ASB-A-176444161

See a problem?
Import Source
https://storage.googleapis.com/android-osv/ASB-A-176444161.json
JSON Data
https://api.osv.dev/v1/vulns/ASB-A-176444161
Aliases
  • A-176444161
  • CVE-2021-0509
Published
2021-06-01T00:00:00Z
Modified
2024-08-07T19:30:09.770417Z
Summary
[heap-use-after-free in frameworks/av/drm/mediadrm/plugins/clearkey/hidl/CryptoPlugin.cpp#116] - ASAN READ
Details

In various functions of CryptoPlugin.cpp, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

References

Affected packages

Android / platform/hardware/interfaces

Affected ranges

Type
ECOSYSTEM
Events
Introduced
8.1:0
Fixed
8.1:2021-06-01

Affected versions

8.*

8.1

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 233.0,
                "function_hash": "83804324151596417791924039404182904851"
            },
            "id": "ASB-A-176444161-3a4f3261",
            "source": "https://android.googlesource.com/platform/hardware/interfaces/+/7e4c587ae32aca644254fa206de5131553975f4b",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "drm/1.0/default/CryptoPlugin.cpp",
                "function": "CryptoPlugin::setSharedBufferBase"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "338734003058650768117569873538913139211",
                    "48334840324752538220133656459956211134",
                    "74219866353171461841539864830050274457",
                    "222290197317652465409581001700111359761",
                    "87089908589932915432556193581794380754",
                    "54706185110868442096262177696595696279",
                    "324607132481506265150981429704786906864",
                    "136556778993816125910016875516885690619",
                    "68342775054458916267650814659772342317",
                    "303034744072508462164836128000890610502",
                    "298561505625679081913440228746743709653",
                    "244686149178940169759062632632814000223",
                    "326167035501015315238203021377548683500",
                    "199164574376375895138658068341247569159",
                    "173622098562518735989600364692111324601",
                    "8820646153323049783395416090839125310",
                    "61786442267307842068128269464010653229",
                    "184832951823819122292927511161264090234",
                    "18208972824218449988403253158397327668"
                ]
            },
            "id": "ASB-A-176444161-d38c61f9",
            "source": "https://android.googlesource.com/platform/hardware/interfaces/+/7e4c587ae32aca644254fa206de5131553975f4b",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "drm/1.0/default/CryptoPlugin.h"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "221586211301701561923541131000659257682",
                    "214302883976724642944160823531773350831",
                    "228857402668709192371015871719057283554",
                    "178009918267011045620188023231884283364",
                    "240019402275460157740975095727168640207",
                    "276498128064374268632420638483112505272",
                    "137378813570596590094778362080755671176",
                    "90106377484174975455564131918402057136",
                    "246524809232248934677036880304414481783",
                    "154143101464377361727192659246603798336",
                    "260209376952421620784922819647176959460",
                    "291141292063522259182343516414589168415",
                    "162480651783845066865615586681150249582",
                    "57312628845008765872537774812971030170"
                ]
            },
            "id": "ASB-A-176444161-e14e8d49",
            "source": "https://android.googlesource.com/platform/hardware/interfaces/+/7e4c587ae32aca644254fa206de5131553975f4b",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "drm/1.0/default/CryptoPlugin.cpp"
            },
            "signature_type": "Line"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/hardware/interfaces/+/7e4c587ae32aca644254fa206de5131553975f4b"
    ],
    "spl": "2021-06-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}

