ASB-A-192472262

See a problem?
Import Source
https://storage.googleapis.com/android-osv/ASB-A-192472262.json
JSON Data
https://api.osv.dev/v1/vulns/ASB-A-192472262
Aliases
  • A-192472262
  • CVE-2021-0870
Published
2021-10-01T00:00:00Z
Modified
2024-09-04T21:42:31Z
Summary
NFC: Type confusion due to race condition during tag type change
Details

In RWSetActivatedTagType of rwmain.cc, there is possible memory corruption due to a race condition. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

References

Affected packages

Android / platform/system/nfc

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
12-next:0
Fixed
12-next:2021-10-05

Affected versions

Other

12-next

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "302893232867454018641363865655908411067",
                    "210976996113860512045570130387013366078",
                    "313465638352293828128083945162559551649",
                    "279250398018132916871186158522252980488",
                    "127156942092032599343570054826927051280",
                    "330257752897520507121636459421915019403",
                    "80533257021511510262798487844484235390"
                ]
            },
            "id": "ASB-A-192472262-2eb81857",
            "source": "https://android.googlesource.com/platform/system/nfc/+/b8057f7a38d5817314f6f2e58bd4a721ec8af82f",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/nfc/tags/rw_main.cc"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 2471.0,
                "function_hash": "136064316806963250491071978082355760990"
            },
            "id": "ASB-A-192472262-52cfb177",
            "source": "https://android.googlesource.com/platform/system/nfc/+/b8057f7a38d5817314f6f2e58bd4a721ec8af82f",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/nfc/tags/rw_main.cc",
                "function": "RW_SetActivatedTagType"
            },
            "signature_type": "Function"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/system/nfc/+/b8057f7a38d5817314f6f2e58bd4a721ec8af82f"
    ],
    "spl": "2021-10-05",
    "severity": "Critical",
    "types": [
        "RCE",
        "Unknown"
    ]
}

Android / platform/system/nfc

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
8.1:0
Fixed
8.1:2021-10-05

Affected versions

8.*

8.1

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "47205773305918336113512978760078968046",
                    "226892096083222133045730400048669507793",
                    "182438082539428302298182184409806005702",
                    "154378929107018221922310404154722669410"
                ]
            },
            "id": "ASB-A-192472262-03091d52",
            "source": "https://android.googlesource.com/platform/system/nfc/+/c46f6bae6eead08db2cf8802597d6a79abecd61d",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/nfc/int/rw_int.h"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "62768246765865703317798982287313285624",
                    "193361874913685253006957382496936244893",
                    "313465638352293828128083945162559551649",
                    "114204275395889699226632905647299224125",
                    "74097997669915371604652575479350485954",
                    "330257752897520507121636459421915019403",
                    "80533257021511510262798487844484235390",
                    "31319219388572861682443835133408565508",
                    "116752398114785600286813135760767414721",
                    "7264008467217708235998599358252336213",
                    "259043411013545100030468099958946466968",
                    "66380368866398155582324220364231770408",
                    "128308300361778126841715943824972191586",
                    "45003195277241335126040370648453576070",
                    "250823399380312319798879698572175657712",
                    "217166207319349240801842679167475713420",
                    "202777370979880363927424928257696026940",
                    "98891080186251884775689380644836571055",
                    "136563850250159475160082139666915979006",
                    "74810456903472927028660912231395471901",
                    "168321468630801764284270519507927749771",
                    "178625057479913812332593574824862549202",
                    "44658155767870717743453013966218461797",
                    "39892505200246538321811963991462431623",
                    "271515681854671110353452512011639352970",
                    "207751600410343440732061341520047310602",
                    "182251488327910846416215502616996840247",
                    "160900221743648009562165594854372781712",
                    "245509992315490758294603412755090121580",
                    "187575340196971718705980383561492153201",
                    "254610896113732718132171255378618124950",
                    "81266092936727332726007925725092110041"
                ]
            },
            "id": "ASB-A-192472262-3a318eea",
            "source": "https://android.googlesource.com/platform/system/nfc/+/c46f6bae6eead08db2cf8802597d6a79abecd61d",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/nfc/tags/rw_main.c"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 216.0,
                "function_hash": "218380719019543911311176873720563389466"
            },
            "id": "ASB-A-192472262-5f48fcc0",
            "source": "https://android.googlesource.com/platform/system/nfc/+/c46f6bae6eead08db2cf8802597d6a79abecd61d",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/nfa/rw/nfa_rw_main.c",
                "function": "nfa_rw_sys_disable"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 1825.0,
                "function_hash": "209796781797281272901044075285254003723"
            },
            "id": "ASB-A-192472262-646b836a",
            "source": "https://android.googlesource.com/platform/system/nfc/+/c46f6bae6eead08db2cf8802597d6a79abecd61d",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/nfc/tags/rw_main.c",
                "function": "RW_SetActivatedTagType"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "285497211518417974432189690540753525042",
                    "167195127492270607099839688168886392530",
                    "32116527672606639105308544545969692718",
                    "213098385050008327674115042759588706981",
                    "215084346443858707146625045683015095430",
                    "169175089188190789203230794793600354144",
                    "326899375905766269527112838767128193986",
                    "96380901065363285994934094620422738588"
                ]
            },
            "id": "ASB-A-192472262-85581b8e",
            "source": "https://android.googlesource.com/platform/system/nfc/+/c46f6bae6eead08db2cf8802597d6a79abecd61d",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/nfa/rw/nfa_rw_main.c"
            },
            "signature_type": "Line"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/system/nfc/+/c46f6bae6eead08db2cf8802597d6a79abecd61d"
    ],
    "spl": "2021-10-05",
    "severity": "Critical",
    "types": [
        "RCE"
    ]
}

