ASB-A-194695497

See a problem?
Import Source
https://storage.googleapis.com/android-osv/ASB-A-194695497.json
JSON Data
https://api.osv.dev/v1/vulns/ASB-A-194695497
Aliases
  • A-194695497
  • CVE-2021-39626
Published
2022-01-01T00:00:00Z
Modified
2024-08-07T19:29:06.888381Z
Summary
Make Bluetooth discoverable without additional permission
Details

In onAttach of ConnectedDeviceDashboardFragment.java, there is a possible permission bypass due to a confused deputy. This could lead to local escalation of privilege in Bluetooth settings with no additional execution privileges needed. User interaction is not needed for exploitation.

References

Affected packages

Android / platform/packages/apps/Settings

Affected ranges

Type
ECOSYSTEM
Events
Introduced
9:0
Fixed
9:2022-01-01

Affected versions

Other

9

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "122436655769960876950327506539057899134",
                    "85936768693390141581032637767414632546",
                    "26834401021624556130836192422891320233",
                    "87447767317621775843721729129572274897",
                    "300760323630716146045699634891843242882",
                    "222327848783132382432003289128134544423",
                    "216215073306296065314012340413239016032",
                    "88713409712068162077860391235105736219",
                    "39261359632743984324474902002462018212",
                    "24211135599265295438470766186359504518",
                    "1005306557762615373626565662367547709",
                    "170149756272429903689796819935110646491",
                    "21388436887348979908371249288545844726",
                    "64335299588713598197799131681995517259",
                    "88307514168109242932365026040610766779",
                    "3674160039292587285849858495930910657",
                    "138824602437083469331565032904689436529",
                    "223488986215449101054309837505325390408",
                    "19364766549390664423382284233988628430",
                    "6808611186853965903113183353507673168",
                    "118990646222525498351112552386115424734",
                    "310799688535784630251187413576798147420"
                ]
            },
            "id": "ASB-A-194695497-0abec21d",
            "source": "https://android.googlesource.com/platform/packages/apps/Settings/+/f8cd68c6e2440f541c77c1e7e299aaca432c05c5",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/com/android/settings/connecteddevice/DiscoverableFooterPreferenceController.java"
            },
            "signature_type": "Line"
        },
        {
            "match_only_versions": [
                "9"
            ],
            "digest": {
                "length": 107.0,
                "function_hash": "268238997001670844559971242648097791445"
            },
            "id": "ASB-A-194695497-1e1bf43f",
            "source": "https://android.googlesource.com/platform/packages/apps/Settings/+/f8cd68c6e2440f541c77c1e7e299aaca432c05c5",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/com/android/settings/connecteddevice/DiscoverableFooterPreferenceController.java",
                "function": "init"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 111.0,
                "function_hash": "179416585184535575631683987443604216282"
            },
            "id": "ASB-A-194695497-20302f9c",
            "source": "https://android.googlesource.com/platform/packages/apps/Settings/+/f8cd68c6e2440f541c77c1e7e299aaca432c05c5",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/com/android/settings/connecteddevice/DiscoverableFooterPreferenceController.java",
                "function": "onPause"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "78854732571040967907927662601738678612",
                    "335940109855155077124864081825439259544",
                    "110343704322006136596666770970428274283",
                    "74985741228474719343234102010223948256",
                    "32363225495246370601200884544494355510",
                    "107371975565343768832202982237512898634",
                    "200779139782422243295946451707250738602",
                    "151435939648656856922169056879765873245",
                    "293896055190481927883941316866386521470",
                    "124337164737968615162218777642052250404",
                    "82238793093865936609388420905358765395",
                    "19897069738504487259929902965143711465",
                    "189655131381408458353547443116022135341",
                    "8924831491191744649092821175969637167",
                    "245551475002278065297110278709164080564",
                    "67968165297240889273404703384658113822",
                    "196444368393633963089543646432763125962"
                ]
            },
            "id": "ASB-A-194695497-8360ac17",
            "source": "https://android.googlesource.com/platform/packages/apps/Settings/+/f8cd68c6e2440f541c77c1e7e299aaca432c05c5",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/com/android/settings/connecteddevice/ConnectedDeviceDashboardFragment.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 214.0,
                "function_hash": "190711648362598552797040191985779008202"
            },
            "id": "ASB-A-194695497-e56a53f8",
            "source": "https://android.googlesource.com/platform/packages/apps/Settings/+/f8cd68c6e2440f541c77c1e7e299aaca432c05c5",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/com/android/settings/connecteddevice/DiscoverableFooterPreferenceController.java",
                "function": "onResume"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 259.0,
                "function_hash": "64120534816708702707614246021414511636"
            },
            "id": "ASB-A-194695497-f9d3648b",
            "source": "https://android.googlesource.com/platform/packages/apps/Settings/+/f8cd68c6e2440f541c77c1e7e299aaca432c05c5",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/com/android/settings/connecteddevice/ConnectedDeviceDashboardFragment.java",
                "function": "onAttach"
            },
            "signature_type": "Function"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/packages/apps/Settings/+/f8cd68c6e2440f541c77c1e7e299aaca432c05c5"
    ],
    "spl": "2022-01-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}