Android / platform/frameworks/av

Affected ranges

Type
ECOSYSTEM
Events
Introduced
9:0
Fixed
9:2021-06-01

Affected versions

Other

9

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 4251.0,
                "function_hash": "85000199984874211656487740661554914365"
            },
            "id": "ASB-A-176444161-2175abe7",
            "source": "https://android.googlesource.com/platform/frameworks/av/+/7a398e7291b3da1c9b7c924d2301a749daedbd41",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "drm/mediadrm/plugins/clearkey/hidl/CryptoPlugin.cpp",
                "function": "CryptoPlugin::decrypt"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 233.0,
                "function_hash": "83804324151596417791924039404182904851"
            },
            "id": "ASB-A-176444161-24e1e172",
            "source": "https://android.googlesource.com/platform/frameworks/av/+/7a398e7291b3da1c9b7c924d2301a749daedbd41",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "drm/mediadrm/plugins/clearkey/hidl/CryptoPlugin.cpp",
                "function": "CryptoPlugin::setSharedBufferBase"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "285432182521900766634600937648686519205",
                    "311646540107077145865442442676019847568",
                    "329698376950858297192832384173979819014",
                    "146575468195616159124939044224128084244",
                    "17228299505471295785036823491755842688",
                    "94346791918600999099143623760642518438",
                    "51927084357953575189127312641109951261",
                    "198714713846547538751318032688264765306",
                    "69912771190499630331467339225644523023",
                    "329417660113387093181582154380534886800",
                    "174697306043221093471911081739033742820"
                ]
            },
            "id": "ASB-A-176444161-50a8ebe0",
            "source": "https://android.googlesource.com/platform/frameworks/av/+/7a398e7291b3da1c9b7c924d2301a749daedbd41",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "drm/mediadrm/plugins/clearkey/hidl/include/CryptoPlugin.h"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "80650755198225489646155818328579013244",
                    "214302883976724642944160823531773350831",
                    "228857402668709192371015871719057283554",
                    "216796585859875414685283691379126266480",
                    "113695410270198154705969279197808309804",
                    "184906685166711465071888600517307342760",
                    "264298949911011163485260866338663751604",
                    "182509013215656757272313039702013762214",
                    "79868785389749169529183912015347522416"
                ]
            },
            "id": "ASB-A-176444161-511bdc39",
            "source": "https://android.googlesource.com/platform/frameworks/av/+/7a398e7291b3da1c9b7c924d2301a749daedbd41",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "drm/mediadrm/plugins/clearkey/hidl/CryptoPlugin.cpp"
            },
            "signature_type": "Line"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/av/+/7a398e7291b3da1c9b7c924d2301a749daedbd41"
    ],
    "spl": "2021-06-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}

Android / platform/hardware/interfaces

Affected ranges

Type
ECOSYSTEM
Events
Introduced
9:0
Fixed
9:2021-06-01

Affected versions

Other

9

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "338734003058650768117569873538913139211",
                    "48334840324752538220133656459956211134",
                    "74219866353171461841539864830050274457",
                    "222290197317652465409581001700111359761",
                    "87089908589932915432556193581794380754",
                    "54706185110868442096262177696595696279",
                    "324607132481506265150981429704786906864",
                    "136556778993816125910016875516885690619",
                    "68342775054458916267650814659772342317",
                    "303034744072508462164836128000890610502",
                    "298561505625679081913440228746743709653",
                    "244686149178940169759062632632814000223",
                    "326167035501015315238203021377548683500",
                    "199164574376375895138658068341247569159",
                    "173622098562518735989600364692111324601",
                    "8820646153323049783395416090839125310",
                    "61786442267307842068128269464010653229",
                    "184832951823819122292927511161264090234",
                    "18208972824218449988403253158397327668"
                ]
            },
            "id": "ASB-A-176444161-48cf2f56",
            "source": "https://android.googlesource.com/platform/hardware/interfaces/+/ae1c624ba44ccc43dc8371328a4b3caa017c0ff8",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "drm/1.0/default/CryptoPlugin.h"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 233.0,
                "function_hash": "83804324151596417791924039404182904851"
            },
            "id": "ASB-A-176444161-74da0671",
            "source": "https://android.googlesource.com/platform/hardware/interfaces/+/ae1c624ba44ccc43dc8371328a4b3caa017c0ff8",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "drm/1.0/default/CryptoPlugin.cpp",
                "function": "CryptoPlugin::setSharedBufferBase"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "221586211301701561923541131000659257682",
                    "214302883976724642944160823531773350831",
                    "228857402668709192371015871719057283554",
                    "178009918267011045620188023231884283364",
                    "240019402275460157740975095727168640207",
                    "276498128064374268632420638483112505272",
                    "114433394657626372821910648266472716077",
                    "291141292063522259182343516414589168415",
                    "973311319970186573685297772982176662",
                    "198449186455470176282285785883624712342"
                ]
            },
            "id": "ASB-A-176444161-db5cc869",
            "source": "https://android.googlesource.com/platform/hardware/interfaces/+/ae1c624ba44ccc43dc8371328a4b3caa017c0ff8",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "drm/1.0/default/CryptoPlugin.cpp"
            },
            "signature_type": "Line"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/hardware/interfaces/+/ae1c624ba44ccc43dc8371328a4b3caa017c0ff8"
    ],
    "spl": "2021-06-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}

