ASB-A-176801033

See a problem?
Import Source
https://storage.googleapis.com/android-osv/ASB-A-176801033.json
JSON Data
https://api.osv.dev/v1/vulns/ASB-A-176801033
Aliases
  • A-176801033
  • CVE-2021-0472
Published
2021-05-01T00:00:00Z
Modified
2024-08-07T19:29:24.893959Z
Summary
App pinning isn't requesting my PIN to exit app pinning mode
Details

In shouldLockKeyguard of LockTaskController.java, there is a possible way to exit App Pinning without a PIN due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

References

Affected packages

Android / platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
9:0
Fixed
9:2021-05-01

Affected versions

Other

9

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "333206736053784449997950458316207344618",
                    "177501676282529422575091223791797187624",
                    "195623526685068679907378400787276389162",
                    "8793843408600877299954437603954247770",
                    "227176187817627969131496652035734614052",
                    "292822901749107478384115330747627590133",
                    "33476972354651022683635018391521878750",
                    "199448010274548126106604302597564977362",
                    "16410069294663650241074469509424729034",
                    "3427055710480261165322600908100880180",
                    "34684988134253483853347573803248605069",
                    "285222174706486376030386267210185218243",
                    "206908798015865156358514396576575361238",
                    "116160001774032930655826964205071309215",
                    "190860459215093907816863412950412546964",
                    "154243755782907292700055415175132763430",
                    "109204748140482433149491213881790762911",
                    "76410927641618677596252496532218979994",
                    "38541416400708422052910691037617107863"
                ]
            },
            "id": "ASB-A-176801033-1d9c6ed1",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/26a90c2b820ba40755f9c28efaad2173133868b5",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/am/LockTaskController.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 343.0,
                "function_hash": "201055512508727973607262584861113119280"
            },
            "id": "ASB-A-176801033-62b46a74",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/26a90c2b820ba40755f9c28efaad2173133868b5",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/am/LockTaskController.java",
                "function": "shouldLockKeyguard"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 166.0,
                "function_hash": "108825034237750492749678710967939808094"
            },
            "id": "ASB-A-176801033-6f673b72",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/26a90c2b820ba40755f9c28efaad2173133868b5",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/am/LockTaskController.java",
                "function": "lockKeyguardIfNeeded"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 540.0,
                "function_hash": "103792366027275352106326334034155196847"
            },
            "id": "ASB-A-176801033-ce990c1a",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/26a90c2b820ba40755f9c28efaad2173133868b5",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/am/LockTaskController.java",
                "function": "performStopLockTask"
            },
            "signature_type": "Function"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/26a90c2b820ba40755f9c28efaad2173133868b5"
    ],
    "spl": "2021-05-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}

Android / platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
10:0
Fixed
10:2021-05-01

Affected versions

Other

10

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 343.0,
                "function_hash": "201055512508727973607262584861113119280"
            },
            "id": "ASB-A-176801033-0965656c",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/bb4eded37926916f8f9c45dede6bc6315cf15b18",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/wm/LockTaskController.java",
                "function": "shouldLockKeyguard"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 166.0,
                "function_hash": "108825034237750492749678710967939808094"
            },
            "id": "ASB-A-176801033-12172b95",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/bb4eded37926916f8f9c45dede6bc6315cf15b18",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/wm/LockTaskController.java",
                "function": "lockKeyguardIfNeeded"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "333206736053784449997950458316207344618",
                    "177501676282529422575091223791797187624",
                    "195623526685068679907378400787276389162",
                    "8793843408600877299954437603954247770",
                    "157724621926064235821062892275194029529",
                    "292822901749107478384115330747627590133",
                    "33476972354651022683635018391521878750",
                    "199448010274548126106604302597564977362",
                    "16410069294663650241074469509424729034",
                    "3427055710480261165322600908100880180",
                    "34684988134253483853347573803248605069",
                    "285222174706486376030386267210185218243",
                    "206908798015865156358514396576575361238",
                    "116160001774032930655826964205071309215",
                    "190860459215093907816863412950412546964",
                    "154243755782907292700055415175132763430",
                    "109204748140482433149491213881790762911",
                    "76410927641618677596252496532218979994",
                    "38541416400708422052910691037617107863"
                ]
            },
            "id": "ASB-A-176801033-57ae3c31",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/bb4eded37926916f8f9c45dede6bc6315cf15b18",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/wm/LockTaskController.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 540.0,
                "function_hash": "103792366027275352106326334034155196847"
            },
            "id": "ASB-A-176801033-caad4831",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/bb4eded37926916f8f9c45dede6bc6315cf15b18",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/wm/LockTaskController.java",
                "function": "performStopLockTask"
            },
            "signature_type": "Function"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/bb4eded37926916f8f9c45dede6bc6315cf15b18"
    ],
    "spl": "2021-05-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}

Android / platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
11:0
Fixed
11:2021-05-01

Affected versions

Other

11

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 534.0,
                "function_hash": "283440389493530536439999781748583463681"
            },
            "id": "ASB-A-176801033-30d5f371",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/7a974a5468b8760daeae1890a9c8c52eeed19d87",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/wm/LockTaskController.java",
                "function": "performStopLockTask"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "28263170677722799021350252788901767036",
                    "260414619764934154283058983224203389993",
                    "220200691912143438853125641529135494693",
                    "8793843408600877299954437603954247770",
                    "157724621926064235821062892275194029529",
                    "292822901749107478384115330747627590133",
                    "33476972354651022683635018391521878750",
                    "199448010274548126106604302597564977362",
                    "16410069294663650241074469509424729034",
                    "3427055710480261165322600908100880180",
                    "34684988134253483853347573803248605069",
                    "285222174706486376030386267210185218243",
                    "206908798015865156358514396576575361238",
                    "116160001774032930655826964205071309215",
                    "190860459215093907816863412950412546964",
                    "154243755782907292700055415175132763430",
                    "109204748140482433149491213881790762911",
                    "76410927641618677596252496532218979994",
                    "38541416400708422052910691037617107863"
                ]
            },
            "id": "ASB-A-176801033-57cc0444",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/7a974a5468b8760daeae1890a9c8c52eeed19d87",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/wm/LockTaskController.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 343.0,
                "function_hash": "201055512508727973607262584861113119280"
            },
            "id": "ASB-A-176801033-d89fc19e",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/7a974a5468b8760daeae1890a9c8c52eeed19d87",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/wm/LockTaskController.java",
                "function": "shouldLockKeyguard"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 166.0,
                "function_hash": "108825034237750492749678710967939808094"
            },
            "id": "ASB-A-176801033-e2bbce40",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/7a974a5468b8760daeae1890a9c8c52eeed19d87",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/wm/LockTaskController.java",
                "function": "lockKeyguardIfNeeded"
            },
            "signature_type": "Function"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/7a974a5468b8760daeae1890a9c8c52eeed19d87"
    ],
    "spl": "2021-05-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}