ASB-A-193932765

See a problem?
Import Source
https://storage.googleapis.com/android-osv/ASB-A-193932765.json
JSON Data
https://api.osv.dev/v1/vulns/ASB-A-193932765
Aliases
  • A-193932765
  • CVE-2021-0702
Published
2021-10-01T00:00:00Z
Modified
2024-09-04T21:42:31Z
Summary
Mainline train application can result in all apexes getting reset to factory version
Details

In RevertActiveSessions of apexd.cpp, there is a possible way to share the wrong file due to an unintentional MediaStore downgrade. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.

References

Affected packages

Android / platform/system/apex

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
12-next:0
Fixed
12-next:2021-10-01

Affected versions

Other

12-next

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 759.0,
                "function_hash": "4225605585403834167859559494038422097"
            },
            "id": "ASB-A-193932765-121d5e3b",
            "source": "https://android.googlesource.com/platform/system/apex/+/85642155eecda9c895283e3050fdb376d92271ae",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "apexd/apexservice_test.cpp",
                "function": "TEST_F"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 665.0,
                "function_hash": "221185430640167795994461514572675412671"
            },
            "id": "ASB-A-193932765-5d058dd5",
            "source": "https://android.googlesource.com/platform/system/apex/+/85642155eecda9c895283e3050fdb376d92271ae",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "apexd/apexd.cpp",
                "function": "MarkStagedSessionSuccessful"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 1444.0,
                "function_hash": "125294212298402906571786902835556765207"
            },
            "id": "ASB-A-193932765-9a5b1882",
            "source": "https://android.googlesource.com/platform/system/apex/+/85642155eecda9c895283e3050fdb376d92271ae",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "apexd/apexd.cpp",
                "function": "RevertActiveSessions"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 749.0,
                "function_hash": "65523335027097412076397067156421795660"
            },
            "id": "ASB-A-193932765-ace45464",
            "source": "https://android.googlesource.com/platform/system/apex/+/85642155eecda9c895283e3050fdb376d92271ae",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "apexd/apexd.cpp",
                "function": "SnapshotOrRestoreDeIfNeeded"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "320368934161097258373103801471081216922",
                    "68058988134707673697915681617187371683",
                    "293871845438437000714851214961336583451",
                    "120069062108307707337704162973096265066",
                    "177323380561203205566506576379929417985",
                    "150129177591435773974734764521744983111",
                    "174566926346699008918903714615287313064",
                    "19822187885687733038830903977778256284",
                    "161386867502133588770722603680683819201",
                    "185637322169053659648262611643525432080",
                    "82734324360775399527833524396563565531",
                    "113462575722501739946523573326268959791",
                    "83610950489604769613188067601739555789",
                    "169803609558657796400748083876021886080",
                    "247501076125039994361520846362667370995",
                    "212712315670096086582947605449973107822"
                ]
            },
            "id": "ASB-A-193932765-c1a8cc34",
            "source": "https://android.googlesource.com/platform/system/apex/+/85642155eecda9c895283e3050fdb376d92271ae",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "apexd/apexd.cpp"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "71776072034085910789840484084957767367",
                    "223071834603685859378026100979384685739",
                    "21308573381988020948466282333566266874",
                    "278763187026425857757291849168933974831",
                    "242888823248232888448947889266252389506",
                    "37632723190152927075215054021761994635",
                    "66798092264571664492433124176993360",
                    "194168362368295224660763533037464496337",
                    "176816195945023825905190045703596969855",
                    "137458747424579871892187066689315327895",
                    "199120534089681793160055609323705101069",
                    "79838552734418631238722252323307207190"
                ]
            },
            "id": "ASB-A-193932765-cd46adf5",
            "source": "https://android.googlesource.com/platform/system/apex/+/85642155eecda9c895283e3050fdb376d92271ae",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "apexd/apexservice_test.cpp"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 1111.0,
                "function_hash": "271649168231923886021933417791823138535"
            },
            "id": "ASB-A-193932765-d1cc1a26",
            "source": "https://android.googlesource.com/platform/system/apex/+/85642155eecda9c895283e3050fdb376d92271ae",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "apexd/apexservice_test.cpp",
                "function": "TEST_F"
            },
            "signature_type": "Function"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/system/apex/+/85642155eecda9c895283e3050fdb376d92271ae"
    ],
    "spl": "2021-10-01",
    "severity": "High",
    "types": [
        "Unknown",
        "ID"
    ]
}

