ASB-A-157474195

See a problem?
Import Source
https://storage.googleapis.com/android-osv/ASB-A-157474195.json
JSON Data
https://api.osv.dev/v1/vulns/ASB-A-157474195
Aliases
  • A-157474195
  • CVE-2021-0337
Published
2021-02-01T00:00:00Z
Modified
2024-08-07T19:30:11.896899Z
Summary
Missing revocation of moved document URIs in FileSystemProvider
Details

In moveInMediaStore of FileSystemProvider.java, there is a possible file exposure due to stale metadata. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.

References

Affected packages

Android / platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
10:0
Fixed
10:2021-02-01

Affected versions

Other

10

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 597.0,
                "function_hash": "95207611329866541020810522679702160389"
            },
            "id": "ASB-A-157474195-0c1041eb",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/5afa7645579a01b77005b8a60f3713ca3e653fba",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "core/java/com/android/internal/content/FileSystemProvider.java",
                "function": "renameDocument"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 388.0,
                "function_hash": "177888745711270769104500725269179465166"
            },
            "id": "ASB-A-157474195-21c197f4",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/5afa7645579a01b77005b8a60f3713ca3e653fba",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "core/java/com/android/internal/content/FileSystemProvider.java",
                "function": "deleteDocument"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 552.0,
                "function_hash": "104469326549119752783813600499935556036"
            },
            "id": "ASB-A-157474195-3e7472a5",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/5afa7645579a01b77005b8a60f3713ca3e653fba",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "core/java/com/android/internal/content/FileSystemProvider.java",
                "function": "moveDocument"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "337768421731177914852952627660101406566",
                    "160201817655052503962811299480944143267",
                    "326805259670909050863234206244251260029",
                    "166756985256022869606464148158220506442",
                    "19149938257146352426317412782251334080",
                    "304047694954246500064345687375436399951",
                    "186652238605562309358180782191173623162",
                    "313741471183135593549126092169425863949",
                    "205883396251054809150709612950476294635",
                    "208877308328643758029168981058035893429",
                    "290405506323056615402018598059130139739",
                    "58991343204514618830852163896601996662",
                    "263529015495012105749591513539264233732",
                    "269992576871638899273780706787786246227",
                    "317399817418477653900571388810832556481"
                ]
            },
            "id": "ASB-A-157474195-6cd8ad62",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/5afa7645579a01b77005b8a60f3713ca3e653fba",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "core/java/com/android/internal/content/FileSystemProvider.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "174315886285048729724468337538603502183",
                    "13641771033659361517556201659059900667",
                    "251762566533496679962500521846933460423",
                    "98043791869773912361626476327699343355"
                ]
            },
            "id": "ASB-A-157474195-96dc10bd",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/5afa7645579a01b77005b8a60f3713ca3e653fba",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "packages/ExternalStorageProvider/src/com/android/externalstorage/ExternalStorageProvider.java"
            },
            "signature_type": "Line"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/5afa7645579a01b77005b8a60f3713ca3e653fba"
    ],
    "spl": "2021-02-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}

Android / platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
11:0
Fixed
11:2021-02-01

Affected versions

Other

11

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 597.0,
                "function_hash": "95207611329866541020810522679702160389"
            },
            "id": "ASB-A-157474195-1b2974c5",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/5afa7645579a01b77005b8a60f3713ca3e653fba",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "core/java/com/android/internal/content/FileSystemProvider.java",
                "function": "renameDocument"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "174315886285048729724468337538603502183",
                    "13641771033659361517556201659059900667",
                    "251762566533496679962500521846933460423",
                    "98043791869773912361626476327699343355"
                ]
            },
            "id": "ASB-A-157474195-245b4ba2",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/5afa7645579a01b77005b8a60f3713ca3e653fba",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "packages/ExternalStorageProvider/src/com/android/externalstorage/ExternalStorageProvider.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 552.0,
                "function_hash": "104469326549119752783813600499935556036"
            },
            "id": "ASB-A-157474195-c70ead19",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/5afa7645579a01b77005b8a60f3713ca3e653fba",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "core/java/com/android/internal/content/FileSystemProvider.java",
                "function": "moveDocument"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 388.0,
                "function_hash": "177888745711270769104500725269179465166"
            },
            "id": "ASB-A-157474195-e3a70bbe",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/5afa7645579a01b77005b8a60f3713ca3e653fba",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "core/java/com/android/internal/content/FileSystemProvider.java",
                "function": "deleteDocument"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "337768421731177914852952627660101406566",
                    "160201817655052503962811299480944143267",
                    "326805259670909050863234206244251260029",
                    "166756985256022869606464148158220506442",
                    "19149938257146352426317412782251334080",
                    "304047694954246500064345687375436399951",
                    "186652238605562309358180782191173623162",
                    "313741471183135593549126092169425863949",
                    "205883396251054809150709612950476294635",
                    "208877308328643758029168981058035893429",
                    "290405506323056615402018598059130139739",
                    "58991343204514618830852163896601996662",
                    "263529015495012105749591513539264233732",
                    "269992576871638899273780706787786246227",
                    "317399817418477653900571388810832556481"
                ]
            },
            "id": "ASB-A-157474195-f8a15fd0",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/5afa7645579a01b77005b8a60f3713ca3e653fba",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "core/java/com/android/internal/content/FileSystemProvider.java"
            },
            "signature_type": "Line"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/5afa7645579a01b77005b8a60f3713ca3e653fba"
    ],
    "spl": "2021-02-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}