ASB-A-197302116

See a problem?
Import Source
https://storage.googleapis.com/android-osv/ASB-A-197302116.json
JSON Data
https://api.osv.dev/v1/vulns/ASB-A-197302116
Aliases
  • A-197302116
  • CVE-2021-39662
Published
2022-05-01T00:00:00Z
Modified
2024-08-07T19:30:05.445512Z
Summary
Apps can grant themselves more access than they should
Details

In checkUriPermission of MediaProvider.java , there is a possible way to gain access to the content of media provider collections due to a missing permission check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.

References

Affected packages

Android / platform/packages/providers/MediaProvider

Affected ranges

Type
ECOSYSTEM
Events
Introduced
11:0
Fixed
11:2022-05-01

Affected versions

Other

11

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 706.0,
                "function_hash": "4474091377632993188748744114478412065"
            },
            "id": "ASB-A-197302116-8466e10a",
            "source": "https://android.googlesource.com/platform/packages/providers/MediaProvider/+/a728dfa19c2601b576a718fd9f79916bccd07c0e",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/com/android/providers/media/MediaProvider.java",
                "function": "checkCallingPermissionGlobal"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "25127089540446830365776893669670367074",
                    "52654365560282741827295200764621425196",
                    "26300234619064364160552495580696396765",
                    "234892767815313923050612973569646278697"
                ]
            },
            "id": "ASB-A-197302116-bed77eec",
            "source": "https://android.googlesource.com/platform/packages/providers/MediaProvider/+/a728dfa19c2601b576a718fd9f79916bccd07c0e",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/com/android/providers/media/MediaProvider.java"
            },
            "signature_type": "Line"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/packages/providers/MediaProvider/+/a728dfa19c2601b576a718fd9f79916bccd07c0e"
    ],
    "spl": "2022-05-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}

Android / platform/packages/providers/MediaProvider

Affected ranges

Type
ECOSYSTEM
Events
Introduced
12:0
Fixed
12:2022-05-01

Affected versions

Other

12

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 473.0,
                "function_hash": "77917397673266524374997186027548272186"
            },
            "id": "ASB-A-197302116-82cb918e",
            "source": "https://android.googlesource.com/platform/packages/providers/MediaProvider/+/76f725361312644461b9021380ba4d0d9d32108e",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/com/android/providers/media/MediaProvider.java",
                "function": "checkCallingPermissionGlobal"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "179488332357500760464235199868250000541",
                    "187478289198325735826983537232858024645",
                    "120491782560672794494210877229389813743",
                    "92600504435141915104528076797454285329",
                    "127963006318052941156864521487158640799",
                    "73548561541516981385917645259986818141",
                    "285244454391137702933056196617636423388",
                    "266185567679167196513501867627317679055",
                    "182525984290406380742302441291159798810",
                    "68813998502226990251331405337490877221",
                    "8323709720999923258340560131546100764",
                    "58667546572850305526766049867153733009",
                    "186725081679960081437720087514013561272",
                    "226549758348081416692860462691351302638",
                    "25127089540446830365776893669670367074",
                    "52654365560282741827295200764621425196",
                    "170003878977492606213118720174031857260",
                    "155206640671181671793224228347242975948"
                ]
            },
            "id": "ASB-A-197302116-9d38cdcb",
            "source": "https://android.googlesource.com/platform/packages/providers/MediaProvider/+/76f725361312644461b9021380ba4d0d9d32108e",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/com/android/providers/media/MediaProvider.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 1361.0,
                "function_hash": "265008385440246623604938998864186753709"
            },
            "id": "ASB-A-197302116-e8214d8c",
            "source": "https://android.googlesource.com/platform/packages/providers/MediaProvider/+/76f725361312644461b9021380ba4d0d9d32108e",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/com/android/providers/media/MediaProvider.java",
                "function": "checkUriPermission"
            },
            "signature_type": "Function"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/packages/providers/MediaProvider/+/76f725361312644461b9021380ba4d0d9d32108e"
    ],
    "spl": "2022-05-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}