Android / platform/system/apex

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
11:0
Fixed
11:2021-10-01

Affected versions

Other

11

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 1326.0,
                "function_hash": "146021214116064396526111273784920474487"
            },
            "id": "ASB-A-193932765-334b723b",
            "source": "https://android.googlesource.com/platform/system/apex/+/f8365a8edcfd195562af485080d2a0462be8e180",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "apexd/apexd.cpp",
                "function": "revertActiveSessions"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 759.0,
                "function_hash": "4225605585403834167859559494038422097"
            },
            "id": "ASB-A-193932765-44acc72a",
            "source": "https://android.googlesource.com/platform/system/apex/+/f8365a8edcfd195562af485080d2a0462be8e180",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "apexd/apexservice_test.cpp",
                "function": "TEST_F"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 1111.0,
                "function_hash": "271649168231923886021933417791823138535"
            },
            "id": "ASB-A-193932765-5bf132d7",
            "source": "https://android.googlesource.com/platform/system/apex/+/f8365a8edcfd195562af485080d2a0462be8e180",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "apexd/apexservice_test.cpp",
                "function": "TEST_F"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "71776072034085910789840484084957767367",
                    "223071834603685859378026100979384685739",
                    "21308573381988020948466282333566266874",
                    "278763187026425857757291849168933974831",
                    "242888823248232888448947889266252389506",
                    "37632723190152927075215054021761994635",
                    "66798092264571664492433124176993360",
                    "194168362368295224660763533037464496337",
                    "176816195945023825905190045703596969855",
                    "137458747424579871892187066689315327895",
                    "199120534089681793160055609323705101069",
                    "79838552734418631238722252323307207190"
                ]
            },
            "id": "ASB-A-193932765-6cc57ff2",
            "source": "https://android.googlesource.com/platform/system/apex/+/f8365a8edcfd195562af485080d2a0462be8e180",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "apexd/apexservice_test.cpp"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 665.0,
                "function_hash": "221185430640167795994461514572675412671"
            },
            "id": "ASB-A-193932765-788eb10f",
            "source": "https://android.googlesource.com/platform/system/apex/+/f8365a8edcfd195562af485080d2a0462be8e180",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "apexd/apexd.cpp",
                "function": "markStagedSessionSuccessful"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 740.0,
                "function_hash": "230163486724358823151034931663723547050"
            },
            "id": "ASB-A-193932765-a3356da4",
            "source": "https://android.googlesource.com/platform/system/apex/+/f8365a8edcfd195562af485080d2a0462be8e180",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "apexd/apexd.cpp",
                "function": "snapshotOrRestoreDeIfNeeded"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "169296400959577218533387579562021010949",
                    "128834976284114198796887800814090678366",
                    "306046320310944667035266873422815445613",
                    "334119813775160906721629362649045046493",
                    "320368934161097258373103801471081216922",
                    "68058988134707673697915681617187371683",
                    "293871845438437000714851214961336583451",
                    "120069062108307707337704162973096265066",
                    "177323380561203205566506576379929417985",
                    "12257777062396164400265326842287906130",
                    "137502329816960007812806670706006202319",
                    "246290016886883701825675433257874847030",
                    "282556697257193086295839651627960455520",
                    "115048200509582525822702907663301154087",
                    "224476337885555874042652336701367178629",
                    "113462575722501739946523573326268959791",
                    "83610950489604769613188067601739555789",
                    "169803609558657796400748083876021886080",
                    "247501076125039994361520846362667370995",
                    "212712315670096086582947605449973107822"
                ]
            },
            "id": "ASB-A-193932765-af566fcd",
            "source": "https://android.googlesource.com/platform/system/apex/+/f8365a8edcfd195562af485080d2a0462be8e180",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "apexd/apexd.cpp"
            },
            "signature_type": "Line"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/system/apex/+/f8365a8edcfd195562af485080d2a0462be8e180"
    ],
    "spl": "2021-10-01",
    "severity": "High",
    "types": [
        "ID"
    ]
}

