ASB-A-200041882

See a problem?
Import Source
https://storage.googleapis.com/android-osv/ASB-A-200041882.json
JSON Data
https://api.osv.dev/v1/vulns/ASB-A-200041882
Aliases
  • A-200041882
  • CVE-2021-0958
Published
2021-12-01T00:00:00Z
Modified
2024-08-07T19:29:07.768871Z
Summary
Android_R with Keymaster1.x have AES CBC/ECB/GCM NoPaddingCipherTest Failure for Block sizes 128/192/256
Details

In update of km_compat.cpp, there is a possible loss of potentially sensitive data due to a logic error in the code. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation.

References

Affected packages

Android / platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
11:0
Fixed
11:2021-12-01

Affected versions

Other

11

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "63895250717123420297641002273223874522",
                    "294427128970106098263378810741973477276",
                    "23689469084458467884454099246961428641",
                    "40041369669208508251054985713600028717",
                    "131870776960916423165309979218873857527",
                    "165667409842384484697599484314191813961",
                    "60667836659051868458743621757815902733",
                    "138454790325154849922723629197758925444",
                    "87840694837720250126470788888092372476",
                    "282075926108188103215179853131176140115",
                    "299731467647186736247268646746127089844",
                    "237140856347092246524592409619848551498",
                    "149333264088716534671752851807630786910",
                    "195609456339659767324711824689363829782",
                    "237240001580756078276369380452826233184",
                    "303825875427489110825298158308078487847",
                    "267213603705728191936035718912155610927",
                    "89158044670599540970050132598645846821"
                ]
            },
            "id": "ASB-A-200041882-1373a5d6",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/395e56a71c87d3748ca280f235da04983069de87",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "keystore/java/android/security/keystore/KeyStoreCryptoOperationChunkedStreamer.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 1777.0,
                "function_hash": "287817583073348075063627018514464567696"
            },
            "id": "ASB-A-200041882-ce16c9f3",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/395e56a71c87d3748ca280f235da04983069de87",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "keystore/java/android/security/keystore/KeyStoreCryptoOperationChunkedStreamer.java",
                "function": "update"
            },
            "signature_type": "Function"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/395e56a71c87d3748ca280f235da04983069de87"
    ],
    "spl": "2021-12-01",
    "severity": "Moderate",
    "types": [
        "DoS"
    ]
}

Android / platform/system/security

Affected ranges

Type
ECOSYSTEM
Events
Introduced
12:0
Fixed
12:2021-12-01

Affected versions

Other

12

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "296247381615706207940344218873979561406",
                    "117914632088309752997507968849196862561",
                    "296127060522419971491214502692124512607",
                    "289605831318439964476066516728869475390",
                    "246677525376236764731752077701042705914",
                    "275394212812749307118547474173493168246",
                    "150743742270153775574323177774337554644",
                    "14510788412777461895624544256531122542",
                    "270108042523112881788052144010558101792",
                    "43914366029301982099248993372225136363",
                    "92304254268092578088067572760309488687",
                    "165331501407977169918564501036867129372",
                    "172646350780875746062336910881553966872",
                    "156320583609609716048373255473262654500",
                    "188464575262330323982702135274694293938",
                    "186648026298976972473366559225974820210",
                    "26297471291680814041470058232411228257",
                    "183477435670545106904388353096335975001",
                    "96571061197215787766419045033778474359",
                    "232758056508553985081029411056760457141",
                    "219007454539755862411747402571348049678",
                    "262132622474183740545779879592993130885"
                ]
            },
            "id": "ASB-A-200041882-5a27b434",
            "source": "https://android.googlesource.com/platform/system/security/+/b7f303146fecc166260aced8de677dfc7322f7a3",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "keystore2/src/km_compat/km_compat.cpp"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "191457518975892954429420437395054367537",
                    "55921400531954652432818226400380192261",
                    "294121662116713340914746920978361905691",
                    "263450118387933674872164299383355782964",
                    "116462961127653278057920658998514115935",
                    "221906624880504727863042671492829109410",
                    "298415771029044292149912867544885778593",
                    "135496493869402731336487378667975788889",
                    "160535297822301536978066717815325024760",
                    "217928048407434328421568135233871840142",
                    "75766592965099032473761074138347594446"
                ]
            },
            "id": "ASB-A-200041882-e79739a5",
            "source": "https://android.googlesource.com/platform/system/security/+/b7f303146fecc166260aced8de677dfc7322f7a3",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "keystore2/src/km_compat/km_compat.h"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 894.0,
                "function_hash": "82284854177447888888080578493938680824"
            },
            "id": "ASB-A-200041882-f697c9d1",
            "source": "https://android.googlesource.com/platform/system/security/+/b7f303146fecc166260aced8de677dfc7322f7a3",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "keystore2/src/km_compat/km_compat.cpp",
                "function": "KeyMintOperation::update"
            },
            "signature_type": "Function"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/system/security/+/b7f303146fecc166260aced8de677dfc7322f7a3"
    ],
    "spl": "2021-12-01",
    "severity": "Moderate",
    "types": [
        "DoS"
    ]
}