ASB-A-187957589

See a problem?
Import Source
https://storage.googleapis.com/android-osv/ASB-A-187957589.json
JSON Data
https://api.osv.dev/v1/vulns/ASB-A-187957589
Aliases
  • A-187957589
  • CVE-2021-0640
Published
2021-08-01T00:00:00Z
Modified
2024-08-07T19:30:17.092961Z
Summary
ZDI-CAN-13834: OOB write in AOSP statsd module
Details

In noteAtomLogged of StatsdStats.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

References

Affected packages

Android / platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
9:0
Fixed
9:2021-08-01

Affected versions

Other

9

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "218310578500860490201991856156648074464",
                    "128334360977750043425148833435883507242",
                    "281155686375625775178797248971093424426",
                    "306409085174042533954256400091166333161"
                ]
            },
            "id": "ASB-A-187957589-d540ce13",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/7f9b0a9fb0f5f1fff9243af7472f0a25cf7af23e",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "cmds/statsd/src/guardrail/StatsdStats.cpp"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 265.0,
                "function_hash": "212623113113335101165880882464320555763"
            },
            "id": "ASB-A-187957589-f61f8556",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/7f9b0a9fb0f5f1fff9243af7472f0a25cf7af23e",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "cmds/statsd/src/guardrail/StatsdStats.cpp",
                "function": "StatsdStats::noteAtomLogged"
            },
            "signature_type": "Function"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/7f9b0a9fb0f5f1fff9243af7472f0a25cf7af23e"
    ],
    "spl": "2021-08-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}

Android / platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
10:0
Fixed
10:2021-08-01

Affected versions

Other

10

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 337.0,
                "function_hash": "16692253331091255899339569695148445352"
            },
            "id": "ASB-A-187957589-a1b7500b",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/b13b741a94a3d1fc85277de22644c62778bd3adc",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "cmds/statsd/src/guardrail/StatsdStats.cpp",
                "function": "StatsdStats::noteAtomLogged"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "233745843382189759821355327949684258202",
                    "290326730571959422592367587925063738855",
                    "76205152548751388425430597755509979065",
                    "183090020580011612459726398641070241911",
                    "82802511456297941982137811718988298212",
                    "250979201520337539637457224109691230305"
                ]
            },
            "id": "ASB-A-187957589-c98e7ea9",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/b13b741a94a3d1fc85277de22644c62778bd3adc",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "cmds/statsd/src/guardrail/StatsdStats.cpp"
            },
            "signature_type": "Line"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/b13b741a94a3d1fc85277de22644c62778bd3adc"
    ],
    "spl": "2021-08-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}

Android / platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
11:0
Fixed
11:2021-08-01

Affected versions

Other

11

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 318.0,
                "function_hash": "334978686990845983360367193933320524345"
            },
            "id": "ASB-A-187957589-167b3202",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/cc0bba36c7c326e2fb75f1531547d2ed861d392c",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "cmds/statsd/src/guardrail/StatsdStats.cpp",
                "function": "StatsdStats::noteAtomLogged"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "286429898787765940536258522979636683682",
                    "67407610229995922092322167304233295542",
                    "42689763493395915227063805515031163171",
                    "73263904811897422185702818048666410956",
                    "82802511456297941982137811718988298212",
                    "250979201520337539637457224109691230305"
                ]
            },
            "id": "ASB-A-187957589-44902f22",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/cc0bba36c7c326e2fb75f1531547d2ed861d392c",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "cmds/statsd/src/guardrail/StatsdStats.cpp"
            },
            "signature_type": "Line"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/cc0bba36c7c326e2fb75f1531547d2ed861d392c"
    ],
    "spl": "2021-08-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}