Android / platform/system/nfc

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
9:0
Fixed
9:2021-10-05

Affected versions

Other

9

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "309169735620520086458409125414466365005",
                    "159794013037315425599564031163905188888",
                    "80984087769456794948701838175523115202",
                    "18360374466063427144233264522237211541",
                    "215084346443858707146625045683015095430",
                    "169175089188190789203230794793600354144",
                    "326899375905766269527112838767128193986",
                    "96380901065363285994934094620422738588"
                ]
            },
            "id": "ASB-A-192472262-44dcac7d",
            "source": "https://android.googlesource.com/platform/system/nfc/+/963eb722db5c209a0c07e8770fa4a2a80e1929b6",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/nfa/rw/nfa_rw_main.cc"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 1910.0,
                "function_hash": "268459797997841723291835856033701742726"
            },
            "id": "ASB-A-192472262-4cdf7de0",
            "source": "https://android.googlesource.com/platform/system/nfc/+/963eb722db5c209a0c07e8770fa4a2a80e1929b6",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/nfc/tags/rw_main.cc",
                "function": "RW_SetActivatedTagType"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 216.0,
                "function_hash": "218380719019543911311176873720563389466"
            },
            "id": "ASB-A-192472262-5dfbf3af",
            "source": "https://android.googlesource.com/platform/system/nfc/+/963eb722db5c209a0c07e8770fa4a2a80e1929b6",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/nfa/rw/nfa_rw_main.cc",
                "function": "nfa_rw_sys_disable"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "302893232867454018641363865655908411067",
                    "210976996113860512045570130387013366078",
                    "313465638352293828128083945162559551649",
                    "279250398018132916871186158522252980488",
                    "127156942092032599343570054826927051280",
                    "330257752897520507121636459421915019403",
                    "80533257021511510262798487844484235390",
                    "31319219388572861682443835133408565508",
                    "116752398114785600286813135760767414721",
                    "7264008467217708235998599358252336213",
                    "259043411013545100030468099958946466968",
                    "66380368866398155582324220364231770408",
                    "128308300361778126841715943824972191586",
                    "45003195277241335126040370648453576070",
                    "250823399380312319798879698572175657712",
                    "217166207319349240801842679167475713420",
                    "202777370979880363927424928257696026940",
                    "98891080186251884775689380644836571055",
                    "136563850250159475160082139666915979006",
                    "74810456903472927028660912231395471901",
                    "168321468630801764284270519507927749771",
                    "178625057479913812332593574824862549202",
                    "44658155767870717743453013966218461797",
                    "39892505200246538321811963991462431623",
                    "271515681854671110353452512011639352970",
                    "207751600410343440732061341520047310602",
                    "182251488327910846416215502616996840247",
                    "160900221743648009562165594854372781712",
                    "245509992315490758294603412755090121580",
                    "130807270010810019887561946639422356455",
                    "137850334771874421580276121016572181376",
                    "195681628029619760819634353988126873983"
                ]
            },
            "id": "ASB-A-192472262-7a2aaeee",
            "source": "https://android.googlesource.com/platform/system/nfc/+/963eb722db5c209a0c07e8770fa4a2a80e1929b6",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/nfc/tags/rw_main.cc"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "47205773305918336113512978760078968046",
                    "226892096083222133045730400048669507793",
                    "182438082539428302298182184409806005702",
                    "154378929107018221922310404154722669410"
                ]
            },
            "id": "ASB-A-192472262-9366abf2",
            "source": "https://android.googlesource.com/platform/system/nfc/+/963eb722db5c209a0c07e8770fa4a2a80e1929b6",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/nfc/include/rw_int.h"
            },
            "signature_type": "Line"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/system/nfc/+/963eb722db5c209a0c07e8770fa4a2a80e1929b6"
    ],
    "spl": "2021-10-05",
    "severity": "Critical",
    "types": [
        "RCE"
    ]
}

