ASB-A-193790350

See a problem?
Import Source
https://storage.googleapis.com/android-osv/ASB-A-193790350.json
JSON Data
https://api.osv.dev/v1/vulns/ASB-A-193790350
Aliases
  • A-193790350
  • CVE-2021-39803
Published
2022-04-01T00:00:00Z
Modified
2024-08-07T19:29:37.221145Z
Summary
C2FuzzerGsmDec: Tag-mismatch in android::C2AllocationIon::Impl::~Impl
Details

In ~Impl of C2AllocatorIon.cpp, there is a possible out of bounds read due to a use after free. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.

References

Affected packages

Android / platform/frameworks/av

Affected ranges

Type
ECOSYSTEM
Events
Introduced
10:0
Fixed
10:2022-04-01

Affected versions

Other

10

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "39997725199372059577550694964669424809",
                    "273063931939842850401049194650282175628",
                    "23635781807921844450053971616494484260",
                    "79833116189996246325763992945216508705",
                    "122504346484478287434413399803169473137",
                    "282596664588746285551602688336961958615",
                    "304059659473115756915233644411737299832",
                    "123801798367134975462997417348237060122",
                    "314686063585001825113132334808958923677",
                    "195903363165327730377140988313203592017",
                    "316461725082244718898528055752115183257",
                    "66275611729325449737339854251446508253",
                    "274283264904369067223163265774635421682",
                    "154925317047249732204408814864411678525",
                    "93064771771212267697144890968037783838",
                    "54456604817051958429238255474257769216",
                    "4415980063983488735625236013337988711",
                    "121665763636476463751885739650815948483",
                    "63908884897072704198123042693509587337",
                    "19985124781375086165144574996702862129",
                    "136847701873993135194624429221300571733",
                    "263016725820583220635591645880946986040",
                    "337062871888618167084664621384105313237",
                    "242604353954162070547450642583046068316",
                    "156310894629892543309019154915813841814",
                    "11584878628880323870927814561550416871",
                    "264916801351005653970177793585135920505",
                    "324916189533104502194359447110009875807",
                    "298304806127997440014602776602130529632",
                    "124325789932757898411036688471256543692",
                    "318304630998875668424512610947930899267"
                ]
            },
            "id": "ASB-A-193790350-2106de8c",
            "source": "https://android.googlesource.com/platform/frameworks/av/+/ac5f5cade22029ffada814347500535a368d88d9",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "media/codec2/vndk/C2AllocatorIon.cpp"
            },
            "signature_type": "Line"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/av/+/ac5f5cade22029ffada814347500535a368d88d9"
    ],
    "spl": "2022-04-01",
    "severity": "High",
    "types": [
        "ID"
    ]
}

Android / platform/frameworks/av

Affected ranges

Type
ECOSYSTEM
Events
Introduced
11:0
Fixed
11:2022-04-01

Affected versions

Other

11

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "39997725199372059577550694964669424809",
                    "273063931939842850401049194650282175628",
                    "23635781807921844450053971616494484260",
                    "79833116189996246325763992945216508705",
                    "122504346484478287434413399803169473137",
                    "282596664588746285551602688336961958615",
                    "304059659473115756915233644411737299832",
                    "123801798367134975462997417348237060122",
                    "314686063585001825113132334808958923677",
                    "195903363165327730377140988313203592017",
                    "316461725082244718898528055752115183257",
                    "66275611729325449737339854251446508253",
                    "274283264904369067223163265774635421682",
                    "154925317047249732204408814864411678525",
                    "93064771771212267697144890968037783838",
                    "54456604817051958429238255474257769216",
                    "4415980063983488735625236013337988711",
                    "121665763636476463751885739650815948483",
                    "201169086221429799773184087444789434386",
                    "242490286077537834776466743498273079701",
                    "68494283354012933943687583105914507292",
                    "111695304500474698755220168894222327492",
                    "337062871888618167084664621384105313237",
                    "242604353954162070547450642583046068316",
                    "156310894629892543309019154915813841814",
                    "11584878628880323870927814561550416871",
                    "264916801351005653970177793585135920505",
                    "324916189533104502194359447110009875807",
                    "298304806127997440014602776602130529632",
                    "124325789932757898411036688471256543692",
                    "318304630998875668424512610947930899267"
                ]
            },
            "id": "ASB-A-193790350-a1c48a58",
            "source": "https://android.googlesource.com/platform/frameworks/av/+/416da6e8da6b6a16c5c00bddd9fbc7a5f060cd58",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "media/codec2/vndk/C2AllocatorIon.cpp"
            },
            "signature_type": "Line"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/av/+/416da6e8da6b6a16c5c00bddd9fbc7a5f060cd58"
    ],
    "spl": "2022-04-01",
    "severity": "High",
    "types": [
        "ID"
    ]
}

