ASB-A-172935267

See a problem?
Import Source
https://storage.googleapis.com/android-osv/ASB-A-172935267.json
JSON Data
https://api.osv.dev/v1/vulns/ASB-A-172935267
Aliases
  • A-172935267
  • CVE-2021-0327
Published
2021-02-01T00:00:00Z
Modified
2024-08-07T19:29:03.642699Z
Summary
getContentProviderImpl returns without Binder.restoreCallingIdentity, allowing starting any activities
Details

In getContentProviderImpl of ActivityManagerService.java, there is a possible permission bypass due to non-restored binder identities. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

References

Affected packages

Android / platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
8.0:0
Fixed
8.0:2021-02-01

Affected versions

8.*

8.0

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "331031388131540579475214603324163724844",
                    "323037391905666586384279774118954471672",
                    "215554830602465229355840717896981913703",
                    "149230313474969070598520701880603036755",
                    "134010747916522610151929654874294259598",
                    "151970777628540297793563451857189963764",
                    "117567877080121797693140800357116016581",
                    "127374245776578975138591751622307996959",
                    "336296631800389946765033788516789553359",
                    "11032023063787285186857778675373469632",
                    "4501404471160037808372688392779122540",
                    "171677183759088645878029272492572123695",
                    "228018945180162986634807178869350755067",
                    "222464827308863862974330008938978707080",
                    "107878931015274404143201282179390478754",
                    "99486981371749262777117631794243679510",
                    "294056663648146053941484314585294387155",
                    "232912062069782270177275777794099907974",
                    "319400611701180374094705222770068096210",
                    "310072734640302591499567926052705177738",
                    "204360154700602870456729039133590433083",
                    "41487688103422027305050012195459520505",
                    "83824267570958773236860877265162508689",
                    "43908926629267414451069488606162008971",
                    "75424631733123940672369797262138112533",
                    "44722273011818371414630744820407727910",
                    "311335353701681436225274165545145662373",
                    "204667720238832498027281741975691880675",
                    "56590903116781125031328354091970133374",
                    "117758681325298599905721376602189342440",
                    "70461102999426155058002731870988830958",
                    "52354260752047579464042915460027874304",
                    "146331085514301248948112837685232906296",
                    "121638129813405871650953897913072057809",
                    "141225725236196650202056194022698496202",
                    "67022221854793188141573417438041238710",
                    "228920388115998562765459605850176649754",
                    "271297309464530356366798750116385409427",
                    "328251699819898367807133930453204395345"
                ]
            },
            "id": "ASB-A-172935267-4d0bec97",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/69eaa90b0e4cc78fa2f518a50182bc9e4c9e87f3",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/am/ActivityManagerService.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 11092.0,
                "function_hash": "197257857363080504148794326638835674861"
            },
            "id": "ASB-A-172935267-f332751a",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/69eaa90b0e4cc78fa2f518a50182bc9e4c9e87f3",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/am/ActivityManagerService.java",
                "function": "getContentProviderImpl"
            },
            "signature_type": "Function"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/69eaa90b0e4cc78fa2f518a50182bc9e4c9e87f3"
    ],
    "spl": "2021-02-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}

Android / platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
8.1:0
Fixed
8.1:2021-02-01

