ASB-A-185810717

See a problem?
Import Source
https://storage.googleapis.com/android-osv/ASB-A-185810717.json
JSON Data
https://api.osv.dev/v1/vulns/ASB-A-185810717
Aliases
  • A-185810717
  • CVE-2021-39696
Published
2022-08-01T00:00:00Z
Modified
2024-08-07T19:29:54.045373Z
Summary
Task hijacking via relinquishTaskIdentity attribute - test
Details

In Task.java, there is a possible escalation of privilege due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

References

Affected packages

Android / platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
10:0
Fixed
10:2022-08-01

Affected versions

Other

10

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 1697.0,
                "function_hash": "114249753329107087525391617389938837229"
            },
            "id": "ASB-A-185810717-18dd2717",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/cd1f9e72cf9752c9a31e990822ab34ae3d475fec",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/wm/TaskRecord.java",
                "function": "updateTaskDescription"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 188.0,
                "function_hash": "62019064814636103343664505072038970591"
            },
            "id": "ASB-A-185810717-401f52e3",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/cd1f9e72cf9752c9a31e990822ab34ae3d475fec",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/wm/TaskRecord.java",
                "function": "setIntent"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "30360541158541498531301756461858228202",
                    "3514164200356127184443281256543517324",
                    "156036005671822800397929965898971209882",
                    "40932554667166922836237017915543376523",
                    "291904945844506897884815895668139604083",
                    "102723793227783992674986099692445639340",
                    "258841496115491640405859192614166378335",
                    "183077281465461956233309633883556334568",
                    "295423418368279808382593190180421323910",
                    "37161111418155250775281148592579906163",
                    "50833405293117833279415935327022836630",
                    "138014922861602889885975517389690195226",
                    "252063939245601009146420462652573004020",
                    "339733656564648532702095189611842122394",
                    "34479264088719289698657397483948250011",
                    "236802627812529280341923007124956661938",
                    "133153876722754042077793862079581596582",
                    "251789395544594388926596920568489929042",
                    "62003219187718509093994587176542682893",
                    "54700797171610032591371120809388323223",
                    "222189884300879595813186476941217263398",
                    "176060237286998589155617803537211818495",
                    "270430745615343053950386888560668369758",
                    "83333480928160377198890704101406992375",
                    "72900625664743943506835128900318134880",
                    "54737755366401656817833916192087562946",
                    "68700392199755740678690698967609718529",
                    "12999593050953470861858369245350678094",
                    "205843455455341981996900983496815805046",
                    "104354163961701047805843948492739466768",
                    "131726437111566703208411867857732469803",
                    "323045736658015902952337602168969264518",
                    "219610675203985275730562048953214720054",
                    "336183370629074514338328775332098232682",
                    "144929111754066236071393533552665001206",
                    "52237475449065380491226544910851728974",
                    "263420766519400170252950440108882399945",
                    "84357180193666935567022253850383057811",
                    "148662239779904816260159534483958622448",
                    "231085951127056114188229272483847737783",
                    "286244540789519161386871161485334670571",
                    "41146210076656651251647344028780213285",
                    "49238975494241385451681588626869753064",
                    "247450066453139465086866621600444130586",
                    "328032100225726135103140968243823755546"
                ]
            },
            "id": "ASB-A-185810717-63a41aa7",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/cd1f9e72cf9752c9a31e990822ab34ae3d475fec",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/wm/TaskRecord.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 2097.0,
                "function_hash": "310692813872728003298386454620585542072"
            },
            "id": "ASB-A-185810717-ea25479b",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/cd1f9e72cf9752c9a31e990822ab34ae3d475fec",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/wm/TaskRecord.java",
                "function": "setIntent"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 330.0,
                "function_hash": "8782411516555310003248883134178163591"
            },
            "id": "ASB-A-185810717-f90e595e",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/cd1f9e72cf9752c9a31e990822ab34ae3d475fec",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/wm/TaskRecord.java",
                "function": "findEffectiveRootIndex"
            },
            "signature_type": "Function"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/cd1f9e72cf9752c9a31e990822ab34ae3d475fec"
    ],
    "spl": "2022-08-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}

