In onAttach of ConnectedDeviceDashboardFragment.java, there is a possible permission bypass due to a confused deputy. This could lead to local escalation of privilege in Bluetooth settings with no additional execution privileges needed. User interaction is not needed for exploitation.
{ "vanir_signatures": [ { "digest": { "threshold": 0.9, "line_hashes": [ "122436655769960876950327506539057899134", "85936768693390141581032637767414632546", "26834401021624556130836192422891320233", "87447767317621775843721729129572274897", "300760323630716146045699634891843242882", "222327848783132382432003289128134544423", "216215073306296065314012340413239016032", "88713409712068162077860391235105736219", "39261359632743984324474902002462018212", "24211135599265295438470766186359504518", "1005306557762615373626565662367547709", "170149756272429903689796819935110646491", "21388436887348979908371249288545844726", "64335299588713598197799131681995517259", "88307514168109242932365026040610766779", "3674160039292587285849858495930910657", "138824602437083469331565032904689436529", "223488986215449101054309837505325390408", "19364766549390664423382284233988628430", "6808611186853965903113183353507673168", "118990646222525498351112552386115424734", "310799688535784630251187413576798147420" ] }, "id": "ASB-A-194695497-0abec21d", "source": "https://android.googlesource.com/platform/packages/apps/Settings/+/f8cd68c6e2440f541c77c1e7e299aaca432c05c5", "deprecated": false, "signature_version": "v1", "target": { "file": "src/com/android/settings/connecteddevice/DiscoverableFooterPreferenceController.java" }, "signature_type": "Line" }, { "match_only_versions": [ "9" ], "digest": { "length": 107.0, "function_hash": "268238997001670844559971242648097791445" }, "id": "ASB-A-194695497-1e1bf43f", "source": "https://android.googlesource.com/platform/packages/apps/Settings/+/f8cd68c6e2440f541c77c1e7e299aaca432c05c5", "deprecated": false, "signature_version": "v1", "target": { "file": "src/com/android/settings/connecteddevice/DiscoverableFooterPreferenceController.java", "function": "init" }, "signature_type": "Function" }, { "digest": { "length": 111.0, "function_hash": "179416585184535575631683987443604216282" }, "id": "ASB-A-194695497-20302f9c", "source": "https://android.googlesource.com/platform/packages/apps/Settings/+/f8cd68c6e2440f541c77c1e7e299aaca432c05c5", "deprecated": false, "signature_version": "v1", "target": { "file": "src/com/android/settings/connecteddevice/DiscoverableFooterPreferenceController.java", "function": "onPause" }, "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "78854732571040967907927662601738678612", "335940109855155077124864081825439259544", "110343704322006136596666770970428274283", "74985741228474719343234102010223948256", "32363225495246370601200884544494355510", "107371975565343768832202982237512898634", "200779139782422243295946451707250738602", "151435939648656856922169056879765873245", "293896055190481927883941316866386521470", "124337164737968615162218777642052250404", "82238793093865936609388420905358765395", "19897069738504487259929902965143711465", "189655131381408458353547443116022135341", "8924831491191744649092821175969637167", "245551475002278065297110278709164080564", "67968165297240889273404703384658113822", "196444368393633963089543646432763125962" ] }, "id": "ASB-A-194695497-8360ac17", "source": "https://android.googlesource.com/platform/packages/apps/Settings/+/f8cd68c6e2440f541c77c1e7e299aaca432c05c5", "deprecated": false, "signature_version": "v1", "target": { "file": "src/com/android/settings/connecteddevice/ConnectedDeviceDashboardFragment.java" }, "signature_type": "Line" }, { "digest": { "length": 214.0, "function_hash": "190711648362598552797040191985779008202" }, "id": "ASB-A-194695497-e56a53f8", "source": "https://android.googlesource.com/platform/packages/apps/Settings/+/f8cd68c6e2440f541c77c1e7e299aaca432c05c5", "deprecated": false, "signature_version": "v1", "target": { "file": "src/com/android/settings/connecteddevice/DiscoverableFooterPreferenceController.java", "function": "onResume" }, "signature_type": "Function" }, { "digest": { "length": 