Android / platform/frameworks/av

Affected ranges

Type
ECOSYSTEM
Events
Introduced
10:0
Fixed
10:2021-06-01

Affected versions

Other

10

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "80650755198225489646155818328579013244",
                    "214302883976724642944160823531773350831",
                    "228857402668709192371015871719057283554",
                    "216796585859875414685283691379126266480",
                    "133042071211530628408949559588741735994",
                    "314602904450202568066777898281698976547",
                    "264298949911011163485260866338663751604",
                    "182509013215656757272313039702013762214",
                    "79868785389749169529183912015347522416"
                ]
            },
            "id": "ASB-A-176444161-1474451a",
            "source": "https://android.googlesource.com/platform/frameworks/av/+/abb7ad47b00ae158eded8813801345d91d2b2671",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "drm/mediadrm/plugins/clearkey/hidl/CryptoPlugin.cpp"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 233.0,
                "function_hash": "83804324151596417791924039404182904851"
            },
            "id": "ASB-A-176444161-a5af56a1",
            "source": "https://android.googlesource.com/platform/frameworks/av/+/abb7ad47b00ae158eded8813801345d91d2b2671",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "drm/mediadrm/plugins/clearkey/hidl/CryptoPlugin.cpp",
                "function": "CryptoPlugin::setSharedBufferBase"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 4254.0,
                "function_hash": "289247886596900951187087052811627073121"
            },
            "id": "ASB-A-176444161-a72f0b64",
            "source": "https://android.googlesource.com/platform/frameworks/av/+/abb7ad47b00ae158eded8813801345d91d2b2671",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "drm/mediadrm/plugins/clearkey/hidl/CryptoPlugin.cpp",
                "function": "CryptoPlugin::decrypt_1_2"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "239931648519675499196978260866577697191",
                    "101128053027266173697275272088818991632",
                    "329698376950858297192832384173979819014",
                    "153117273229964002442024244984841189871",
                    "193655110644763919988885454820860265412",
                    "207649455538724743432156768924033261911",
                    "299081592202751204780576662467884825169",
                    "198714713846547538751318032688264765306",
                    "69912771190499630331467339225644523023",
                    "329417660113387093181582154380534886800",
                    "174697306043221093471911081739033742820"
                ]
            },
            "id": "ASB-A-176444161-e81042d4",
            "source": "https://android.googlesource.com/platform/frameworks/av/+/abb7ad47b00ae158eded8813801345d91d2b2671",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "drm/mediadrm/plugins/clearkey/hidl/include/CryptoPlugin.h"
            },
            "signature_type": "Line"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/av/+/abb7ad47b00ae158eded8813801345d91d2b2671"
    ],
    "spl": "2021-06-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}

