ASB-A-188675581

See a problem?
Import Source
https://storage.googleapis.com/android-osv/ASB-A-188675581.json
JSON Data
https://api.osv.dev/v1/vulns/ASB-A-188675581
Aliases
  • A-188675581
  • CVE-2021-0928
Published
2021-11-01T00:00:00Z
Modified
2024-08-07T19:30:07.662956Z
Summary
Android 12 Beta - OutputConfiguration class can swallow exceptions thrown by other Parcelables during unparcelling
Details

In createFromParcel of OutputConfiguration.java, there is a possible parcel serialization/deserialization mismatch due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

References

Affected packages

Android / platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
9:0
Fixed
9:2021-11-01

Affected versions

Other

9

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 227.0,
                "function_hash": "76093156863976474586356531644141148758"
            },
            "id": "ASB-A-188675581-24cefa87",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/8a11538146d894264420d5baa554e3968496b020",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "core/java/android/hardware/camera2/params/VendorTagDescriptor.java",
                "function": "createFromParcel"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "317483527648198509270140802827447531782",
                    "223002703699211872129359134200179336438",
                    "221450786313566647513099793628289661548",
                    "313528256641003536810992463552861425957",
                    "324427275809028332310722070584879438496",
                    "177679753297519812690569650647470702063",
                    "226482931100025291448174953009991502882",
                    "10557001945486301106050378499633951520",
                    "111106639122235668039694155904913124616",
                    "171915954708776976830306371819336556732"
                ]
            },
            "id": "ASB-A-188675581-59b56edc",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/8a11538146d894264420d5baa554e3968496b020",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "core/java/android/hardware/camera2/params/OutputConfiguration.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "55948512943992732438289951357765895868",
                    "63330846775195551209605279357996019631",
                    "273408181363306553741003517302417019867",
                    "323580076011241559958992004763198920291",
                    "28705630028658975241407202452171672217",
                    "134854737740638073177096359259814546084",
                    "48690313245675545338122514461806755622",
                    "253602079636673948349820405558010193493",
                    "111106639122235668039694155904913124616",
                    "92411138204201860379570380065896571488"
                ]
            },
            "id": "ASB-A-188675581-6cad3ff6",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/8a11538146d894264420d5baa554e3968496b020",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "core/java/android/hardware/camera2/params/VendorTagDescriptorCache.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 227.0,
                "function_hash": "192616195078580846107894632108500532721"
            },
            "id": "ASB-A-188675581-9def4575",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/8a11538146d894264420d5baa554e3968496b020",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "core/java/android/hardware/camera2/params/OutputConfiguration.java",
                "function": "createFromParcel"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "153417852049301962207569779497827171531",
                    "261000798068641417599860683920950769917",
                    "68380207807907527116214470036115371347",
                    "36914989888970600394132832822505474009",
                    "237971076016265399093107091487085744480",
                    "125120888478096195769098937328838614142",
                    "332931380088863269407041538114198722673",
                    "37970245084357154993585643344969614462",
                    "111106639122235668039694155904913124616",
                    "290256071414516235837538977928667726928"
                ]
            },
            "id": "ASB-A-188675581-c179aba1",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/8a11538146d894264420d5baa554e3968496b020",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "core/java/android/hardware/camera2/params/VendorTagDescriptor.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 232.0,
                "function_hash": "304382079224574811999329775731874862630"
            },
            "id": "ASB-A-188675581-e909db41",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/8a11538146d894264420d5baa554e3968496b020",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "core/java/android/hardware/camera2/params/VendorTagDescriptorCache.java",
                "function": "createFromParcel"
            },
            "signature_type": "Function"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/8a11538146d894264420d5baa554e3968496b020"
    ],
    "spl": "2021-11-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}

Android / platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
10:0
Fixed
10:2021-11-01