Android / platform/packages/apps/Settings

Affected ranges

Type
ECOSYSTEM
Events
Introduced
10:0
Fixed
10:2022-01-01

Affected versions

Other

10

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "334199533084626694836244648208521102532",
                    "38044901417271632864188770536742574869",
                    "173550152809359777534687513766131495902",
                    "43544521087176309662915927050405780725",
                    "173565680331490800229406522870336291472",
                    "41010585180331343088590447053950461077",
                    "126675255715789521211312407677343187761",
                    "192201047181578796092704105373893608440",
                    "281095332955949515334146017962262188685",
                    "131005229943685507407948181223533992751",
                    "151435939648656856922169056879765873245",
                    "293896055190481927883941316866386521470",
                    "16789471629837828750971852476416894496",
                    "130623704231904072656229607524496604505",
                    "57436758362007558008961966365273328498",
                    "39157609328686431319111868510179172335",
                    "225146397718648864349187310230142139204",
                    "316534031332324522471333249097602726138",
                    "108093766130535160484837562403598632960",
                    "257947357606388693643390694588195234551"
                ]
            },
            "id": "ASB-A-194695497-57a1b923",
            "source": "https://android.googlesource.com/platform/packages/apps/Settings/+/d4e0ed22844c1fbb2afdd2ab9ad8b428e18eb909",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/com/android/settings/connecteddevice/ConnectedDeviceDashboardFragment.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 542.0,
                "function_hash": "330485091286897628423529357447139561349"
            },
            "id": "ASB-A-194695497-b801bb65",
            "source": "https://android.googlesource.com/platform/packages/apps/Settings/+/d4e0ed22844c1fbb2afdd2ab9ad8b428e18eb909",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/com/android/settings/connecteddevice/ConnectedDeviceDashboardFragment.java",
                "function": "onAttach"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 153.0,
                "function_hash": "91963845275780894993294402429917410478"
            },
            "id": "ASB-A-194695497-de6bae9d",
            "source": "https://android.googlesource.com/platform/packages/apps/Settings/+/d4e0ed22844c1fbb2afdd2ab9ad8b428e18eb909",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/com/android/settings/connecteddevice/DiscoverableFooterPreferenceController.java",
                "function": "onPause"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "239229486420957595956368202128380969072",
                    "231064882697015276988132569763951320081",
                    "200593779148679881714059040135778176299",
                    "87447767317621775843721729129572274897",
                    "158832692220761117042415472666228546376",
                    "66367091856801011938112290488018410504",
                    "241678318852153916596733205425749005796",
                    "108124855329909737152417714067839868847",
                    "3399581231334601109740174138705536015",
                    "208573078307223953797686647032651826796",
                    "118990646222525498351112552386115424734",
                    "310799688535784630251187413576798147420"
                ]
            },
            "id": "ASB-A-194695497-f1de905b",
            "source": "https://android.googlesource.com/platform/packages/apps/Settings/+/d4e0ed22844c1fbb2afdd2ab9ad8b428e18eb909",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/com/android/settings/connecteddevice/DiscoverableFooterPreferenceController.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 260.0,
                "function_hash": "36740941923910065463964134822007715740"
            },
            "id": "ASB-A-194695497-f7de6789",
            "source": "https://android.googlesource.com/platform/packages/apps/Settings/+/d4e0ed22844c1fbb2afdd2ab9ad8b428e18eb909",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/com/android/settings/connecteddevice/DiscoverableFooterPreferenceController.java",
                "function": "onResume"
            },
            "signature_type": "Function"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/packages/apps/Settings/+/d4e0ed22844c1fbb2afdd2ab9ad8b428e18eb909"
    ],
    "spl": "2022-01-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}