Android / platform/hardware/interfaces

Affected ranges

Type
ECOSYSTEM
Events
Introduced
10:0
Fixed
10:2021-06-01

Affected versions

Other

10

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "332590428842297416598272175294071262211",
                    "112520708469331746017134768630155321874",
                    "101135519993293756381725003488514858462",
                    "178009918267011045620188023231884283364",
                    "240019402275460157740975095727168640207",
                    "276498128064374268632420638483112505272",
                    "137378813570596590094778362080755671176",
                    "90106377484174975455564131918402057136",
                    "246524809232248934677036880304414481783",
                    "154143101464377361727192659246603798336",
                    "114433394657626372821910648266472716077",
                    "291141292063522259182343516414589168415",
                    "973311319970186573685297772982176662",
                    "198449186455470176282285785883624712342"
                ]
            },
            "id": "ASB-A-176444161-7b85c8cc",
            "source": "https://android.googlesource.com/platform/hardware/interfaces/+/9fcd4886a3e1ccbc18acfadd84906400c9882eda",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "drm/1.0/default/CryptoPlugin.cpp"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "338734003058650768117569873538913139211",
                    "48334840324752538220133656459956211134",
                    "74219866353171461841539864830050274457",
                    "222290197317652465409581001700111359761",
                    "87089908589932915432556193581794380754",
                    "54706185110868442096262177696595696279",
                    "324607132481506265150981429704786906864",
                    "136556778993816125910016875516885690619",
                    "68342775054458916267650814659772342317",
                    "303034744072508462164836128000890610502",
                    "298561505625679081913440228746743709653",
                    "244686149178940169759062632632814000223",
                    "326167035501015315238203021377548683500",
                    "199164574376375895138658068341247569159",
                    "173622098562518735989600364692111324601",
                    "8820646153323049783395416090839125310",
                    "61786442267307842068128269464010653229",
                    "184832951823819122292927511161264090234",
                    "18208972824218449988403253158397327668"
                ]
            },
            "id": "ASB-A-176444161-987653c8",
            "source": "https://android.googlesource.com/platform/hardware/interfaces/+/9fcd4886a3e1ccbc18acfadd84906400c9882eda",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "drm/1.0/default/CryptoPlugin.h"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 173.0,
                "function_hash": "30327710380002908183031134057555754975"
            },
            "id": "ASB-A-176444161-d93090f0",
            "source": "https://android.googlesource.com/platform/hardware/interfaces/+/9fcd4886a3e1ccbc18acfadd84906400c9882eda",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "drm/1.0/default/CryptoPlugin.cpp",
                "function": "CryptoPlugin::setSharedBufferBase"
            },
            "signature_type": "Function"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/hardware/interfaces/+/9fcd4886a3e1ccbc18acfadd84906400c9882eda"
    ],
    "spl": "2021-06-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}

Android / platform/frameworks/av

Affected ranges

Type
ECOSYSTEM
Events
Introduced
11:0
Fixed
11:2021-06-01

Affected versions

Other

11

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 233.0,
                "function_hash": "83804324151596417791924039404182904851"
            },
            "id": "ASB-A-176444161-0f2d35ca",
            "source": "https://android.googlesource.com/platform/frameworks/av/+/79a6ffbdaf14cfbb597efd8545ba401f1da28a4f",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "drm/mediadrm/plugins/clearkey/hidl/CryptoPlugin.cpp",
                "function": "CryptoPlugin::setSharedBufferBase"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "239931648519675499196978260866577697191",
                    "101128053027266173697275272088818991632",
                    "329698376950858297192832384173979819014",
                    "153117273229964002442024244984841189871",
                    "193655110644763919988885454820860265412",
                    "207649455538724743432156768924033261911",
                    "299081592202751204780576662467884825169",
                    "198714713846547538751318032688264765306",
                    "69912771190499630331467339225644523023",
                    "329417660113387093181582154380534886800",
                    "174697306043221093471911081739033742820"
                ]
            },
            "id": "ASB-A-176444161-1487fb69",
            "source": "https://android.googlesource.com/platform/frameworks/av/+/79a6ffbdaf14cfbb597efd8545ba401f1da28a4f",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "drm/mediadrm/plugins/clearkey/hidl/include/CryptoPlugin.h"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "80650755198225489646155818328579013244",
                    "214302883976724642944160823531773350831",
                    "228857402668709192371015871719057283554",
                    "216796585859875414685283691379126266480",
                    "133042071211530628408949559588741735994",
                    "314602904450202568066777898281698976547",
                    "264298949911011163485260866338663751604",
                    "182509013215656757272313039702013762214",
                    "79868785389749169529183912015347522416"
                ]
            },
            "id": "ASB-A-176444161-338a86ba",
            "source": "https://android.googlesource.com/platform/frameworks/av/+/79a6ffbdaf14cfbb597efd8545ba401f1da28a4f",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "drm/mediadrm/plugins/clearkey/hidl/CryptoPlugin.cpp"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 4254.0,
                "function_hash": "289247886596900951187087052811627073121"
            },
            "id": "ASB-A-176444161-3afce157",
            "source": "https://android.googlesource.com/platform/frameworks/av/+/79a6ffbdaf14cfbb597efd8545ba401f1da28a4f",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "drm/mediadrm/plugins/clearkey/hidl/CryptoPlugin.cpp",
                "function": "CryptoPlugin::decrypt_1_2"
            },
            "signature_type": "Function"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/av/+/79a6ffbdaf14cfbb597efd8545ba401f1da28a4f"
    ],
    "spl": "2021-06-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}