259.0, "function_hash": "64120534816708702707614246021414511636" }, "id": "ASB-A-194695497-f9d3648b", "source": "https://android.googlesource.com/platform/packages/apps/Settings/+/f8cd68c6e2440f541c77c1e7e299aaca432c05c5", "deprecated": false, "signature_version": "v1", "target": { "file": "src/com/android/settings/connecteddevice/ConnectedDeviceDashboardFragment.java", "function": "onAttach" }, "signature_type": "Function" } ], "fixes": [ "https://android.googlesource.com/platform/packages/apps/Settings/+/f8cd68c6e2440f541c77c1e7e299aaca432c05c5" ], "spl": "2022-01-01", "severity": "High", "types": [ "EoP" ] }
{ "vanir_signatures": [ { "digest": { "threshold": 0.9, "line_hashes": [ "334199533084626694836244648208521102532", "38044901417271632864188770536742574869", "173550152809359777534687513766131495902", "43544521087176309662915927050405780725", "173565680331490800229406522870336291472", "41010585180331343088590447053950461077", "126675255715789521211312407677343187761", "192201047181578796092704105373893608440", "281095332955949515334146017962262188685", "131005229943685507407948181223533992751", "151435939648656856922169056879765873245", "293896055190481927883941316866386521470", "16789471629837828750971852476416894496", "130623704231904072656229607524496604505", "57436758362007558008961966365273328498", "39157609328686431319111868510179172335", "225146397718648864349187310230142139204", "316534031332324522471333249097602726138", "108093766130535160484837562403598632960", "257947357606388693643390694588195234551" ] }, "id": "ASB-A-194695497-57a1b923", "source": "https://android.googlesource.com/platform/packages/apps/Settings/+/d4e0ed22844c1fbb2afdd2ab9ad8b428e18eb909", "deprecated": false, "signature_version": "v1", "target": { "file": "src/com/android/settings/connecteddevice/ConnectedDeviceDashboardFragment.java" }, "signature_type": "Line" }, { "digest": { "length": 542.0, "function_hash": "330485091286897628423529357447139561349" }, "id": "ASB-A-194695497-b801bb65", "source": "https://android.googlesource.com/platform/packages/apps/Settings/+/d4e0ed22844c1fbb2afdd2ab9ad8b428e18eb909", "deprecated": false, "signature_version": "v1", "target": { "file": "src/com/android/settings/connecteddevice/ConnectedDeviceDashboardFragment.java", "function": "onAttach" }, "signature_type": "Function" }, { "digest": { "length": 153.0, "function_hash": "91963845275780894993294402429917410478" }, "id": "ASB-A-194695497-de6bae9d", "source": "https://android.googlesource.com/platform/packages/apps/Settings/+/d4e0ed22844c1fbb2afdd2ab9ad8b428e18eb909", "deprecated": false, "signature_version": "v1", "target": { "file": "src/com/android/settings/connecteddevice/DiscoverableFooterPreferenceController.java", "function": "onPause" }, "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "239229486420957595956368202128380969072", "231064882697015276988132569763951320081", "200593779148679881714059040135778176299", "87447767317621775843721729129572274897", "158832692220761117042415472666228546376", "66367091856801011938112290488018410504", "241678318852153916596733205425749005796", "108124855329909737152417714067839868847", "3399581231334601109740174138705536015", "208573078307223953797686647032651826796", "118990646222525498351112552386115424734", "310799688535784630251187413576798147420" ] }, "id": "ASB-A-194695497-f1de905b", "source": "https://android.googlesource.com/platform/packages/apps/Settings/+/d4e0ed22844c1fbb2afdd2ab9ad8b428e18eb909", "deprecated": false, "signature_version": "v1", "target": { "file": "src/com/android/settings/connecteddevice/DiscoverableFooterPreferenceController.java" }, "signature_type": "Line" }, { "digest": { "length": 260.0, "function_hash": "36740941923910065463964134822007715740" }, "id": "ASB-A-194695497-f7de6789", "source": "https://android.googlesource.com/platform/packages/apps/Settings/+/d4e0ed22844c1fbb2afdd2ab9ad8b428e18eb909", "deprecated": false, "signature_version": "v1", "target": { "file": "src/com/android/settings/connecteddevice/DiscoverableFooterPreferenceController.java", "function": "onResume" }, "signature_type": "Function" } ], "fixes": [ "https://android.googlesource.com/platform/packages/apps/Settings/+/d4e0ed22844c1fbb2afdd2ab9ad8b428e18eb909" ], "spl": "2022-01-01", "severity": "High", "types": [ "EoP" ] }
