In createOrUpdate of Permission.java and related code, there is possible permission escalation due to a logic error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
{ "vanir_signatures": [ { "digest": { "length": 2873.0, "function_hash": "159669981910848186740133655022903054465" }, "id": "ASB-A-168319670-431f8199", "source": "https://android.googlesource.com/platform/frameworks/base/+/c4ce178c261e6a2dc1aa4c1e1d570f0efd980e47", "deprecated": false, "signature_version": "v1", "target": { "file": "services/core/java/com/android/server/pm/permission/BasePermission.java", "function": "createOrUpdate" }, "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "300558797478455665228977041073332740161", "229089149346645259548452564495478783989", "158516251953092459809047713070131326523", "23878212559383681882692447600667961378", "309214319754859876925951608291378068273", "38034053912912518898345619210675635579", "106001563314996809083498962546828590825", "102279475340615476629214848145454800846" ] }, "id": "ASB-A-168319670-b8307471", "source": "https://android.googlesource.com/platform/frameworks/base/+/c4ce178c261e6a2dc1aa4c1e1d570f0efd980e47", "deprecated": false, "signature_version": "v1", "target": { "file": "services/core/java/com/android/server/pm/permission/BasePermission.java" }, "signature_type": "Line" } ], "fixes": [ "https://android.googlesource.com/platform/frameworks/base/+/c4ce178c261e6a2dc1aa4c1e1d570f0efd980e47" ], "spl": "2021-01-01", "severity": "High", "types": [ "EoP" ] }
{ "vanir_signatures": [ { "digest": { "length": 2873.0, "function_hash": "159669981910848186740133655022903054465" }, "id": "ASB-A-168319670-4471fe7c", "source": "https://android.googlesource.com/platform/frameworks/base/+/c4ce178c261e6a2dc1aa4c1e1d570f0efd980e47", "deprecated": false, "signature_version": "v1", "target": { "file": "services/core/java/com/android/server/pm/permission/BasePermission.java", "function": "createOrUpdate" }, "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "300558797478455665228977041073332740161", "229089149346645259548452564495478783989", "158516251953092459809047713070131326523", "23878212559383681882692447600667961378", "309214319754859876925951608291378068273", "38034053912912518898345619210675635579", "106001563314996809083498962546828590825", "102279475340615476629214848145454800846" ] }, "id": "ASB-A-168319670-91caa67f", "source": "https://android.googlesource.com/platform/frameworks/base/+/c4ce178c261e6a2dc1aa4c1e1d570f0efd980e47", "deprecated": false, "signature_version": "v1", "target": { "file": "services/core/java/com/android/server/pm/permission/BasePermission.java" }, "signature_type": "Line" } ], "fixes": [ "https://android.googlesource.com/platform/frameworks/base/+/c4ce178c261e6a2dc1aa4c1e1d570f0efd980e47" ], "spl": "2021-01-01", "severity": "High", "types": [ "EoP" ] }
{ "vanir_signatures": [ { "digest": { "length": 2873.0, "function_hash": "159669981910848186740133655022903054465" }, "id": "ASB-A-168319670-412e37a2", "source": "https://android.googlesource.com/platform/frameworks/base/+/c4ce178c261e6a2dc1aa4c1e1d570f0efd980e47", "deprecated": false, "signature_version": "v1", "target": { "file": "services/core/java/com/android/server/pm/permission/BasePermission.java", "function": "createOrUpdate" }, "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "300558797478455665228977041073332740161", "229089149346645259548452564495478783989", "158516251953092459809047713070131326523", "23878212559383681882692447600667961378", "309214319754859876925951608291378068273", "38034053912912518898345619210675635579", "106001563314996809083498962546828590825", "102279475340615476629214848145454800846" ] }, "id": "ASB-A-168319670-85f3cf20", "source": "https://android.googlesource.com/platform/frameworks/base/+/c4ce178c261e6a2dc1aa4c1e1d570f0efd980e47", "deprecated": false, "signature_version": "v1", "target": { "file": "services/core/java/com/android/server/pm/permission/BasePermission.java" }, "signature_type": "Line" } ], "fixes": [ "https://android.googlesource.com/platform/frameworks/base/+/c4ce178c261e6a2dc1aa4c1e1d570f0efd980e47" ], "spl": "2021-01-01", "severity": "High", "types": [ "EoP" ] }
{ "vanir_signatures": [ { "digest": { "threshold": 0.9, "line_hashes": [ "300558797478455665228977041073332740161", "229089149346645259548452564495478783989", "158516251953092459809047713070131326523", "23878212559383681882692447600667961378", "309214319754859876925951608291378068273", "38034053912912518898345619210675635579", "106001563314996809083498962546828590825", "102279475340615476629214848145454800846" ] }, "id": "ASB-A-168319670-7092be5b", "source": "https://android.googlesource.com/platform/frameworks/base/+/c4ce178c261e6a2dc1aa4c1e1d570f0efd980e47", "deprecated": false, "signature_version": "v1", "target": { "file": "services/core/java/com/android/server/pm/permission/BasePermission.java" }, "signature_type": "Line" }, { "digest": { "length": 2873.0, "function_hash": "159669981910848186740133655022903054465" }, "id": "ASB-A-168319670-d0b18bcf", "source": "https://android.googlesource.com/platform/frameworks/base/+/c4ce178c261e6a2dc1aa4c1e1d570f0efd980e47", "deprecated": false, "signature_version": "v1", "target": { "file": "services/core/java/com/android/server/pm/permission/BasePermission.java", "function": "createOrUpdate" }, "signature_type": "Function" } ], "fixes": [ "https://android.googlesource.com/platform/frameworks/base/+/c4ce178c261e6a2dc1aa4c1e1d570f0efd980e47" ], "spl": "2021-01-01", "severity": "High", "types": [ "EoP" ] }
{ "vanir_signatures": [ { "digest": { "threshold": 0.9, "line_hashes": [ "300558797478455665228977041073332740161", "229089149346645259548452564495478783989", "158516251953092459809047713070131326523", "23878212559383681882692447600667961378", "309214319754859876925951608291378068273", "38034053912912518898345619210675635579", "106001563314996809083498962546828590825", "102279475340615476629214848145454800846" ] }, "id": "ASB-A-168319670-06ed3e21", "source": "https://android.googlesource.com/platform/frameworks/base/+/c4ce178c261e6a2dc1aa4c1e1d570f0efd980e47", "deprecated": false, "signature_version": "v1", "target": { "file": "services/core/java/com/android/server/pm/permission/BasePermission.java" }, "signature_type": "Line" }, { "digest": { "length": 2873.0, "function_hash": "159669981910848186740133655022903054465" }, "id": "ASB-A-168319670-a229c7b8", "source": "https://android.googlesource.com/platform/frameworks/base/+/c4ce178c261e6a2dc1aa4c1e1d570f0efd980e47", "deprecated": false, "signature_version": "v1", "target": { "file": "services/core/java/com/android/server/pm/permission/BasePermission.java", "function": "createOrUpdate" }, "signature_type": "Function" } ], "fixes": [ "https://android.googlesource.com/platform/frameworks/base/+/c4ce178c261e6a2dc1aa4c1e1d570f0efd980e47" ], "spl": "2021-01-01", "severity": "High", "types": [ "EoP" ] }