Affected versions

Other

10

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 227.0,
                "function_hash": "192616195078580846107894632108500532721"
            },
            "id": "ASB-A-188675581-15e9629a",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/7bf30cb92ab213c07241ad22def6816ae201dbab",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "core/java/android/hardware/camera2/params/OutputConfiguration.java",
                "function": "createFromParcel"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 227.0,
                "function_hash": "76093156863976474586356531644141148758"
            },
            "id": "ASB-A-188675581-16a5e4a4",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/7bf30cb92ab213c07241ad22def6816ae201dbab",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "core/java/android/hardware/camera2/params/VendorTagDescriptor.java",
                "function": "createFromParcel"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "230352104463149322020516772239022149833",
                    "243872001309038146320784694779324733857",
                    "1987689868153551222234223639152650997",
                    "92097555207732753286478878071925575645",
                    "201550405209711947197728996795368769293",
                    "116311922245513189830199955547492906938",
                    "82429457986271022162143760017490601323",
                    "69352991995164639378330939860494258757",
                    "111106639122235668039694155904913124616",
                    "142009069770802382041921867158857961337"
                ]
            },
            "id": "ASB-A-188675581-1d89aa28",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/7bf30cb92ab213c07241ad22def6816ae201dbab",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "core/java/android/hardware/camera2/params/SessionConfiguration.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 232.0,
                "function_hash": "304382079224574811999329775731874862630"
            },
            "id": "ASB-A-188675581-4bb8143a",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/7bf30cb92ab213c07241ad22def6816ae201dbab",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "core/java/android/hardware/camera2/params/VendorTagDescriptorCache.java",
                "function": "createFromParcel"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 228.0,
                "function_hash": "66656033281491477789090332981665643467"
            },
            "id": "ASB-A-188675581-5daa56b3",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/7bf30cb92ab213c07241ad22def6816ae201dbab",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "core/java/android/hardware/camera2/params/SessionConfiguration.java",
                "function": "createFromParcel"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "153417852049301962207569779497827171531",
                    "261000798068641417599860683920950769917",
                    "68380207807907527116214470036115371347",
                    "36914989888970600394132832822505474009",
                    "237971076016265399093107091487085744480",
                    "125120888478096195769098937328838614142",
                    "332931380088863269407041538114198722673",
                    "37970245084357154993585643344969614462",
                    "111106639122235668039694155904913124616",
                    "290256071414516235837538977928667726928"
                ]
            },
            "id": "ASB-A-188675581-79aa071c",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/7bf30cb92ab213c07241ad22def6816ae201dbab",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "core/java/android/hardware/camera2/params/VendorTagDescriptor.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "317483527648198509270140802827447531782",
                    "223002703699211872129359134200179336438",
                    "221450786313566647513099793628289661548",
                    "313528256641003536810992463552861425957",
                    "324427275809028332310722070584879438496",
                    "177679753297519812690569650647470702063",
                    "226482931100025291448174953009991502882",
                    "10557001945486301106050378499633951520",
                    "111106639122235668039694155904913124616",
                    "171915954708776976830306371819336556732"
                ]
            },
            "id": "ASB-A-188675581-bfa3b659",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/7bf30cb92ab213c07241ad22def6816ae201dbab",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "core/java/android/hardware/camera2/params/OutputConfiguration.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "55948512943992732438289951357765895868",
                    "63330846775195551209605279357996019631",
                    "273408181363306553741003517302417019867",
                    "323580076011241559958992004763198920291",
                    "28705630028658975241407202452171672217",
                    "134854737740638073177096359259814546084",
                    "48690313245675545338122514461806755622",
                    "253602079636673948349820405558010193493",
                    "111106639122235668039694155904913124616",
                    "92411138204201860379570380065896571488"
                ]
            },
            "id": "ASB-A-188675581-cce59c71",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/7bf30cb92ab213c07241ad22def6816ae201dbab",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "core/java/android/hardware/camera2/params/VendorTagDescriptorCache.java"
            },
            "signature_type": "Line"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/7bf30cb92ab213c07241ad22def6816ae201dbab"
    ],
    "spl": "2021-11-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}

Android / platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
11:0
Fixed
11:2021-11-01

