ASB-A-185178568

See a problem?
Import Source
https://storage.googleapis.com/android-osv/ASB-A-185178568.json
JSON Data
https://api.osv.dev/v1/vulns/ASB-A-185178568
Aliases
  • A-185178568
  • CVE-2021-0652
Published
2021-10-01T00:00:00Z
Modified
2024-09-04T21:42:31Z
Summary
crash in com.google.android.apps.safetyhub; HWASAN CTS: HWAddressSanitizer: tag-mismatch on address 0x003d80fb1328 at pc 0x007e75d72248 WRITE of size 4 at 0x003d80fb1328 tags: 07/61 (ptr/mem) in thread T648
Details

In VectorDrawable::VectorDrawable of VectorDrawable.java, there is a possible way to introduce a memory corruption due to sharing of not thread-safe objects. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

References

Affected packages

Android / platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
12-next:0
Fixed
12-next:2021-10-01

Affected versions

Other

12-next

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 56.0,
                "function_hash": "185864239362655514218475310092652484221"
            },
            "id": "ASB-A-185178568-3d47b59b",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/549ee05ac5458d04f8a5dab36cd3bff951e565ff",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "graphics/java/android/graphics/drawable/VectorDrawable.java",
                "function": "VectorDrawable"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 107.0,
                "function_hash": "339478319862904858376976206025907280073"
            },
            "id": "ASB-A-185178568-4693525a",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/549ee05ac5458d04f8a5dab36cd3bff951e565ff",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "graphics/java/android/graphics/drawable/VectorDrawable.java",
                "function": "VectorDrawable"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "121643977062923626745515733345286558681",
                    "281943103480604893730279812896987304739",
                    "39431095305666089737429303790417283263",
                    "184443090632241604409289305091400330787",
                    "288940757016037320418976212345001686936",
                    "9773249350786764123582494058812485469",
                    "176132001913208749900542624860763057957"
                ]
            },
            "id": "ASB-A-185178568-c8260a92",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/549ee05ac5458d04f8a5dab36cd3bff951e565ff",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "graphics/java/android/graphics/drawable/VectorDrawable.java"
            },
            "signature_type": "Line"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/549ee05ac5458d04f8a5dab36cd3bff951e565ff"
    ],
    "spl": "2021-10-01",
    "severity": "High",
    "types": [
        "Unknown",
        "EoP"
    ]
}

Android / platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
8.1:0
Fixed
8.1:2021-10-01

Affected versions

8.*

8.1

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "121643977062923626745515733345286558681",
                    "281943103480604893730279812896987304739",
                    "39431095305666089737429303790417283263",
                    "184443090632241604409289305091400330787",
                    "288940757016037320418976212345001686936",
                    "9773249350786764123582494058812485469",
                    "176132001913208749900542624860763057957"
                ]
            },
            "id": "ASB-A-185178568-1f2538eb",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/32207ceb2fb408d06924b46919fc438477fddcf0",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "graphics/java/android/graphics/drawable/VectorDrawable.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 56.0,
                "function_hash": "185864239362655514218475310092652484221"
            },
            "id": "ASB-A-185178568-3d297fe6",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/32207ceb2fb408d06924b46919fc438477fddcf0",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "graphics/java/android/graphics/drawable/VectorDrawable.java",
                "function": "VectorDrawable"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 107.0,
                "function_hash": "339478319862904858376976206025907280073"
            },
            "id": "ASB-A-185178568-a6fcbd59",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/32207ceb2fb408d06924b46919fc438477fddcf0",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "graphics/java/android/graphics/drawable/VectorDrawable.java",
                "function": "VectorDrawable"
            },
            "signature_type": "Function"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/32207ceb2fb408d06924b46919fc438477fddcf0"
    ],
    "spl": "2021-10-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}

Android / platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
9:0
Fixed
9:2021-10-01

Affected versions

Other

9

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "121643977062923626745515733345286558681",
                    "281943103480604893730279812896987304739",
                    "39431095305666089737429303790417283263",
                    "184443090632241604409289305091400330787",
                    "288940757016037320418976212345001686936",
                    "9773249350786764123582494058812485469",
                    "176132001913208749900542624860763057957"
                ]
            },
            "id": "ASB-A-185178568-1da9baa6",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/6edabc03017fdaa60e99e47fb0da2c297949b671",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "graphics/java/android/graphics/drawable/VectorDrawable.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 56.0,
                "function_hash": "185864239362655514218475310092652484221"
            },
            "id": "ASB-A-185178568-968540fd",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/6edabc03017fdaa60e99e47fb0da2c297949b671",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "graphics/java/android/graphics/drawable/VectorDrawable.java",
                "function": "VectorDrawable"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 107.0,
                "function_hash": "339478319862904858376976206025907280073"
            },
            "id": "ASB-A-185178568-d0831bed",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/6edabc03017fdaa60e99e47fb0da2c297949b671",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "graphics/java/android/graphics/drawable/VectorDrawable.java",
                "function": "VectorDrawable"
            },
            "signature_type": "Function"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/6edabc03017fdaa60e99e47fb0da2c297949b671"
    ],
    "spl": "2021-10-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}