Android / platform/system/nfc

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
10:0
Fixed
10:2021-10-05

Affected versions

Other

10

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 222.0,
                "function_hash": "26444777302962642810174583622933893910"
            },
            "id": "ASB-A-192472262-02686856",
            "source": "https://android.googlesource.com/platform/system/nfc/+/8227ca062e2a60d811756ff97ff96c1412ef34b3",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/nfa/rw/nfa_rw_main.cc",
                "function": "nfa_rw_sys_disable"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "309169735620520086458409125414466365005",
                    "159794013037315425599564031163905188888",
                    "80984087769456794948701838175523115202",
                    "18360374466063427144233264522237211541",
                    "215084346443858707146625045683015095430",
                    "159278060834158007775759667138713669769",
                    "11897088447118833119069963727776228279",
                    "26675774579406487782617293833818601816"
                ]
            },
            "id": "ASB-A-192472262-28efe7a1",
            "source": "https://android.googlesource.com/platform/system/nfc/+/8227ca062e2a60d811756ff97ff96c1412ef34b3",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/nfa/rw/nfa_rw_main.cc"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "283980276947757954147086910615649205523",
                    "270225791925085912678029993266002704005",
                    "182438082539428302298182184409806005702",
                    "154378929107018221922310404154722669410"
                ]
            },
            "id": "ASB-A-192472262-488f579b",
            "source": "https://android.googlesource.com/platform/system/nfc/+/8227ca062e2a60d811756ff97ff96c1412ef34b3",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/nfc/include/rw_int.h"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 2212.0,
                "function_hash": "133308851215872874088684263280792939599"
            },
            "id": "ASB-A-192472262-6f26c9f8",
            "source": "https://android.googlesource.com/platform/system/nfc/+/8227ca062e2a60d811756ff97ff96c1412ef34b3",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/nfc/tags/rw_main.cc",
                "function": "RW_SetActivatedTagType"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "302893232867454018641363865655908411067",
                    "210976996113860512045570130387013366078",
                    "313465638352293828128083945162559551649",
                    "279250398018132916871186158522252980488",
                    "127156942092032599343570054826927051280",
                    "330257752897520507121636459421915019403",
                    "80533257021511510262798487844484235390",
                    "31319219388572861682443835133408565508",
                    "116752398114785600286813135760767414721",
                    "7264008467217708235998599358252336213",
                    "259043411013545100030468099958946466968",
                    "66380368866398155582324220364231770408",
                    "128308300361778126841715943824972191586",
                    "45003195277241335126040370648453576070",
                    "250823399380312319798879698572175657712",
                    "217166207319349240801842679167475713420",
                    "202777370979880363927424928257696026940",
                    "98891080186251884775689380644836571055",
                    "136563850250159475160082139666915979006",
                    "74810456903472927028660912231395471901",
                    "168321468630801764284270519507927749771",
                    "178625057479913812332593574824862549202",
                    "44658155767870717743453013966218461797",
                    "39892505200246538321811963991462431623",
                    "271515681854671110353452512011639352970",
                    "207751600410343440732061341520047310602",
                    "182251488327910846416215502616996840247",
                    "194004132327884942881320893418192782225",
                    "302265989959309570159241524866198955392",
                    "49942536497191962176559980304491535831",
                    "31040897761022751548153717369945726216",
                    "164928981599508020981873727737507511403",
                    "248676804094145601138400730689456634904",
                    "130807270010810019887561946639422356455",
                    "137850334771874421580276121016572181376",
                    "82485740918241156753307011759424513245"
                ]
            },
            "id": "ASB-A-192472262-90a50ccb",
            "source": "https://android.googlesource.com/platform/system/nfc/+/8227ca062e2a60d811756ff97ff96c1412ef34b3",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/nfc/tags/rw_main.cc"
            },
            "signature_type": "Line"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/system/nfc/+/8227ca062e2a60d811756ff97ff96c1412ef34b3"
    ],
    "spl": "2021-10-05",
    "severity": "Critical",
    "types": [
        "RCE"
    ]
}