Android / platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
11:0
Fixed
11:2022-08-01

Affected versions

Other

11

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "52595531883840164852486254551178876795",
                    "154062033777965420023310222039535300906",
                    "262569442894312989936857751120848020609",
                    "74661298110234276737496755581400151879",
                    "297058171381607430058513335385694073661",
                    "42324559335298679099023454069409252154",
                    "14057519644253320131840377833787113601",
                    "148956871793272930027126321071786471301",
                    "273501821027985886128103485821024605584",
                    "104191343101939331533767672701237649596",
                    "28930306529248088288761223068953048148",
                    "331434379975274989704032711985558570991",
                    "141446953136170541669863070774974127006",
                    "279908319037663914224815648926905417944",
                    "47765870511665856545470235716616919474",
                    "185695585190966584225455543563284580414",
                    "110113713064953918238505665971822408524",
                    "317295907264898612408862227631009760426",
                    "206076769427817003270205358177470286269",
                    "166623853546666804376003782511857093807",
                    "121424296394949635876442572798478371883"
                ]
            },
            "id": "ASB-A-185810717-0b366929",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/c5aaf99df5656fde68a4aaf2801fe30b0f5e44ae",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/wm/Task.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 2390.0,
                "function_hash": "212709493541495812727960142275378253451"
            },
            "id": "ASB-A-185810717-3b0447c2",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/c5aaf99df5656fde68a4aaf2801fe30b0f5e44ae",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/wm/Task.java",
                "function": "setIntent"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "308552683213346870058688407294738668298",
                    "278716541481851296818841190286809426677",
                    "315761850000771438408633455162439727858",
                    "167299014211513934606048582938306035617"
                ]
            },
            "id": "ASB-A-185810717-40061e86",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/7221a25a035bc7397492e15460b40395efce7023",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/wm/LaunchParamsPersister.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 787.0,
                "function_hash": "103009817535832037988649160498157209401"
            },
            "id": "ASB-A-185810717-65afdba9",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/c5aaf99df5656fde68a4aaf2801fe30b0f5e44ae",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/wm/Task.java",
                "function": "setIntent"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "270267953656468438518563010163479801018",
                    "113689335942243225269370079443296225165",
                    "56574999981327346990439269239635968344",
                    "255760020223444401083937830647181095557",
                    "95312432404155446654344847206999726902",
                    "234205518186457803052450179824608321220",
                    "210501686425343537950874358343699266995",
                    "88380941902565113212907298595913992897",
                    "268774905517820627813214429034184272535",
                    "202849182357323347719366141825897807845",
                    "337987487053846119195264261911490400658",
                    "202870691787698768385066861407014432964",
                    "101486682895096704713854736964085283199",
                    "77888250498156048942380498913764368822",
                    "231648317017581035471595418148087572272",
                    "67858898552590349168156722563153956211",
                    "148558139831752693360995294971830589149",
                    "166798505782220541920039972027162052772",
                    "74196875491008610533364407704394809790",
                    "8129973408310764468139125785590461044",
                    "74661298110234276737496755581400151879",
                    "297058171381607430058513335385694073661",
                    "42324559335298679099023454069409252154",
                    "14057519644253320131840377833787113601",
                    "148956871793272930027126321071786471301",
                    "127159712984520244076913140424508851741",
                    "284162875520143767686284517147922809629",
                    "141446953136170541669863070774974127006",
                    "117622921226904855528179967496546268483",
                    "69133172342198953785305958677470613644",
                    "73073340269886335719511329704359111918",
                    "127957146646921559588792381572624453136",
                    "196525442180716213461374868019562642117",
                    "54700797171610032591371120809388323223",
                    "222189884300879595813186476941217263398",
                    "176060237286998589155617803537211818495",
                    "270430745615343053950386888560668369758"
                ]
            },
            "id": "ASB-A-185810717-84f9e293",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/7221a25a035bc7397492e15460b40395efce7023",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/wm/Task.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 483.0,
                "function_hash": "244755902879353845954371395257098414906"
            },
            "id": "ASB-A-185810717-98e4ac28",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/7221a25a035bc7397492e15460b40395efce7023",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/wm/Task.java",
                "function": "setIntent"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 248.0,
                "function_hash": "93310086254095991867519117253775860515"
            },
            "id": "ASB-A-185810717-a5fc2c6b",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/7221a25a035bc7397492e15460b40395efce7023",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/wm/Task.java",
                "function": "processActivity"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 538.0,
                "function_hash": "299749214242481983182204029661073510566"
            },
            "id": "ASB-A-185810717-e09a9950",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/7221a25a035bc7397492e15460b40395efce7023",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/wm/LaunchParamsPersister.java",
                "function": "saveTask"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 2323.0,
                "function_hash": "113519283436401956857457209946164661682"
            },
            "id": "ASB-A-185810717-e46620cc",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/7221a25a035bc7397492e15460b40395efce7023",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/wm/Task.java",
                "function": "setIntent"
            },
            "signature_type": "Function"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/7221a25a035bc7397492e15460b40395efce7023",
        "https://android.googlesource.com/platform/frameworks/base/+/c5aaf99df5656fde68a4aaf2801fe30b0f5e44ae"
    ],
    "spl": "2022-08-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}