{ "vanir_signatures": [ { "digest": { "length": 260.0, "function_hash": "36740941923910065463964134822007715740" }, "id": "ASB-A-194695497-0d145b0d", "source": "https://android.googlesource.com/platform/packages/apps/Settings/+/528d40e4d12bc82bfc48b4c886c177c7b02561a4", "deprecated": false, "signature_version": "v1", "target": { "file": "src/com/android/settings/connecteddevice/DiscoverableFooterPreferenceController.java", "function": "onStart" }, "signature_type": "Function" }, { "digest": { "length": 493.0, "function_hash": "297775876503380350312662350435352403000" }, "id": "ASB-A-194695497-1723a1e5", "source": "https://android.googlesource.com/platform/packages/apps/Settings/+/528d40e4d12bc82bfc48b4c886c177c7b02561a4", "deprecated": false, "signature_version": "v1", "target": { "file": "src/com/android/settings/connecteddevice/ConnectedDeviceDashboardFragment.java", "function": "onAttach" }, "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "58186325380940998606572044309683800785", "168274576210405597384042247998571296393", "53814305264197455281423288812219738337", "37713072097084455662303289248028351821", "173565680331490800229406522870336291472", "41010585180331343088590447053950461077", "126675255715789521211312407677343187761", "199406920907311450155439362999825324180", "145773720459315603110567769967791436740", "131005229943685507407948181223533992751", "151435939648656856922169056879765873245", "293896055190481927883941316866386521470", "16789471629837828750971852476416894496", "130623704231904072656229607524496604505", "57436758362007558008961966365273328498", "39157609328686431319111868510179172335", "268081101543349386720916255700709436876", "200880685560810484905966096075829990905", "286617578655076745186620071642771551868", "316534031332324522471333249097602726138", "252745251783542739927793779143804353331", "60654188398131995005716655694692818588" ] }, "id": "ASB-A-194695497-5e2c8b3f", "source": "https://android.googlesource.com/platform/packages/apps/Settings/+/528d40e4d12bc82bfc48b4c886c177c7b02561a4", "deprecated": false, "signature_version": "v1", "target": { "file": "src/com/android/settings/connecteddevice/ConnectedDeviceDashboardFragment.java" }, "signature_type": "Line" }, { "digest": { "length": 153.0, "function_hash": "91963845275780894993294402429917410478" }, "id": "ASB-A-194695497-7d238496", "source": "https://android.googlesource.com/platform/packages/apps/Settings/+/528d40e4d12bc82bfc48b4c886c177c7b02561a4", "deprecated": false, "signature_version": "v1", "target": { "file": "src/com/android/settings/connecteddevice/DiscoverableFooterPreferenceController.java", "function": "onStop" }, "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "213947356050651262423463155542306219633", "158093438210262513254546451847388399365", "165577544182760775379529463281745738425", "211678709597058504880002867225384177674", "158832692220761117042415472666228546376", "66367091856801011938112290488018410504", "241678318852153916596733205425749005796", "108124855329909737152417714067839868847", "3399581231334601109740174138705536015", "208573078307223953797686647032651826796", "118990646222525498351112552386115424734", "310799688535784630251187413576798147420" ] }, "id": "ASB-A-194695497-deb0a403", "source": "https://android.googlesource.com/platform/packages/apps/Settings/+/528d40e4d12bc82bfc48b4c886c177c7b02561a4", "deprecated": false, "signature_version": "v1", "target": { "file": "src/com/android/settings/connecteddevice/DiscoverableFooterPreferenceController.java" }, "signature_type": "Line" } ], "fixes": [ "https://android.googlesource.com/platform/packages/apps/Settings/+/528d40e4d12bc82bfc48b4c886c177c7b02561a4" ], "spl": "2022-01-01", "severity": "High", "types": [ "EoP" ] }
