ASB-A-171430330

See a problem?
Import Source
https://storage.googleapis.com/android-osv/ASB-A-171430330.json
JSON Data
https://api.osv.dev/v1/vulns/ASB-A-171430330
Aliases
  • A-171430330
  • CVE-2021-0486
Published
2021-07-01T00:00:00Z
Modified
2024-08-07T19:30:09.986108Z
Summary
: Unauthorized file access through the READ_EXTERNAL_STORAGE permission
Details

In onPackageAddedInternal of PermissionManagerService.java, there is possible access to external storage due to a permissions bypass. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.

References

Affected packages

Android / platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
10:0
Fixed
10:2021-07-01

Affected versions

Other

10

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "203799557057885294476407273107735822783",
                    "211997841520199736137396992106972137189",
                    "188722628729278527148131203906199780997",
                    "36902899805615447171364628021912654715"
                ]
            },
            "id": "ASB-A-171430330-5f140975",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/ed2ff0f5da52fc81aa03e01dbcd0baa45103026a",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/pm/PackageManagerService.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "117430531420934236008829177034011720369",
                    "137017242176146793140213877893338370297",
                    "238592249542262199672629469576105406264",
                    "4728796575661810231772839396161417256",
                    "254976905268686039723149656960585013015",
                    "31263376187200905455715142387253777982",
                    "220092271561843487688364360298772264595",
                    "219250610322782406052673363796892809280",
                    "334585086700258879484247490887382542111",
                    "301300295050894068260670477853128615682",
                    "258873392732703721066931777941225975184",
                    "131422428792151020597567757352130424320",
                    "213587895929827077375398772036233664127",
                    "113451309638946934384433577538131867590",
                    "314519187194929485475762574350454304878",
                    "181131780916804653553877445845977436446",
                    "41855057278416843580858561094340083175",
                    "42237760986996534542912864232371382157"
                ]
            },
            "id": "ASB-A-171430330-8567a535",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/387182eb494e596ef670d6fd919f85e92d156c79",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/pm/permission/PermissionManagerService.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 1292.0,
                "function_hash": "26579715750128057442159848841234782058"
            },
            "id": "ASB-A-171430330-d882749c",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/387182eb494e596ef670d6fd919f85e92d156c79",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/pm/permission/PermissionManagerService.java",
                "function": "revokeStoragePermissionsIfScopeExpanded"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "130315303156992307097129954046692329428",
                    "256433138757982101604750259286390732024",
                    "232110505397518020236051104407262205911",
                    "288893012833461809843370412427564067639",
                    "34625302209907835456002506675696236385",
                    "54873771113191700228056861457622027501",
                    "10165474535582284001018294178613793574",
                    "75176057345746188768812124420376046253",
                    "289639713368949142238715194128770248722",
                    "310101259512340412240859814242151780590",
                    "333795029320198455249478234972922325911",
                    "280243168152612513923607368223796994009",
                    "53959520725969512597347635189928983070",
                    "183014723573180513908656372232344841309"
                ]
            },
            "id": "ASB-A-171430330-dbde9924",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/ed2ff0f5da52fc81aa03e01dbcd0baa45103026a",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/pm/permission/PermissionManagerService.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "25311708761924139212959323740465510441",
                    "259303074138557059967308942679280997508",
                    "136090511548321216003532997672598405615"
                ]
            },
            "id": "ASB-A-171430330-e300b4f9",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/ed2ff0f5da52fc81aa03e01dbcd0baa45103026a",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/pm/permission/PermissionManagerServiceInternal.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 5784.0,
                "function_hash": "7692690987346384978471905099979629606"
            },
            "id": "ASB-A-171430330-fa063b7d",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/ed2ff0f5da52fc81aa03e01dbcd0baa45103026a",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/pm/PackageManagerService.java",
                "function": "commitPackageSettings"
            },
            "signature_type": "Function"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/ed2ff0f5da52fc81aa03e01dbcd0baa45103026a",
        "https://android.googlesource.com/platform/frameworks/base/+/387182eb494e596ef670d6fd919f85e92d156c79"
    ],
    "spl": "2021-07-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}

Android / platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
11:0
Fixed
11:2021-07-01

Affected versions

Other

11

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 5006.0,
                "function_hash": "210709569709789089480645302977905322756"
            },
            "id": "ASB-A-171430330-36e6bfbe",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/09080dc177288035c4694690a0f2dcd752acb3ba",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/pm/PackageManagerService.java",
                "function": "commitPackageSettings"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "232213533365563227525291669346162955214",
                    "338545193427156760198067550199680530983",
                    "59599772741656183467375078938096117298"
                ]
            },
            "id": "ASB-A-171430330-51bf0229",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/09080dc177288035c4694690a0f2dcd752acb3ba",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/pm/permission/PermissionManagerServiceInternal.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "130315303156992307097129954046692329428",
                    "256433138757982101604750259286390732024",
                    "232110505397518020236051104407262205911",
                    "288893012833461809843370412427564067639",
                    "34625302209907835456002506675696236385",
                    "54873771113191700228056861457622027501",
                    "10165474535582284001018294178613793574",
                    "75176057345746188768812124420376046253",
                    "65561186693940596219135369835081658030",
                    "66617370866194042534636165393138419215",
                    "61940106037166278254713343469731643139",
                    "223204272487881232099272919303921597836",
                    "53959520725969512597347635189928983070",
                    "80879277292638886615080913027510501208"
                ]
            },
            "id": "ASB-A-171430330-9c01ae48",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/09080dc177288035c4694690a0f2dcd752acb3ba",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/pm/permission/PermissionManagerService.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 1144.0,
                "function_hash": "164536810280478633853928920576223604737"
            },
            "id": "ASB-A-171430330-a3043b7e",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/37acd7ee52a732c9e9cf839611677195430fafe9",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/pm/permission/PermissionManagerService.java",
                "function": "revokeStoragePermissionsIfScopeExpanded"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "101383814151195122333233703118074256060",
                    "43070815716538065403281985879619252433",
                    "2490113635718637964761351665705044958",
                    "12735886263741535848634284769848325688"
                ]
            },
            "id": "ASB-A-171430330-d0917be2",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/09080dc177288035c4694690a0f2dcd752acb3ba",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/pm/PackageManagerService.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "279730248525723893813315857405475009677",
                    "250405025630660505171595864392049517738",
                    "285415156998313954663684658538951208347",
                    "63967797277994079306334254906542223836",
                    "293855516144312621726906737086050264644",
                    "216267394801198637755202179869471057044",
                    "38470827194117504847246816679227987965",
                    "6678215690977928041676518905339096594",
                    "335323047419773828873692426693128078955",
                    "149363629152114355372515683174969046767",
                    "136655389221216274328710805443700175482",
                    "251873937438620510515325848028954684387",
                    "209404337359548176040777186825185018981",
                    "251715746053104758843301071670618131481",
                    "288847288208233257349729649498757708275",
                    "318056698080980109559916235958876082607",
                    "166074277038181231564277027735955574324",
                    "142606330422984909115688119814822246345"
                ]
            },
            "id": "ASB-A-171430330-feefe25c",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/37acd7ee52a732c9e9cf839611677195430fafe9",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/pm/permission/PermissionManagerService.java"
            },
            "signature_type": "Line"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/09080dc177288035c4694690a0f2dcd752acb3ba",
        "https://android.googlesource.com/platform/frameworks/base/+/37acd7ee52a732c9e9cf839611677195430fafe9"
    ],
    "spl": "2021-07-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}