ASB-A-176444622

See a problem?
Import Source
https://storage.googleapis.com/android-osv/ASB-A-176444622.json
JSON Data
https://api.osv.dev/v1/vulns/ASB-A-176444622
Aliases
  • A-176444622
  • CVE-2021-0510
Published
2021-06-01T00:00:00Z
Modified
2024-08-07T19:30:20.141024Z
Summary
[heap buffer overflow in frameworks/av/drm/mediadrm/plugins/clearkey/hidl/CryptoPlugin.cpp#186] - ASAN WRITE
Details

In decrypt12 of CryptoPlugin.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

References

Affected packages

Android / platform/hardware/interfaces

Affected ranges

Type
ECOSYSTEM
Events
Introduced
8.1:0
Fixed
8.1:2021-06-01

Affected versions

8.*

8.1

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "137378813570596590094778362080755671176",
                    "90106377484174975455564131918402057136",
                    "246524809232248934677036880304414481783",
                    "154143101464377361727192659246603798336",
                    "113084945922290690774573775275858985920",
                    "331628084900826418848421835281485859915",
                    "68990439568804655583011682940077539403",
                    "152327495164168164380241693940353026773"
                ]
            },
            "id": "ASB-A-176444622-725c17ef",
            "source": "https://android.googlesource.com/platform/hardware/interfaces/+/d468101f149e30bc4ec5105555973d4ed8b4e009",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "drm/1.0/default/CryptoPlugin.cpp"
            },
            "signature_type": "Line"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/hardware/interfaces/+/d468101f149e30bc4ec5105555973d4ed8b4e009"
    ],
    "spl": "2021-06-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}

Android / platform/frameworks/av

Affected ranges

Type
ECOSYSTEM
Events
Introduced
9:0
Fixed
9:2021-06-01

Affected versions

Other

9

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 4173.0,
                "function_hash": "68259926958128311778129082746027067165"
            },
            "id": "ASB-A-176444622-a29c37fd",
            "source": "https://android.googlesource.com/platform/frameworks/av/+/a44d24476226d92ab66e3573ed613ddc555172ff",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "drm/mediadrm/plugins/clearkey/hidl/CryptoPlugin.cpp",
                "function": "CryptoPlugin::decrypt"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "224106305415867355946096070495053294470",
                    "152429897004112786606571710302394375068",
                    "134883749357658149370915030570652469906",
                    "152327495164168164380241693940353026773",
                    "179954984451917713031089792380648662350",
                    "264298949911011163485260866338663751604",
                    "182509013215656757272313039702013762214",
                    "79868785389749169529183912015347522416"
                ]
            },
            "id": "ASB-A-176444622-ac06fda4",
            "source": "https://android.googlesource.com/platform/frameworks/av/+/a44d24476226d92ab66e3573ed613ddc555172ff",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "drm/mediadrm/plugins/clearkey/hidl/CryptoPlugin.cpp"
            },
            "signature_type": "Line"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/av/+/a44d24476226d92ab66e3573ed613ddc555172ff"
    ],
    "spl": "2021-06-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}

Android / platform/hardware/interfaces

Affected ranges

Type
ECOSYSTEM
Events
Introduced
9:0
Fixed
9:2021-06-01

Affected versions

Other

9

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "137378813570596590094778362080755671176",
                    "90106377484174975455564131918402057136",
                    "246524809232248934677036880304414481783",
                    "154143101464377361727192659246603798336",
                    "113084945922290690774573775275858985920",
                    "331628084900826418848421835281485859915",
                    "68990439568804655583011682940077539403",
                    "152327495164168164380241693940353026773",
                    "326535734156762876726196237194443882500",
                    "335596279074292283518826108667747081538",
                    "75913187668697301781522012737457200670",
                    "128321274538814115532472178115114263168"
                ]
            },
            "id": "ASB-A-176444622-49bcdb3f",
            "source": "https://android.googlesource.com/platform/hardware/interfaces/+/ff537c8516e1f8be96264d3c5db3ac084e307566",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "drm/1.0/default/CryptoPlugin.cpp"
            },
            "signature_type": "Line"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/hardware/interfaces/+/ff537c8516e1f8be96264d3c5db3ac084e307566"
    ],
    "spl": "2021-06-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}