{ "vanir_signatures": [ { "digest": { "length": 260.0, "function_hash": "36740941923910065463964134822007715740" }, "id": "ASB-A-194695497-1463c500", "source": "https://android.googlesource.com/platform/packages/apps/Settings/+/d7c50f795201fa8dc125a82a711fd7be15b6d3e4", "deprecated": false, "signature_version": "v1", "target": { "file": "src/com/android/settings/connecteddevice/DiscoverableFooterPreferenceController.java", "function": "onStart" }, "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "58186325380940998606572044309683800785", "168274576210405597384042247998571296393", "53814305264197455281423288812219738337", "37713072097084455662303289248028351821", "173565680331490800229406522870336291472", "41010585180331343088590447053950461077", "126675255715789521211312407677343187761", "199406920907311450155439362999825324180", "145773720459315603110567769967791436740", "131005229943685507407948181223533992751", "151435939648656856922169056879765873245", "293896055190481927883941316866386521470", "16789471629837828750971852476416894496", "130623704231904072656229607524496604505", "57436758362007558008961966365273328498", "39157609328686431319111868510179172335", "268081101543349386720916255700709436876", "200880685560810484905966096075829990905", "286617578655076745186620071642771551868", "316534031332324522471333249097602726138", "252745251783542739927793779143804353331", "60654188398131995005716655694692818588" ] }, "id": "ASB-A-194695497-1bb652ed", "source": "https://android.googlesource.com/platform/packages/apps/Settings/+/d7c50f795201fa8dc125a82a711fd7be15b6d3e4", "deprecated": false, "signature_version": "v1", "target": { "file": "src/com/android/settings/connecteddevice/ConnectedDeviceDashboardFragment.java" }, "signature_type": "Line" }, { "digest": { "length": 153.0, "function_hash": "91963845275780894993294402429917410478" }, "id": "ASB-A-194695497-1f738c9f", "source": "https://android.googlesource.com/platform/packages/apps/Settings/+/d7c50f795201fa8dc125a82a711fd7be15b6d3e4", "deprecated": false, "signature_version": "v1", "target": { "file": "src/com/android/settings/connecteddevice/DiscoverableFooterPreferenceController.java", "function": "onStop" }, "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "213947356050651262423463155542306219633", "158093438210262513254546451847388399365", "165577544182760775379529463281745738425", "211678709597058504880002867225384177674", "158832692220761117042415472666228546376", "66367091856801011938112290488018410504", "241678318852153916596733205425749005796", "108124855329909737152417714067839868847", "3399581231334601109740174138705536015", "208573078307223953797686647032651826796", "118990646222525498351112552386115424734", "310799688535784630251187413576798147420" ] }, "id": "ASB-A-194695497-272486f8", "source": "https://android.googlesource.com/platform/packages/apps/Settings/+/d7c50f795201fa8dc125a82a711fd7be15b6d3e4", "deprecated": false, "signature_version": "v1", "target": { "file": "src/com/android/settings/connecteddevice/DiscoverableFooterPreferenceController.java" }, "signature_type": "Line" }, { "digest": { "length": 493.0, "function_hash": "297775876503380350312662350435352403000" }, "id": "ASB-A-194695497-2db220c3", "source": "https://android.googlesource.com/platform/packages/apps/Settings/+/d7c50f795201fa8dc125a82a711fd7be15b6d3e4", "deprecated": false, "signature_version": "v1", "target": { "file": "src/com/android/settings/connecteddevice/ConnectedDeviceDashboardFragment.java", "function": "onAttach" }, "signature_type": "Function" } ], "fixes": [ "https://android.googlesource.com/platform/packages/apps/Settings/+/d7c50f795201fa8dc125a82a711fd7be15b6d3e4" ], "spl": "2022-01-01", "severity": "High", "types": [ "EoP" ] }