1870575aeab11a2035903c217233c9",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/pm/permission/PermissionManagerService.java",
                "function": "updatePermissionSourcePackage"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "42944500549505635161036987220393129218",
                    "32374468865149567811517005251175270874",
                    "182416145722170882610837408393988471387",
                    "73133442436564090363183519967048906082"
                ]
            },
            "id": "ASB-A-155648771-dcfd25c1",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/a9f825922e1870575aeab11a2035903c217233c9",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/pm/permission/PermissionManagerService.java"
            },
            "signature_type": "Line"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/a9f825922e1870575aeab11a2035903c217233c9"
    ],
    "spl": "2021-01-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}