Affected versions

8.*

8.1

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 11092.0,
                "function_hash": "197257857363080504148794326638835674861"
            },
            "id": "ASB-A-172935267-7b309433",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/69eaa90b0e4cc78fa2f518a50182bc9e4c9e87f3",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/am/ActivityManagerService.java",
                "function": "getContentProviderImpl"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "331031388131540579475214603324163724844",
                    "323037391905666586384279774118954471672",
                    "215554830602465229355840717896981913703",
                    "149230313474969070598520701880603036755",
                    "134010747916522610151929654874294259598",
                    "151970777628540297793563451857189963764",
                    "117567877080121797693140800357116016581",
                    "127374245776578975138591751622307996959",
                    "336296631800389946765033788516789553359",
                    "11032023063787285186857778675373469632",
                    "4501404471160037808372688392779122540",
                    "171677183759088645878029272492572123695",
                    "228018945180162986634807178869350755067",
                    "222464827308863862974330008938978707080",
                    "107878931015274404143201282179390478754",
                    "99486981371749262777117631794243679510",
                    "294056663648146053941484314585294387155",
                    "232912062069782270177275777794099907974",
                    "319400611701180374094705222770068096210",
                    "310072734640302591499567926052705177738",
                    "204360154700602870456729039133590433083",
                    "41487688103422027305050012195459520505",
                    "83824267570958773236860877265162508689",
                    "43908926629267414451069488606162008971",
                    "75424631733123940672369797262138112533",
                    "44722273011818371414630744820407727910",
                    "311335353701681436225274165545145662373",
                    "204667720238832498027281741975691880675",
                    "56590903116781125031328354091970133374",
                    "117758681325298599905721376602189342440",
                    "70461102999426155058002731870988830958",
                    "52354260752047579464042915460027874304",
                    "146331085514301248948112837685232906296",
                    "121638129813405871650953897913072057809",
                    "141225725236196650202056194022698496202",
                    "67022221854793188141573417438041238710",
                    "228920388115998562765459605850176649754",
                    "271297309464530356366798750116385409427",
                    "328251699819898367807133930453204395345"
                ]
            },
            "id": "ASB-A-172935267-dcf4665f",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/69eaa90b0e4cc78fa2f518a50182bc9e4c9e87f3",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/am/ActivityManagerService.java"
            },
            "signature_type": "Line"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/69eaa90b0e4cc78fa2f518a50182bc9e4c9e87f3"
    ],
    "spl": "2021-02-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}

Android / platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
9:0
Fixed
9:2021-02-01

Affected versions

Other

9

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 11092.0,
                "function_hash": "197257857363080504148794326638835674861"
            },
            "id": "ASB-A-172935267-7389894c",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/69eaa90b0e4cc78fa2f518a50182bc9e4c9e87f3",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/am/ActivityManagerService.java",
                "function": "getContentProviderImpl"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "331031388131540579475214603324163724844",
                    "323037391905666586384279774118954471672",
                    "215554830602465229355840717896981913703",
                    "149230313474969070598520701880603036755",
                    "134010747916522610151929654874294259598",
                    "151970777628540297793563451857189963764",
                    "117567877080121797693140800357116016581",
                    "127374245776578975138591751622307996959",
                    "336296631800389946765033788516789553359",
                    "11032023063787285186857778675373469632",
                    "4501404471160037808372688392779122540",
                    "171677183759088645878029272492572123695",
                    "228018945180162986634807178869350755067",
                    "222464827308863862974330008938978707080",
                    "107878931015274404143201282179390478754",
                    "99486981371749262777117631794243679510",
                    "294056663648146053941484314585294387155",
                    "232912062069782270177275777794099907974",
                    "319400611701180374094705222770068096210",
                    "310072734640302591499567926052705177738",
                    "204360154700602870456729039133590433083",
                    "41487688103422027305050012195459520505",
                    "83824267570958773236860877265162508689",
                    "43908926629267414451069488606162008971",
                    "75424631733123940672369797262138112533",
                    "44722273011818371414630744820407727910",
                    "311335353701681436225274165545145662373",
                    "204667720238832498027281741975691880675",
                    "56590903116781125031328354091970133374",
                    "117758681325298599905721376602189342440",
                    "70461102999426155058002731870988830958",
                    "52354260752047579464042915460027874304",
                    "146331085514301248948112837685232906296",
                    "121638129813405871650953897913072057809",
                    "141225725236196650202056194022698496202",
                    "67022221854793188141573417438041238710",
                    "228920388115998562765459605850176649754",
                    "271297309464530356366798750116385409427",
                    "328251699819898367807133930453204395345"
                ]
            },
            "id": "ASB-A-172935267-b259835b",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/69eaa90b0e4cc78fa2f518a50182bc9e4c9e87f3",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/am/ActivityManagerService.java"
            },
            "signature_type": "Line"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/69eaa90b0e4cc78fa2f518a50182bc9e4c9e87f3"
    ],
    "spl": "2021-02-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}

Android / platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
10:0
Fixed
10:2021-02-01