Android / platform/frameworks/av

Affected ranges

Type
ECOSYSTEM
Events
Introduced
10:0
Fixed
10:2021-06-01

Affected versions

Other

10

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "224106305415867355946096070495053294470",
                    "61914207677528524866476737762295053136",
                    "234058767390099327305618880344336618187",
                    "298101867695329982703361566339176402876",
                    "206400793694344726629374785358298641053",
                    "264298949911011163485260866338663751604",
                    "182509013215656757272313039702013762214",
                    "79868785389749169529183912015347522416"
                ]
            },
            "id": "ASB-A-176444622-1d50cb6c",
            "source": "https://android.googlesource.com/platform/frameworks/av/+/3c9044cdef93c7c611118424f31448d618cc9da3",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "drm/mediadrm/plugins/clearkey/hidl/CryptoPlugin.cpp"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 4176.0,
                "function_hash": "33642656514070477647385361666684744139"
            },
            "id": "ASB-A-176444622-2797e8bc",
            "source": "https://android.googlesource.com/platform/frameworks/av/+/3c9044cdef93c7c611118424f31448d618cc9da3",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "drm/mediadrm/plugins/clearkey/hidl/CryptoPlugin.cpp",
                "function": "CryptoPlugin::decrypt_1_2"
            },
            "signature_type": "Function"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/av/+/3c9044cdef93c7c611118424f31448d618cc9da3"
    ],
    "spl": "2021-06-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}

Android / platform/hardware/interfaces

Affected ranges

Type
ECOSYSTEM
Events
Introduced
10:0
Fixed
10:2021-06-01

Affected versions

Other

10

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "137378813570596590094778362080755671176",
                    "90106377484174975455564131918402057136",
                    "246524809232248934677036880304414481783",
                    "154143101464377361727192659246603798336",
                    "113084945922290690774573775275858985920",
                    "331628084900826418848421835281485859915",
                    "68990439568804655583011682940077539403",
                    "152327495164168164380241693940353026773",
                    "326535734156762876726196237194443882500",
                    "335596279074292283518826108667747081538",
                    "75913187668697301781522012737457200670",
                    "128321274538814115532472178115114263168"
                ]
            },
            "id": "ASB-A-176444622-df24bb4a",
            "source": "https://android.googlesource.com/platform/hardware/interfaces/+/a6e551feef4e5faeec9ecc6b287eeade751e7f8b",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "drm/1.0/default/CryptoPlugin.cpp"
            },
            "signature_type": "Line"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/hardware/interfaces/+/a6e551feef4e5faeec9ecc6b287eeade751e7f8b"
    ],
    "spl": "2021-06-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}

Android / platform/frameworks/av

Affected ranges

Type
ECOSYSTEM
Events
Introduced
11:0
Fixed
11:2021-06-01

Affected versions

Other

11

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "224106305415867355946096070495053294470",
                    "61914207677528524866476737762295053136",
                    "234058767390099327305618880344336618187",
                    "298101867695329982703361566339176402876",
                    "206400793694344726629374785358298641053",
                    "264298949911011163485260866338663751604",
                    "182509013215656757272313039702013762214",
                    "79868785389749169529183912015347522416"
                ]
            },
            "id": "ASB-A-176444622-8e66b279",
            "source": "https://android.googlesource.com/platform/frameworks/av/+/49c0fe413ceb2e0cef356d2738d63bb873845e04",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "drm/mediadrm/plugins/clearkey/hidl/CryptoPlugin.cpp"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 4176.0,
                "function_hash": "33642656514070477647385361666684744139"
            },
            "id": "ASB-A-176444622-b400cf65",
            "source": "https://android.googlesource.com/platform/frameworks/av/+/49c0fe413ceb2e0cef356d2738d63bb873845e04",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "drm/mediadrm/plugins/clearkey/hidl/CryptoPlugin.cpp",
                "function": "CryptoPlugin::decrypt_1_2"
            },
            "signature_type": "Function"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/av/+/49c0fe413ceb2e0cef356d2738d63bb873845e04"
    ],
    "spl": "2021-06-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}

Android / platform/hardware/interfaces

Affected ranges

Type
ECOSYSTEM
Events
Introduced
11:0
Fixed
11:2021-06-01

Affected versions

Other

11

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "137378813570596590094778362080755671176",
                    "90106377484174975455564131918402057136",
                    "246524809232248934677036880304414481783",
                    "154143101464377361727192659246603798336",
                    "113084945922290690774573775275858985920",
                    "331628084900826418848421835281485859915",
                    "68990439568804655583011682940077539403",
                    "152327495164168164380241693940353026773",
                    "326535734156762876726196237194443882500",
                    "335596279074292283518826108667747081538",
                    "75913187668697301781522012737457200670",
                    "128321274538814115532472178115114263168"
                ]
            },
            "id": "ASB-A-176444622-70bab501",
            "source": "https://android.googlesource.com/platform/hardware/interfaces/+/9191787d0e73712608eff22fca9aea9480d4691e",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "drm/1.0/default/CryptoPlugin.cpp"
            },
            "signature_type": "Line"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/hardware/interfaces/+/9191787d0e73712608eff22fca9aea9480d4691e"
    ],
    "spl": "2021-06-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}