Android / platform/packages/apps/Settings

Affected ranges

Type
ECOSYSTEM
Events
Introduced
11:0
Fixed
11:2022-01-01

Affected versions

Other

11

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 260.0,
                "function_hash": "36740941923910065463964134822007715740"
            },
            "id": "ASB-A-194695497-0d145b0d",
            "source": "https://android.googlesource.com/platform/packages/apps/Settings/+/528d40e4d12bc82bfc48b4c886c177c7b02561a4",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/com/android/settings/connecteddevice/DiscoverableFooterPreferenceController.java",
                "function": "onStart"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 493.0,
                "function_hash": "297775876503380350312662350435352403000"
            },
            "id": "ASB-A-194695497-1723a1e5",
            "source": "https://android.googlesource.com/platform/packages/apps/Settings/+/528d40e4d12bc82bfc48b4c886c177c7b02561a4",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/com/android/settings/connecteddevice/ConnectedDeviceDashboardFragment.java",
                "function": "onAttach"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "58186325380940998606572044309683800785",
                    "168274576210405597384042247998571296393",
                    "53814305264197455281423288812219738337",
                    "37713072097084455662303289248028351821",
                    "173565680331490800229406522870336291472",
                    "41010585180331343088590447053950461077",
                    "126675255715789521211312407677343187761",
                    "199406920907311450155439362999825324180",
                    "145773720459315603110567769967791436740",
                    "131005229943685507407948181223533992751",
                    "151435939648656856922169056879765873245",
                    "293896055190481927883941316866386521470",
                    "16789471629837828750971852476416894496",
                    "130623704231904072656229607524496604505",
                    "57436758362007558008961966365273328498",
                    "39157609328686431319111868510179172335",
                    "268081101543349386720916255700709436876",
                    "200880685560810484905966096075829990905",
                    "286617578655076745186620071642771551868",
                    "316534031332324522471333249097602726138",
                    "252745251783542739927793779143804353331",
                    "60654188398131995005716655694692818588"
                ]
            },
            "id": "ASB-A-194695497-5e2c8b3f",
            "source": "https://android.googlesource.com/platform/packages/apps/Settings/+/528d40e4d12bc82bfc48b4c886c177c7b02561a4",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/com/android/settings/connecteddevice/ConnectedDeviceDashboardFragment.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 153.0,
                "function_hash": "91963845275780894993294402429917410478"
            },
            "id": "ASB-A-194695497-7d238496",
            "source": "https://android.googlesource.com/platform/packages/apps/Settings/+/528d40e4d12bc82bfc48b4c886c177c7b02561a4",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/com/android/settings/connecteddevice/DiscoverableFooterPreferenceController.java",
                "function": "onStop"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "213947356050651262423463155542306219633",
                    "158093438210262513254546451847388399365",
                    "165577544182760775379529463281745738425",
                    "211678709597058504880002867225384177674",
                    "158832692220761117042415472666228546376",
                    "66367091856801011938112290488018410504",
                    "241678318852153916596733205425749005796",
                    "108124855329909737152417714067839868847",
                    "3399581231334601109740174138705536015",
                    "208573078307223953797686647032651826796",
                    "118990646222525498351112552386115424734",
                    "310799688535784630251187413576798147420"
                ]
            },
            "id": "ASB-A-194695497-deb0a403",
            "source": "https://android.googlesource.com/platform/packages/apps/Settings/+/528d40e4d12bc82bfc48b4c886c177c7b02561a4",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/com/android/settings/connecteddevice/DiscoverableFooterPreferenceController.java"
            },
            "signature_type": "Line"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/packages/apps/Settings/+/528d40e4d12bc82bfc48b4c886c177c7b02561a4"
    ],
    "spl": "2022-01-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}