Android / platform/system/nfc

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
11:0
Fixed
11:2021-10-05

Affected versions

Other

11

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 2212.0,
                "function_hash": "133308851215872874088684263280792939599"
            },
            "id": "ASB-A-192472262-2c582bb7",
            "source": "https://android.googlesource.com/platform/system/nfc/+/8227ca062e2a60d811756ff97ff96c1412ef34b3",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/nfc/tags/rw_main.cc",
                "function": "RW_SetActivatedTagType"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "283980276947757954147086910615649205523",
                    "270225791925085912678029993266002704005",
                    "182438082539428302298182184409806005702",
                    "154378929107018221922310404154722669410"
                ]
            },
            "id": "ASB-A-192472262-4b05b61a",
            "source": "https://android.googlesource.com/platform/system/nfc/+/8227ca062e2a60d811756ff97ff96c1412ef34b3",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/nfc/include/rw_int.h"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "302893232867454018641363865655908411067",
                    "210976996113860512045570130387013366078",
                    "313465638352293828128083945162559551649",
                    "279250398018132916871186158522252980488",
                    "127156942092032599343570054826927051280",
                    "330257752897520507121636459421915019403",
                    "80533257021511510262798487844484235390",
                    "31319219388572861682443835133408565508",
                    "116752398114785600286813135760767414721",
                    "7264008467217708235998599358252336213",
                    "259043411013545100030468099958946466968",
                    "66380368866398155582324220364231770408",
                    "128308300361778126841715943824972191586",
                    "45003195277241335126040370648453576070",
                    "250823399380312319798879698572175657712",
                    "217166207319349240801842679167475713420",
                    "202777370979880363927424928257696026940",
                    "98891080186251884775689380644836571055",
                    "136563850250159475160082139666915979006",
                    "74810456903472927028660912231395471901",
                    "168321468630801764284270519507927749771",
                    "178625057479913812332593574824862549202",
                    "44658155767870717743453013966218461797",
                    "39892505200246538321811963991462431623",
                    "271515681854671110353452512011639352970",
                    "207751600410343440732061341520047310602",
                    "182251488327910846416215502616996840247",
                    "194004132327884942881320893418192782225",
                    "302265989959309570159241524866198955392",
                    "49942536497191962176559980304491535831",
                    "31040897761022751548153717369945726216",
                    "164928981599508020981873727737507511403",
                    "248676804094145601138400730689456634904",
                    "130807270010810019887561946639422356455",
                    "137850334771874421580276121016572181376",
                    "82485740918241156753307011759424513245"
                ]
            },
            "id": "ASB-A-192472262-c1b0fe4f",
            "source": "https://android.googlesource.com/platform/system/nfc/+/8227ca062e2a60d811756ff97ff96c1412ef34b3",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/nfc/tags/rw_main.cc"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "309169735620520086458409125414466365005",
                    "159794013037315425599564031163905188888",
                    "80984087769456794948701838175523115202",
                    "18360374466063427144233264522237211541",
                    "215084346443858707146625045683015095430",
                    "159278060834158007775759667138713669769",
                    "11897088447118833119069963727776228279",
                    "26675774579406487782617293833818601816"
                ]
            },
            "id": "ASB-A-192472262-c36653ca",
            "source": "https://android.googlesource.com/platform/system/nfc/+/8227ca062e2a60d811756ff97ff96c1412ef34b3",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/nfa/rw/nfa_rw_main.cc"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 222.0,
                "function_hash": "26444777302962642810174583622933893910"
            },
            "id": "ASB-A-192472262-fe1eebbe",
            "source": "https://android.googlesource.com/platform/system/nfc/+/8227ca062e2a60d811756ff97ff96c1412ef34b3",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/nfa/rw/nfa_rw_main.cc",
                "function": "nfa_rw_sys_disable"
            },
            "signature_type": "Function"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/system/nfc/+/8227ca062e2a60d811756ff97ff96c1412ef34b3"
    ],
    "spl": "2021-10-05",
    "severity": "Critical",
    "types": [
        "RCE"
    ]
}

Android / platform/system/nfc

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
12:0
Fixed
12:2021-10-05

Affected versions

Other

12

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 2471.0,
                "function_hash": "136064316806963250491071978082355760990"
            },
            "id": "ASB-A-192472262-4b4bdd2b",
            "source": "https://android.googlesource.com/platform/system/nfc/+/ad4982472cdf83d9ba8eb75078ca1c3bc05f6b23",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/nfc/tags/rw_main.cc",
                "function": "RW_SetActivatedTagType"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "302893232867454018641363865655908411067",
                    "210976996113860512045570130387013366078",
                    "313465638352293828128083945162559551649",
                    "279250398018132916871186158522252980488",
                    "127156942092032599343570054826927051280",
                    "330257752897520507121636459421915019403",
                    "80533257021511510262798487844484235390"
                ]
            },
            "id": "ASB-A-192472262-5709d997",
            "source": "https://android.googlesource.com/platform/system/nfc/+/ad4982472cdf83d9ba8eb75078ca1c3bc05f6b23",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/nfc/tags/rw_main.cc"
            },
            "signature_type": "Line"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/system/nfc/+/ad4982472cdf83d9ba8eb75078ca1c3bc05f6b23"
    ],
    "spl": "2021-10-05",
    "severity": "Critical",
    "types": [
        "Unknown"
    ]
}