Affected versions

Other

11

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 232.0,
                "function_hash": "304382079224574811999329775731874862630"
            },
            "id": "ASB-A-188675581-1080fa75",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/7bf30cb92ab213c07241ad22def6816ae201dbab",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "core/java/android/hardware/camera2/params/VendorTagDescriptorCache.java",
                "function": "createFromParcel"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "55948512943992732438289951357765895868",
                    "63330846775195551209605279357996019631",
                    "273408181363306553741003517302417019867",
                    "323580076011241559958992004763198920291",
                    "28705630028658975241407202452171672217",
                    "134854737740638073177096359259814546084",
                    "48690313245675545338122514461806755622",
                    "253602079636673948349820405558010193493",
                    "111106639122235668039694155904913124616",
                    "92411138204201860379570380065896571488"
                ]
            },
            "id": "ASB-A-188675581-17a1b571",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/7bf30cb92ab213c07241ad22def6816ae201dbab",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "core/java/android/hardware/camera2/params/VendorTagDescriptorCache.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "230352104463149322020516772239022149833",
                    "243872001309038146320784694779324733857",
                    "1987689868153551222234223639152650997",
                    "92097555207732753286478878071925575645",
                    "201550405209711947197728996795368769293",
                    "116311922245513189830199955547492906938",
                    "82429457986271022162143760017490601323",
                    "69352991995164639378330939860494258757",
                    "111106639122235668039694155904913124616",
                    "142009069770802382041921867158857961337"
                ]
            },
            "id": "ASB-A-188675581-3930d5c2",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/7bf30cb92ab213c07241ad22def6816ae201dbab",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "core/java/android/hardware/camera2/params/SessionConfiguration.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "153417852049301962207569779497827171531",
                    "261000798068641417599860683920950769917",
                    "68380207807907527116214470036115371347",
                    "36914989888970600394132832822505474009",
                    "237971076016265399093107091487085744480",
                    "125120888478096195769098937328838614142",
                    "332931380088863269407041538114198722673",
                    "37970245084357154993585643344969614462",
                    "111106639122235668039694155904913124616",
                    "290256071414516235837538977928667726928"
                ]
            },
            "id": "ASB-A-188675581-4044cce5",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/7bf30cb92ab213c07241ad22def6816ae201dbab",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "core/java/android/hardware/camera2/params/VendorTagDescriptor.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 227.0,
                "function_hash": "192616195078580846107894632108500532721"
            },
            "id": "ASB-A-188675581-450466ea",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/7bf30cb92ab213c07241ad22def6816ae201dbab",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "core/java/android/hardware/camera2/params/OutputConfiguration.java",
                "function": "createFromParcel"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 227.0,
                "function_hash": "76093156863976474586356531644141148758"
            },
            "id": "ASB-A-188675581-bc4a4c08",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/7bf30cb92ab213c07241ad22def6816ae201dbab",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "core/java/android/hardware/camera2/params/VendorTagDescriptor.java",
                "function": "createFromParcel"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "317483527648198509270140802827447531782",
                    "223002703699211872129359134200179336438",
                    "221450786313566647513099793628289661548",
                    "313528256641003536810992463552861425957",
                    "324427275809028332310722070584879438496",
                    "177679753297519812690569650647470702063",
                    "226482931100025291448174953009991502882",
                    "10557001945486301106050378499633951520",
                    "111106639122235668039694155904913124616",
                    "171915954708776976830306371819336556732"
                ]
            },
            "id": "ASB-A-188675581-cc7d7f5d",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/7bf30cb92ab213c07241ad22def6816ae201dbab",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "core/java/android/hardware/camera2/params/OutputConfiguration.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 228.0,
                "function_hash": "66656033281491477789090332981665643467"
            },
            "id": "ASB-A-188675581-ec785397",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/7bf30cb92ab213c07241ad22def6816ae201dbab",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "core/java/android/hardware/camera2/params/SessionConfiguration.java",
                "function": "createFromParcel"
            },
            "signature_type": "Function"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/7bf30cb92ab213c07241ad22def6816ae201dbab"
    ],
    "spl": "2021-11-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}