Android / platform/packages/apps/Settings

Affected ranges

Type
ECOSYSTEM
Events
Introduced
12:0
Fixed
12:2022-01-01

Affected versions

Other

12

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 260.0,
                "function_hash": "36740941923910065463964134822007715740"
            },
            "id": "ASB-A-194695497-1463c500",
            "source": "https://android.googlesource.com/platform/packages/apps/Settings/+/d7c50f795201fa8dc125a82a711fd7be15b6d3e4",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/com/android/settings/connecteddevice/DiscoverableFooterPreferenceController.java",
                "function": "onStart"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "58186325380940998606572044309683800785",
                    "168274576210405597384042247998571296393",
                    "53814305264197455281423288812219738337",
                    "37713072097084455662303289248028351821",
                    "173565680331490800229406522870336291472",
                    "41010585180331343088590447053950461077",
                    "126675255715789521211312407677343187761",
                    "199406920907311450155439362999825324180",
                    "145773720459315603110567769967791436740",
                    "131005229943685507407948181223533992751",
                    "151435939648656856922169056879765873245",
                    "293896055190481927883941316866386521470",
                    "16789471629837828750971852476416894496",
                    "130623704231904072656229607524496604505",
                    "57436758362007558008961966365273328498",
                    "39157609328686431319111868510179172335",
                    "268081101543349386720916255700709436876",
                    "200880685560810484905966096075829990905",
                    "286617578655076745186620071642771551868",
                    "316534031332324522471333249097602726138",
                    "252745251783542739927793779143804353331",
                    "60654188398131995005716655694692818588"
                ]
            },
            "id": "ASB-A-194695497-1bb652ed",
            "source": "https://android.googlesource.com/platform/packages/apps/Settings/+/d7c50f795201fa8dc125a82a711fd7be15b6d3e4",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/com/android/settings/connecteddevice/ConnectedDeviceDashboardFragment.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 153.0,
                "function_hash": "91963845275780894993294402429917410478"
            },
            "id": "ASB-A-194695497-1f738c9f",
            "source": "https://android.googlesource.com/platform/packages/apps/Settings/+/d7c50f795201fa8dc125a82a711fd7be15b6d3e4",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/com/android/settings/connecteddevice/DiscoverableFooterPreferenceController.java",
                "function": "onStop"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "213947356050651262423463155542306219633",
                    "158093438210262513254546451847388399365",
                    "165577544182760775379529463281745738425",
                    "211678709597058504880002867225384177674",
                    "158832692220761117042415472666228546376",
                    "66367091856801011938112290488018410504",
                    "241678318852153916596733205425749005796",
                    "108124855329909737152417714067839868847",
                    "3399581231334601109740174138705536015",
                    "208573078307223953797686647032651826796",
                    "118990646222525498351112552386115424734",
                    "310799688535784630251187413576798147420"
                ]
            },
            "id": "ASB-A-194695497-272486f8",
            "source": "https://android.googlesource.com/platform/packages/apps/Settings/+/d7c50f795201fa8dc125a82a711fd7be15b6d3e4",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/com/android/settings/connecteddevice/DiscoverableFooterPreferenceController.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 493.0,
                "function_hash": "297775876503380350312662350435352403000"
            },
            "id": "ASB-A-194695497-2db220c3",
            "source": "https://android.googlesource.com/platform/packages/apps/Settings/+/d7c50f795201fa8dc125a82a711fd7be15b6d3e4",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/com/android/settings/connecteddevice/ConnectedDeviceDashboardFragment.java",
                "function": "onAttach"
            },
            "signature_type": "Function"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/packages/apps/Settings/+/d7c50f795201fa8dc125a82a711fd7be15b6d3e4"
    ],
    "spl": "2022-01-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}