ASB-A-177457096

See a problem?
Import Source
https://storage.googleapis.com/android-osv/ASB-A-177457096.json
JSON Data
https://api.osv.dev/v1/vulns/ASB-A-177457096
Aliases
  • A-177457096
  • CVE-2021-0595
Published
2021-09-01T00:00:00Z
Modified
2024-08-07T19:29:54.708490Z
Summary
When personal Resolver is opened, Work challenge is not displayed
Details

In lockAllProfileTasks of RootWindowContainer.java, there is a possible way to access the work profile without the profile PIN, after logging in. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

References

Affected packages

Android / platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
8.1:0
Fixed
8.1:2021-09-01

Affected versions

8.*

8.1

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 517.0,
                "function_hash": "4855660856436123241304781519529490434"
            },
            "id": "ASB-A-177457096-0067f0ad",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/6820d70823930954b723ca39fbf89f17aa0109c6",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/am/ActivityStackSupervisor.java",
                "function": "lockAllProfileTasks"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "192021737400672581641877270999405955725",
                    "73039071290688540158633706206515042375",
                    "309147559616821396789038788992723499278",
                    "191292089719603674539437026468541110724",
                    "174942005298795483561693119114168326621",
                    "311084688386051237094816269953689530313",
                    "272818894994611499796695465280385669736",
                    "179334390174804467717923809511567435591",
                    "178347891408941180451978005556940645786",
                    "184195054321348536997654599256706143098",
                    "252038425751093344002264801221853138186",
                    "175347488161030038103667662572948330309",
                    "197660204161345488301537482785693718230",
                    "249716824330701332574864819688621863398",
                    "212054920075722885839979283448764644250"
                ]
            },
            "id": "ASB-A-177457096-4b0a9d01",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/6820d70823930954b723ca39fbf89f17aa0109c6",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/am/ActivityStackSupervisor.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 248.0,
                "function_hash": "254864912248281800225588637663947126537"
            },
            "id": "ASB-A-177457096-fcd63147",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/6820d70823930954b723ca39fbf89f17aa0109c6",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/am/ActivityStackSupervisor.java",
                "function": "taskTopActivityIsUser"
            },
            "signature_type": "Function"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/6820d70823930954b723ca39fbf89f17aa0109c6"
    ],
    "spl": "2021-09-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}

Android / platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
9:0
Fixed
9:2021-09-01

Affected versions

Other

9

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 248.0,
                "function_hash": "254864912248281800225588637663947126537"
            },
            "id": "ASB-A-177457096-1e447b31",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/fe5e1432cf1647373a2975435cae4158ba2ebd03",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/am/ActivityStackSupervisor.java",
                "function": "taskTopActivityIsUser"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "192021737400672581641877270999405955725",
                    "73039071290688540158633706206515042375",
                    "309147559616821396789038788992723499278",
                    "191292089719603674539437026468541110724",
                    "174942005298795483561693119114168326621",
                    "311084688386051237094816269953689530313",
                    "272818894994611499796695465280385669736",
                    "179334390174804467717923809511567435591",
                    "178347891408941180451978005556940645786",
                    "277604412646177940353340369730520052400",
                    "252038425751093344002264801221853138186",
                    "175347488161030038103667662572948330309",
                    "197660204161345488301537482785693718230",
                    "249716824330701332574864819688621863398",
                    "212054920075722885839979283448764644250"
                ]
            },
            "id": "ASB-A-177457096-2b84d44f",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/fe5e1432cf1647373a2975435cae4158ba2ebd03",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/am/ActivityStackSupervisor.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 646.0,
                "function_hash": "339274192225462572348193069616623486570"
            },
            "id": "ASB-A-177457096-3d755559",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/fe5e1432cf1647373a2975435cae4158ba2ebd03",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/am/ActivityStackSupervisor.java",
                "function": "lockAllProfileTasks"
            },
            "signature_type": "Function"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/fe5e1432cf1647373a2975435cae4158ba2ebd03"
    ],
    "spl": "2021-09-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}

Android / platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
10:0
Fixed
10:2021-09-01

