In isdevicelocked and setdevicelocked of keystorekeymasterenforcement.h, there is a possible bypass of lockscreen requirements for keyguard bound keys due to a race condition. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
{ "vanir_signatures": [ { "digest": { "threshold": 0.9, "line_hashes": [ "76013945253139130692514737610406466123", "295679904844665643052135238895225373814", "23765606439269574241503704661870042909", "164152746738481864640629410037301471085", "257184424293174668034502082438027670280", "13783692874340572540572874827729550284", "278625622149619350304682174706282228723", "303825727755614643719821110543200827362", "206747508758024889546452927170381162093", "217238245986243040151983159362298584273", "136059463341647227658860091404252655794" ] }, "id": "ASB-A-169933423-0ad77fad", "source": "https://android.googlesource.com/platform/system/security/+/33b83f6f3211358568894f48e2aa03c8851e11b7", "deprecated": false, "signature_version": "v1", "target": { "file": "keystore/keystore_keymaster_enforcement.h" }, "signature_type": "Line" } ], "fixes": [ "https://android.googlesource.com/platform/system/security/+/33b83f6f3211358568894f48e2aa03c8851e11b7" ], "spl": "2021-01-01", "severity": "High", "types": [ "ID" ] }
{ "vanir_signatures": [ { "digest": { "threshold": 0.9, "line_hashes": [ "76013945253139130692514737610406466123", "295679904844665643052135238895225373814", "23765606439269574241503704661870042909", "164152746738481864640629410037301471085", "257184424293174668034502082438027670280", "13783692874340572540572874827729550284", "278625622149619350304682174706282228723", "303825727755614643719821110543200827362", "206747508758024889546452927170381162093", "217238245986243040151983159362298584273", "136059463341647227658860091404252655794" ] }, "id": "ASB-A-169933423-44f0100e", "source": "https://android.googlesource.com/platform/system/security/+/33b83f6f3211358568894f48e2aa03c8851e11b7", "deprecated": false, "signature_version": "v1", "target": { "file": "keystore/keystore_keymaster_enforcement.h" }, "signature_type": "Line" } ], "fixes": [ "https://android.googlesource.com/platform/system/security/+/33b83f6f3211358568894f48e2aa03c8851e11b7" ], "spl": "2021-01-01", "severity": "High", "types": [ "ID" ] }