In sendBroadcastToInstaller of FirstScreenBroadcast.java, there is a possible activity launch due to an unsafe PendingIntent. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
{ "vanir_signatures": [ { "digest": { "length": 1523.0, "function_hash": "308470978541057670615553267430717786121" }, "id": "ASB-A-179289753-65adddd6", "source": "https://android.googlesource.com/platform/packages/apps/Launcher3/+/6a7a7f6bad9ddb3b09620b5bd3e931e4a7f94037", "deprecated": false, "signature_version": "v1", "target": { "file": "src/com/android/launcher3/model/FirstScreenBroadcast.java", "function": "sendBroadcastToInstaller" }, "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "64218691201831824957998934362193549226", "72101287542892239829598847874941774405", "250917820842319857174928855853544470004", "157549670108489957391182641662768380696", "215765759519464149898409340185639421019" ] }, "id": "ASB-A-179289753-6a71ee25", "source": "https://android.googlesource.com/platform/packages/apps/Launcher3/+/6a7a7f6bad9ddb3b09620b5bd3e931e4a7f94037", "deprecated": false, "signature_version": "v1", "target": { "file": "src/com/android/launcher3/model/FirstScreenBroadcast.java" }, "signature_type": "Line" }, { "match_only_versions": [ "9" ], "digest": { "threshold": 0.9, "line_hashes": [ "289431792269108550855782688154527960629", "230997653134768548590088079968996658108", "208819387599753241295668742009309166479", "315859335263020676225275389249829520354", "224747133250815276446175189229160239239", "335596790613405093073366072620082111840", "193131926168498708920826065808808705187" ] }, "id": "ASB-A-179289753-d6eae26b", "source": "https://android.googlesource.com/platform/packages/apps/Launcher3/+/89299047d7d4760545d1269de69f581700abcdde", "deprecated": false, "signature_version": "v1", "target": { "file": "src/com/android/launcher3/model/FirstScreenBroadcast.java" }, "signature_type": "Line" } ], "fixes": [ "https://android.googlesource.com/platform/packages/apps/Launcher3/+/6a7a7f6bad9ddb3b09620b5bd3e931e4a7f94037", "https://android.googlesource.com/platform/packages/apps/Launcher3/+/89299047d7d4760545d1269de69f581700abcdde" ], "spl": "2021-09-01", "severity": "High", "types": [ "EoP" ] }
{ "vanir_signatures": [ { "digest": { "threshold": 0.9, "line_hashes": [ "64218691201831824957998934362193549226", "72101287542892239829598847874941774405", "250917820842319857174928855853544470004", "157549670108489957391182641662768380696", "215765759519464149898409340185639421019" ] }, "id": "ASB-A-179289753-490cd3aa", "source": "https://android.googlesource.com/platform/packages/apps/Launcher3/+/6a7a7f6bad9ddb3b09620b5bd3e931e4a7f94037", "deprecated": false, "signature_version": "v1", "target": { "file": "src/com/android/launcher3/model/FirstScreenBroadcast.java" }, "signature_type": "Line" }, { "digest": { "length": 1523.0, "function_hash": "308470978541057670615553267430717786121" }, "id": "ASB-A-179289753-a133b673", "source": "https://android.googlesource.com/platform/packages/apps/Launcher3/+/6a7a7f6bad9ddb3b09620b5bd3e931e4a7f94037", "deprecated": false, "signature_version": "v1", "target": { "file": "src/com/android/launcher3/model/FirstScreenBroadcast.java", "function": "sendBroadcastToInstaller" }, "signature_type": "Function" }, { "match_only_versions": [ "10" ], "digest": { "threshold": 0.9, "line_hashes": [ "289431792269108550855782688154527960629", "230997653134768548590088079968996658108", "208819387599753241295668742009309166479", "315859335263020676225275389249829520354", "224747133250815276446175189229160239239", "335596790613405093073366072620082111840", "193131926168498708920826065808808705187" ] }, "id": "ASB-A-179289753-ac13be8d", "source": "https://android.googlesource.com/platform/packages/apps/Launcher3/+/89299047d7d4760545d1269de69f581700abcdde", "deprecated": false, "signature_version": "v1", "target": { "file": "src/com/android/launcher3/model/FirstScreenBroadcast.java" }, "signature_type": "Line" } ], "fixes": [ "https://android.googlesource.com/platform/packages/apps/Launcher3/+/6a7a7f6bad9ddb3b09620b5bd3e931e4a7f94037", "https://android.googlesource.com/platform/packages/apps/Launcher3/+/89299047d7d4760545d1269de69f581700abcdde" ], "spl": "2021-09-01", "severity": "High", "types": [ "EoP" ] }
{ "vanir_signatures": [ { "digest": { "threshold": 0.9, "line_hashes": [ "312131370601399000384591629829028668315", "72101287542892239829598847874941774405", "250917820842319857174928855853544470004", "157549670108489957391182641662768380696", "215765759519464149898409340185639421019" ] }, "id": "ASB-A-179289753-41ddf5b5", "source": "https://android.googlesource.com/platform/packages/apps/Launcher3/+/b62fba0d0199d719ac63761846e09b4b28e1dc2c", "deprecated": false, "signature_version": "v1", "target": { "file": "src/com/android/launcher3/model/FirstScreenBroadcast.java" }, "signature_type": "Line" }, { "digest": { "length": 1523.0, "function_hash": "308470978541057670615553267430717786121" }, "id": "ASB-A-179289753-4cb922aa", "source": "https://android.googlesource.com/platform/packages/apps/Launcher3/+/b62fba0d0199d719ac63761846e09b4b28e1dc2c", "deprecated": false, "signature_version": "v1", "target": { "file": "src/com/android/launcher3/model/FirstScreenBroadcast.java", "function": "sendBroadcastToInstaller" }, "signature_type": "Function" } ], "fixes": [ "https://android.googlesource.com/platform/packages/apps/Launcher3/+/b62fba0d0199d719ac63761846e09b4b28e1dc2c" ], "spl": "2021-09-01", "severity": "High", "types": [ "EoP" ] }