Android / platform/hardware/interfaces

Affected ranges

Type
ECOSYSTEM
Events
Introduced
11:0
Fixed
11:2021-06-01

Affected versions

Other

11

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "338734003058650768117569873538913139211",
                    "48334840324752538220133656459956211134",
                    "74219866353171461841539864830050274457",
                    "222290197317652465409581001700111359761",
                    "87089908589932915432556193581794380754",
                    "54706185110868442096262177696595696279",
                    "324607132481506265150981429704786906864",
                    "136556778993816125910016875516885690619",
                    "68342775054458916267650814659772342317",
                    "303034744072508462164836128000890610502",
                    "298561505625679081913440228746743709653",
                    "244686149178940169759062632632814000223",
                    "326167035501015315238203021377548683500",
                    "199164574376375895138658068341247569159",
                    "173622098562518735989600364692111324601",
                    "8820646153323049783395416090839125310",
                    "61786442267307842068128269464010653229",
                    "184832951823819122292927511161264090234",
                    "18208972824218449988403253158397327668"
                ]
            },
            "id": "ASB-A-176444161-19f693aa",
            "source": "https://android.googlesource.com/platform/hardware/interfaces/+/a4e76aab230a565dd0cef11e2e6e2d782b685327",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "drm/1.0/default/CryptoPlugin.h"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "332590428842297416598272175294071262211",
                    "112520708469331746017134768630155321874",
                    "101135519993293756381725003488514858462",
                    "178009918267011045620188023231884283364",
                    "240019402275460157740975095727168640207",
                    "276498128064374268632420638483112505272",
                    "137378813570596590094778362080755671176",
                    "90106377484174975455564131918402057136",
                    "246524809232248934677036880304414481783",
                    "154143101464377361727192659246603798336",
                    "114433394657626372821910648266472716077",
                    "291141292063522259182343516414589168415",
                    "973311319970186573685297772982176662",
                    "198449186455470176282285785883624712342"
                ]
            },
            "id": "ASB-A-176444161-d4ae1cc4",
            "source": "https://android.googlesource.com/platform/hardware/interfaces/+/a4e76aab230a565dd0cef11e2e6e2d782b685327",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "drm/1.0/default/CryptoPlugin.cpp"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 173.0,
                "function_hash": "30327710380002908183031134057555754975"
            },
            "id": "ASB-A-176444161-f327aa45",
            "source": "https://android.googlesource.com/platform/hardware/interfaces/+/a4e76aab230a565dd0cef11e2e6e2d782b685327",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "drm/1.0/default/CryptoPlugin.cpp",
                "function": "CryptoPlugin::setSharedBufferBase"
            },
            "signature_type": "Function"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/hardware/interfaces/+/a4e76aab230a565dd0cef11e2e6e2d782b685327"
    ],
    "spl": "2021-06-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}