Affected versions

Other

10

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "277604412646177940353340369730520052400",
                    "146123511346353839392675505738622529471",
                    "56808386686108766007323114508731096094",
                    "15950608285462239719192515684328958268",
                    "288674534050683282514606313066472544942",
                    "212054920075722885839979283448764644250",
                    "189282877040415916113989760883631061690",
                    "30237743271805077684537835321420641464",
                    "309147559616821396789038788992723499278",
                    "268870487079026157212061959671592979289",
                    "295735312026024789925978890156378769431",
                    "139771212460742327347197770675747411135",
                    "313545061541229314322064863511266081237",
                    "82420105320242612538086852712487443963",
                    "233606178683804348312329066232267120186"
                ]
            },
            "id": "ASB-A-177457096-1618f294",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/69b3a3cd046265165699cce5ba7919dad82f95dc",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/wm/RootActivityContainer.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 625.0,
                "function_hash": "163650862148104871237549214065846493089"
            },
            "id": "ASB-A-177457096-25ca9813",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/69b3a3cd046265165699cce5ba7919dad82f95dc",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/wm/RootActivityContainer.java",
                "function": "lockAllProfileTasks"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 252.0,
                "function_hash": "9648489986748666073639995239133248570"
            },
            "id": "ASB-A-177457096-3cbca619",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/69b3a3cd046265165699cce5ba7919dad82f95dc",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/wm/RootActivityContainer.java",
                "function": "taskTopActivityIsUser"
            },
            "signature_type": "Function"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/69b3a3cd046265165699cce5ba7919dad82f95dc"
    ],
    "spl": "2021-09-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}

Android / platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
11:0
Fixed
11:2021-09-01

Affected versions

Other

11

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 321.0,
                "function_hash": "185895161836423113035887623365041844040"
            },
            "id": "ASB-A-177457096-1dcbd078",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/499234d859d4a12a0856951b71ebf57015913ffa",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/wm/RootWindowContainer.java",
                "function": "lockAllProfileTasks"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 317.0,
                "function_hash": "185279748318193687508660551856617094769"
            },
            "id": "ASB-A-177457096-3423934d",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/27a2a5f986286f0d5c6e77255ab372cb8e3c1ee2",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/wm/RootWindowContainer.java",
                "function": "lockAllProfileTasks"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "319608302694632907987015588302028173500",
                    "71104645019518032852234958660540256913",
                    "39084522148782807022073402604275156885",
                    "274500282555431043407044120150719225023",
                    "101000517727186249794777501689120986493",
                    "164720539729702487821169671738632815799"
                ]
            },
            "id": "ASB-A-177457096-7bb69fde",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/499234d859d4a12a0856951b71ebf57015913ffa",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/wm/RootWindowContainer.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "6762681846288472724534545145394328814",
                    "296154101629914364746059458676721331263",
                    "153346612157339284077856995674896544154",
                    "46896822558337203880620434730346038424",
                    "170777066521450703429607142552320466338",
                    "81542952029366208062690531367598471464",
                    "50460310744535150821030270168936316437",
                    "181441755685569856279120290215320893655",
                    "160957180412488600639850327574641904612",
                    "36444319916529994402205714998780777869",
                    "26752043797441743126965748206169588068",
                    "159812801165570696198462748537071251706",
                    "10109517777115667435630484410620411345",
                    "217539346545856158404423193175634561395",
                    "327179519301917169643766698126779751664",
                    "20921838778528004006836252599907107467",
                    "251464589380188636569400445173535578516",
                    "328889437993415541037793802502407387391",
                    "177771744446488315553661449576976055593",
                    "10801729857621772858429441003938545952",
                    "257922284721193446386592634453704648532",
                    "235659630788916977802180541881589843374",
                    "110205745882659660246278947459087055740",
                    "114572191128365493447633417077947796392"
                ]
            },
            "id": "ASB-A-177457096-82003137",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/27a2a5f986286f0d5c6e77255ab372cb8e3c1ee2",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/wm/RootWindowContainer.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 319.0,
                "function_hash": "59580655210471875483611790500128974108"
            },
            "id": "ASB-A-177457096-fa7c0fd5",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/27a2a5f986286f0d5c6e77255ab372cb8e3c1ee2",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/wm/RootWindowContainer.java",
                "function": "taskTopActivityIsUser"
            },
            "signature_type": "Function"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/27a2a5f986286f0d5c6e77255ab372cb8e3c1ee2",
        "https://android.googlesource.com/platform/frameworks/base/+/499234d859d4a12a0856951b71ebf57015913ffa"
    ],
    "spl": "2021-09-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}