Android / platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
12:0
Fixed
12:2022-08-01

Affected versions

Other

12

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 248.0,
                "function_hash": "93310086254095991867519117253775860515"
            },
            "id": "ASB-A-185810717-31ab5915",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/339f4ca753b3ecf3bac520e8d70541a7223fb7c2",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/wm/Task.java",
                "function": "processActivity"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 409.0,
                "function_hash": "303421974648205830524305549598901999292"
            },
            "id": "ASB-A-185810717-61c733b9",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/339f4ca753b3ecf3bac520e8d70541a7223fb7c2",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/wm/Task.java",
                "function": "setIntent"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "176977018547643727165555349925919150112",
                    "61273032671010555112067042498848993705",
                    "210952737140323125617952079181036189101",
                    "63638498230607656154402415079115304945",
                    "238975493386478583003188720778095227941",
                    "324851195226224905193267755883425278878",
                    "70551364984156456703525134292317396185",
                    "88380941902565113212907298595913992897",
                    "268774905517820627813214429034184272535",
                    "202849182357323347719366141825897807845",
                    "337987487053846119195264261911490400658",
                    "202870691787698768385066861407014432964",
                    "243945114704921271115249838784025814286",
                    "276707104677153373588836404732608918917",
                    "272283132870058892448415143441713351837",
                    "18577647923828561894255092725633003720",
                    "67858898552590349168156722563153956211",
                    "336127415114684718460904837652194315614",
                    "318534229968897798837508631791009361356",
                    "161614524541539143309079290724643929727",
                    "42651205751565668215105703900885047507",
                    "54700797171610032591371120809388323223",
                    "222189884300879595813186476941217263398",
                    "176060237286998589155617803537211818495",
                    "270430745615343053950386888560668369758"
                ]
            },
            "id": "ASB-A-185810717-a85ce500",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/339f4ca753b3ecf3bac520e8d70541a7223fb7c2",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/wm/Task.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 2203.0,
                "function_hash": "332131789057311100416810362742688402519"
            },
            "id": "ASB-A-185810717-f2e6d6f4",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/339f4ca753b3ecf3bac520e8d70541a7223fb7c2",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/wm/Task.java",
                "function": "setIntent"
            },
            "signature_type": "Function"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/339f4ca753b3ecf3bac520e8d70541a7223fb7c2"
    ],
    "spl": "2022-08-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}