Android / platform/frameworks/av

Affected ranges

Type
ECOSYSTEM
Events
Introduced
12:0
Fixed
12:2022-04-01

Affected versions

Other

12

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "39997725199372059577550694964669424809",
                    "273063931939842850401049194650282175628",
                    "23635781807921844450053971616494484260",
                    "79833116189996246325763992945216508705",
                    "122504346484478287434413399803169473137",
                    "282596664588746285551602688336961958615",
                    "304059659473115756915233644411737299832",
                    "123801798367134975462997417348237060122",
                    "314686063585001825113132334808958923677",
                    "195903363165327730377140988313203592017",
                    "316461725082244718898528055752115183257",
                    "66275611729325449737339854251446508253",
                    "274283264904369067223163265774635421682",
                    "154925317047249732204408814864411678525",
                    "93064771771212267697144890968037783838",
                    "54456604817051958429238255474257769216",
                    "4415980063983488735625236013337988711",
                    "121665763636476463751885739650815948483",
                    "201169086221429799773184087444789434386",
                    "242490286077537834776466743498273079701",
                    "68494283354012933943687583105914507292",
                    "111695304500474698755220168894222327492",
                    "337062871888618167084664621384105313237",
                    "242604353954162070547450642583046068316",
                    "156310894629892543309019154915813841814",
                    "11584878628880323870927814561550416871",
                    "264916801351005653970177793585135920505",
                    "324916189533104502194359447110009875807",
                    "298304806127997440014602776602130529632",
                    "124325789932757898411036688471256543692",
                    "318304630998875668424512610947930899267"
                ]
            },
            "id": "ASB-A-193790350-14792537",
            "source": "https://android.googlesource.com/platform/frameworks/av/+/416da6e8da6b6a16c5c00bddd9fbc7a5f060cd58",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "media/codec2/vndk/C2AllocatorIon.cpp"
            },
            "signature_type": "Line"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/av/+/416da6e8da6b6a16c5c00bddd9fbc7a5f060cd58"
    ],
    "spl": "2022-04-01",
    "severity": "High",
    "types": [
        "ID"
    ]
}

Android / platform/frameworks/av

Affected ranges

Type
ECOSYSTEM
Events
Introduced
12L:0
Fixed
12L:2022-04-01

Affected versions

Other

12L

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "39997725199372059577550694964669424809",
                    "273063931939842850401049194650282175628",
                    "23635781807921844450053971616494484260",
                    "79833116189996246325763992945216508705",
                    "122504346484478287434413399803169473137",
                    "282596664588746285551602688336961958615",
                    "304059659473115756915233644411737299832",
                    "123801798367134975462997417348237060122",
                    "314686063585001825113132334808958923677",
                    "195903363165327730377140988313203592017",
                    "316461725082244718898528055752115183257",
                    "66275611729325449737339854251446508253",
                    "274283264904369067223163265774635421682",
                    "154925317047249732204408814864411678525",
                    "93064771771212267697144890968037783838",
                    "54456604817051958429238255474257769216",
                    "4415980063983488735625236013337988711",
                    "121665763636476463751885739650815948483",
                    "201169086221429799773184087444789434386",
                    "242490286077537834776466743498273079701",
                    "68494283354012933943687583105914507292",
                    "111695304500474698755220168894222327492",
                    "337062871888618167084664621384105313237",
                    "242604353954162070547450642583046068316",
                    "156310894629892543309019154915813841814",
                    "11584878628880323870927814561550416871",
                    "264916801351005653970177793585135920505",
                    "324916189533104502194359447110009875807",
                    "298304806127997440014602776602130529632",
                    "124325789932757898411036688471256543692",
                    "318304630998875668424512610947930899267"
                ]
            },
            "id": "ASB-A-193790350-b9c6696c",
            "source": "https://android.googlesource.com/platform/frameworks/av/+/416da6e8da6b6a16c5c00bddd9fbc7a5f060cd58",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "media/codec2/vndk/C2AllocatorIon.cpp"
            },
            "signature_type": "Line"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/av/+/416da6e8da6b6a16c5c00bddd9fbc7a5f060cd58"
    ],
    "spl": "2022-04-01",
    "severity": "High",
    "types": [
        "ID"
    ]
}