Android / platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
10:0
Fixed
10:2021-10-01

Affected versions

Other

10

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "121643977062923626745515733345286558681",
                    "281943103480604893730279812896987304739",
                    "39431095305666089737429303790417283263",
                    "184443090632241604409289305091400330787",
                    "288940757016037320418976212345001686936",
                    "9773249350786764123582494058812485469",
                    "176132001913208749900542624860763057957"
                ]
            },
            "id": "ASB-A-185178568-41129db9",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/e9831122e6c0fad4b0ddf394c239b6cfc039f221",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "graphics/java/android/graphics/drawable/VectorDrawable.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 107.0,
                "function_hash": "339478319862904858376976206025907280073"
            },
            "id": "ASB-A-185178568-9486dc5e",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/e9831122e6c0fad4b0ddf394c239b6cfc039f221",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "graphics/java/android/graphics/drawable/VectorDrawable.java",
                "function": "VectorDrawable"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 56.0,
                "function_hash": "185864239362655514218475310092652484221"
            },
            "id": "ASB-A-185178568-9fbeaa9e",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/e9831122e6c0fad4b0ddf394c239b6cfc039f221",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "graphics/java/android/graphics/drawable/VectorDrawable.java",
                "function": "VectorDrawable"
            },
            "signature_type": "Function"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/e9831122e6c0fad4b0ddf394c239b6cfc039f221"
    ],
    "spl": "2021-10-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}

Android / platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
11:0
Fixed
11:2021-10-01

Affected versions

Other

11

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 107.0,
                "function_hash": "339478319862904858376976206025907280073"
            },
            "id": "ASB-A-185178568-67234ea7",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/304f3af54526f3d80cc037e18f4cf89f1053737c",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "graphics/java/android/graphics/drawable/VectorDrawable.java",
                "function": "VectorDrawable"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 56.0,
                "function_hash": "185864239362655514218475310092652484221"
            },
            "id": "ASB-A-185178568-6a3fae37",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/304f3af54526f3d80cc037e18f4cf89f1053737c",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "graphics/java/android/graphics/drawable/VectorDrawable.java",
                "function": "VectorDrawable"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "121643977062923626745515733345286558681",
                    "281943103480604893730279812896987304739",
                    "39431095305666089737429303790417283263",
                    "184443090632241604409289305091400330787",
                    "288940757016037320418976212345001686936",
                    "9773249350786764123582494058812485469",
                    "176132001913208749900542624860763057957"
                ]
            },
            "id": "ASB-A-185178568-b79c2361",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/304f3af54526f3d80cc037e18f4cf89f1053737c",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "graphics/java/android/graphics/drawable/VectorDrawable.java"
            },
            "signature_type": "Line"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/304f3af54526f3d80cc037e18f4cf89f1053737c"
    ],
    "spl": "2021-10-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}

Android / platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
12:0
Fixed
12:2021-10-01

Affected versions

Other

12

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 107.0,
                "function_hash": "339478319862904858376976206025907280073"
            },
            "id": "ASB-A-185178568-331f2c05",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/549ee05ac5458d04f8a5dab36cd3bff951e565ff",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "graphics/java/android/graphics/drawable/VectorDrawable.java",
                "function": "VectorDrawable"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 56.0,
                "function_hash": "185864239362655514218475310092652484221"
            },
            "id": "ASB-A-185178568-543d4746",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/549ee05ac5458d04f8a5dab36cd3bff951e565ff",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "graphics/java/android/graphics/drawable/VectorDrawable.java",
                "function": "VectorDrawable"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "121643977062923626745515733345286558681",
                    "281943103480604893730279812896987304739",
                    "39431095305666089737429303790417283263",
                    "184443090632241604409289305091400330787",
                    "288940757016037320418976212345001686936",
                    "9773249350786764123582494058812485469",
                    "176132001913208749900542624860763057957"
                ]
            },
            "id": "ASB-A-185178568-c74ade79",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/549ee05ac5458d04f8a5dab36cd3bff951e565ff",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "graphics/java/android/graphics/drawable/VectorDrawable.java"
            },
            "signature_type": "Line"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/549ee05ac5458d04f8a5dab36cd3bff951e565ff"
    ],
    "spl": "2021-10-01",
    "severity": "High",
    "types": [
        "Unknown"
    ]
}