ASB-A-169933423

See a problem?
Import Source
https://storage.googleapis.com/android-osv/ASB-A-169933423.json
JSON Data
https://api.osv.dev/v1/vulns/ASB-A-169933423
Aliases
  • A-169933423
  • CVE-2021-0320
Published
2021-01-01T00:00:00Z
Modified
2024-08-07T19:29:50.418143Z
Summary
The map that stores device locked status of a user in keystore is not synchronized
Details

In isdevicelocked and setdevicelocked of keystorekeymasterenforcement.h, there is a possible bypass of lockscreen requirements for keyguard bound keys due to a race condition. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

References

Affected packages

Android / platform/system/security

Affected ranges

Type
ECOSYSTEM
Events
Introduced
10:0
Fixed
10:2021-01-01

Affected versions

Other

10

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "76013945253139130692514737610406466123",
                    "295679904844665643052135238895225373814",
                    "23765606439269574241503704661870042909",
                    "164152746738481864640629410037301471085",
                    "257184424293174668034502082438027670280",
                    "13783692874340572540572874827729550284",
                    "278625622149619350304682174706282228723",
                    "303825727755614643719821110543200827362",
                    "206747508758024889546452927170381162093",
                    "217238245986243040151983159362298584273",
                    "136059463341647227658860091404252655794"
                ]
            },
            "id": "ASB-A-169933423-0ad77fad",
            "source": "https://android.googlesource.com/platform/system/security/+/33b83f6f3211358568894f48e2aa03c8851e11b7",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "keystore/keystore_keymaster_enforcement.h"
            },
            "signature_type": "Line"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/system/security/+/33b83f6f3211358568894f48e2aa03c8851e11b7"
    ],
    "spl": "2021-01-01",
    "severity": "High",
    "types": [
        "ID"
    ]
}

Android / platform/system/security

Affected ranges

Type
ECOSYSTEM
Events
Introduced
11:0
Fixed
11:2021-01-01

Affected versions

Other

11

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "76013945253139130692514737610406466123",
                    "295679904844665643052135238895225373814",
                    "23765606439269574241503704661870042909",
                    "164152746738481864640629410037301471085",
                    "257184424293174668034502082438027670280",
                    "13783692874340572540572874827729550284",
                    "278625622149619350304682174706282228723",
                    "303825727755614643719821110543200827362",
                    "206747508758024889546452927170381162093",
                    "217238245986243040151983159362298584273",
                    "136059463341647227658860091404252655794"
                ]
            },
            "id": "ASB-A-169933423-44f0100e",
            "source": "https://android.googlesource.com/platform/system/security/+/33b83f6f3211358568894f48e2aa03c8851e11b7",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "keystore/keystore_keymaster_enforcement.h"
            },
            "signature_type": "Line"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/system/security/+/33b83f6f3211358568894f48e2aa03c8851e11b7"
    ],
    "spl": "2021-01-01",
    "severity": "High",
    "types": [
        "ID"
    ]
}