Affected versions

Other

10

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "331031388131540579475214603324163724844",
                    "323037391905666586384279774118954471672",
                    "215554830602465229355840717896981913703",
                    "149230313474969070598520701880603036755",
                    "134010747916522610151929654874294259598",
                    "151970777628540297793563451857189963764",
                    "117567877080121797693140800357116016581",
                    "127374245776578975138591751622307996959",
                    "336296631800389946765033788516789553359",
                    "11032023063787285186857778675373469632",
                    "4501404471160037808372688392779122540",
                    "171677183759088645878029272492572123695",
                    "228018945180162986634807178869350755067",
                    "222464827308863862974330008938978707080",
                    "107878931015274404143201282179390478754",
                    "99486981371749262777117631794243679510",
                    "294056663648146053941484314585294387155",
                    "232912062069782270177275777794099907974",
                    "319400611701180374094705222770068096210",
                    "310072734640302591499567926052705177738",
                    "204360154700602870456729039133590433083",
                    "41487688103422027305050012195459520505",
                    "83824267570958773236860877265162508689",
                    "43908926629267414451069488606162008971",
                    "75424631733123940672369797262138112533",
                    "44722273011818371414630744820407727910",
                    "311335353701681436225274165545145662373",
                    "204667720238832498027281741975691880675",
                    "56590903116781125031328354091970133374",
                    "117758681325298599905721376602189342440",
                    "70461102999426155058002731870988830958",
                    "52354260752047579464042915460027874304",
                    "146331085514301248948112837685232906296",
                    "121638129813405871650953897913072057809",
                    "141225725236196650202056194022698496202",
                    "67022221854793188141573417438041238710",
                    "228920388115998562765459605850176649754",
                    "271297309464530356366798750116385409427",
                    "328251699819898367807133930453204395345"
                ]
            },
            "id": "ASB-A-172935267-516e3cd0",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/69eaa90b0e4cc78fa2f518a50182bc9e4c9e87f3",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/am/ActivityManagerService.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 11092.0,
                "function_hash": "197257857363080504148794326638835674861"
            },
            "id": "ASB-A-172935267-a9d9bc4d",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/69eaa90b0e4cc78fa2f518a50182bc9e4c9e87f3",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/am/ActivityManagerService.java",
                "function": "getContentProviderImpl"
            },
            "signature_type": "Function"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/69eaa90b0e4cc78fa2f518a50182bc9e4c9e87f3"
    ],
    "spl": "2021-02-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}

Android / platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
11:0
Fixed
11:2021-02-01

Affected versions

Other

11

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 11092.0,
                "function_hash": "197257857363080504148794326638835674861"
            },
            "id": "ASB-A-172935267-f5f513af",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/69eaa90b0e4cc78fa2f518a50182bc9e4c9e87f3",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/am/ActivityManagerService.java",
                "function": "getContentProviderImpl"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "331031388131540579475214603324163724844",
                    "323037391905666586384279774118954471672",
                    "215554830602465229355840717896981913703",
                    "149230313474969070598520701880603036755",
                    "134010747916522610151929654874294259598",
                    "151970777628540297793563451857189963764",
                    "117567877080121797693140800357116016581",
                    "127374245776578975138591751622307996959",
                    "336296631800389946765033788516789553359",
                    "11032023063787285186857778675373469632",
                    "4501404471160037808372688392779122540",
                    "171677183759088645878029272492572123695",
                    "228018945180162986634807178869350755067",
                    "222464827308863862974330008938978707080",
                    "107878931015274404143201282179390478754",
                    "99486981371749262777117631794243679510",
                    "294056663648146053941484314585294387155",
                    "232912062069782270177275777794099907974",
                    "319400611701180374094705222770068096210",
                    "310072734640302591499567926052705177738",
                    "204360154700602870456729039133590433083",
                    "41487688103422027305050012195459520505",
                    "83824267570958773236860877265162508689",
                    "43908926629267414451069488606162008971",
                    "75424631733123940672369797262138112533",
                    "44722273011818371414630744820407727910",
                    "311335353701681436225274165545145662373",
                    "204667720238832498027281741975691880675",
                    "56590903116781125031328354091970133374",
                    "117758681325298599905721376602189342440",
                    "70461102999426155058002731870988830958",
                    "52354260752047579464042915460027874304",
                    "146331085514301248948112837685232906296",
                    "121638129813405871650953897913072057809",
                    "141225725236196650202056194022698496202",
                    "67022221854793188141573417438041238710",
                    "228920388115998562765459605850176649754",
                    "271297309464530356366798750116385409427",
                    "328251699819898367807133930453204395345"
                ]
            },
            "id": "ASB-A-172935267-ffd386ad",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/69eaa90b0e4cc78fa2f518a50182bc9e4c9e87f3",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/am/ActivityManagerService.java"
            },
            "signature_type": "Line"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/69eaa90b0e4cc78fa2f518a50182bc9e4c9e87f3"
    ],
    "spl": "2021-02-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}