Android / platform/system/apex

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
12:0
Fixed
12:2021-10-01

Affected versions

Other

12

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "71776072034085910789840484084957767367",
                    "223071834603685859378026100979384685739",
                    "21308573381988020948466282333566266874",
                    "278763187026425857757291849168933974831",
                    "242888823248232888448947889266252389506",
                    "37632723190152927075215054021761994635",
                    "66798092264571664492433124176993360",
                    "194168362368295224660763533037464496337",
                    "176816195945023825905190045703596969855",
                    "137458747424579871892187066689315327895",
                    "199120534089681793160055609323705101069",
                    "79838552734418631238722252323307207190"
                ]
            },
            "id": "ASB-A-193932765-2b35a5b5",
            "source": "https://android.googlesource.com/platform/system/apex/+/85642155eecda9c895283e3050fdb376d92271ae",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "apexd/apexservice_test.cpp"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "320368934161097258373103801471081216922",
                    "68058988134707673697915681617187371683",
                    "293871845438437000714851214961336583451",
                    "120069062108307707337704162973096265066",
                    "177323380561203205566506576379929417985",
                    "150129177591435773974734764521744983111",
                    "174566926346699008918903714615287313064",
                    "19822187885687733038830903977778256284",
                    "161386867502133588770722603680683819201",
                    "185637322169053659648262611643525432080",
                    "82734324360775399527833524396563565531",
                    "113462575722501739946523573326268959791",
                    "83610950489604769613188067601739555789",
                    "169803609558657796400748083876021886080",
                    "247501076125039994361520846362667370995",
                    "212712315670096086582947605449973107822"
                ]
            },
            "id": "ASB-A-193932765-40d7adb1",
            "source": "https://android.googlesource.com/platform/system/apex/+/85642155eecda9c895283e3050fdb376d92271ae",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "apexd/apexd.cpp"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 1444.0,
                "function_hash": "125294212298402906571786902835556765207"
            },
            "id": "ASB-A-193932765-749ddd16",
            "source": "https://android.googlesource.com/platform/system/apex/+/85642155eecda9c895283e3050fdb376d92271ae",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "apexd/apexd.cpp",
                "function": "RevertActiveSessions"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 759.0,
                "function_hash": "4225605585403834167859559494038422097"
            },
            "id": "ASB-A-193932765-8cb50f85",
            "source": "https://android.googlesource.com/platform/system/apex/+/85642155eecda9c895283e3050fdb376d92271ae",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "apexd/apexservice_test.cpp",
                "function": "TEST_F"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 749.0,
                "function_hash": "65523335027097412076397067156421795660"
            },
            "id": "ASB-A-193932765-bc67d8fe",
            "source": "https://android.googlesource.com/platform/system/apex/+/85642155eecda9c895283e3050fdb376d92271ae",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "apexd/apexd.cpp",
                "function": "SnapshotOrRestoreDeIfNeeded"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 665.0,
                "function_hash": "221185430640167795994461514572675412671"
            },
            "id": "ASB-A-193932765-dd5e55c4",
            "source": "https://android.googlesource.com/platform/system/apex/+/85642155eecda9c895283e3050fdb376d92271ae",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "apexd/apexd.cpp",
                "function": "MarkStagedSessionSuccessful"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 1111.0,
                "function_hash": "271649168231923886021933417791823138535"
            },
            "id": "ASB-A-193932765-f1d647c1",
            "source": "https://android.googlesource.com/platform/system/apex/+/85642155eecda9c895283e3050fdb376d92271ae",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "apexd/apexservice_test.cpp",
                "function": "TEST_F"
            },
            "signature_type": "Function"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/system/apex/+/85642155eecda9c895283e3050fdb376d92271ae"
    ],
    "spl": "2021-10-01",
    "severity": "High",
    "types": [
        "Unknown"
    ]
}