ASB-A-204087139

See a problem?
Import Source
https://storage.googleapis.com/android-osv/ASB-A-204087139.json
JSON Data
https://api.osv.dev/v1/vulns/ASB-A-204087139
Aliases
  • A-204087139
  • CVE-2021-39670
Published
2022-05-01T00:00:00Z
Modified
2024-08-07T19:29:59.087923Z
Summary
Local PDoS by setting large wallpapers with setStream
Details

In setStream of WallpaperManager.java, there is a possible way to cause a permanent DoS due to improper input validation. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation.

References

Affected packages

Android / platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
12:0
Fixed
12:2022-05-01

Affected versions

Other

12

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 77.0,
                "function_hash": "290580165080064097473301853471677008198"
            },
            "id": "ASB-A-204087139-1dd0000c",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/06991931150374c98b7e81abef076172c8a46b6e",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/wallpaper/WallpaperManagerService.java",
                "function": "onUserSwitching"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 5167.0,
                "function_hash": "74420489073673561421536574457559748720"
            },
            "id": "ASB-A-204087139-421c02c0",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/06991931150374c98b7e81abef076172c8a46b6e",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/wallpaper/WallpaperManagerService.java",
                "function": "generateCrop"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 1692.0,
                "function_hash": "217502069129547657298630657791721680375"
            },
            "id": "ASB-A-204087139-7c5642d7",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/06991931150374c98b7e81abef076172c8a46b6e",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/wallpaper/WallpaperManagerService.java",
                "function": "systemReady"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 235.0,
                "function_hash": "84032554352027808307393675842447019405"
            },
            "id": "ASB-A-204087139-91e2f104",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/06991931150374c98b7e81abef076172c8a46b6e",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/wallpaper/WallpaperManagerService.java",
                "function": "onBootPhase"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "8596168095319151564231211583724815140",
                    "21706664120620751619799981511124992068",
                    "315664040160969412262688247274743066014",
                    "180935576077519314578401619080919624487",
                    "303686920899854216362513335392110910011",
                    "177428854261316607877396375257189142146",
                    "310939522314228067903816101763719181842",
                    "147965813763674386441869161486799207750",
                    "312215524538111977136187883267207771237",
                    "26471696277604523941558389703903825849",
                    "65202110727152423331988887603572733073",
                    "132789084617335729716689314961139292551",
                    "39957222674176472210167770520526790835",
                    "18480451258190202786863465043338591215",
                    "106643577398126498251915387730797350065",
                    "7411127184969256835283131338614284962",
                    "328282086644166774231264550209167910559",
                    "326945291048424004100716606237131426996",
                    "126668925523843100058576750311039708532",
                    "14489692730097554781382024711060605602",
                    "242951879870743559861226262611566504398",
                    "145775541118966986688648966379331714944",
                    "44946822905046528617820052349502786838",
                    "67461783334367651754043104059079994476",
                    "98610391135381618509036073122754260334",
                    "34000366264036896524004167799921170914",
                    "309041632775003524794717973879936979302",
                    "69584585097188882884396971890309632578",
                    "26411849614299508592901627907273748171",
                    "304746159703410510704330405249380875712",
                    "329552235514978184458025351273437609786",
                    "288507242555043712512926130849818384354",
                    "261590821613751349217094474592322106233",
                    "130337093794419878454409689973027691605"
                ]
            },
            "id": "ASB-A-204087139-9ca5b924",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/06991931150374c98b7e81abef076172c8a46b6e",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/wallpaper/WallpaperManagerService.java"
            },
            "signature_type": "Line"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/06991931150374c98b7e81abef076172c8a46b6e"
    ],
    "spl": "2022-05-01",
    "severity": "High",
    "types": [
        "DoS"
    ]
}

Android / platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
12L:0
Fixed
12L:2022-05-01

Affected versions

Other

12L

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "8596168095319151564231211583724815140",
                    "21706664120620751619799981511124992068",
                    "315664040160969412262688247274743066014",
                    "180935576077519314578401619080919624487",
                    "303686920899854216362513335392110910011",
                    "177428854261316607877396375257189142146",
                    "310939522314228067903816101763719181842",
                    "147965813763674386441869161486799207750",
                    "312215524538111977136187883267207771237",
                    "26471696277604523941558389703903825849",
                    "65202110727152423331988887603572733073",
                    "132789084617335729716689314961139292551",
                    "39957222674176472210167770520526790835",
                    "18480451258190202786863465043338591215",
                    "106643577398126498251915387730797350065",
                    "7411127184969256835283131338614284962",
                    "328282086644166774231264550209167910559",
                    "326945291048424004100716606237131426996",
                    "126668925523843100058576750311039708532",
                    "14489692730097554781382024711060605602",
                    "242951879870743559861226262611566504398",
                    "145775541118966986688648966379331714944",
                    "44946822905046528617820052349502786838",
                    "67461783334367651754043104059079994476",
                    "98610391135381618509036073122754260334",
                    "34000366264036896524004167799921170914",
                    "309041632775003524794717973879936979302",
                    "69584585097188882884396971890309632578",
                    "26411849614299508592901627907273748171",
                    "304746159703410510704330405249380875712",
                    "329552235514978184458025351273437609786",
                    "288507242555043712512926130849818384354",
                    "261590821613751349217094474592322106233",
                    "130337093794419878454409689973027691605"
                ]
            },
            "id": "ASB-A-204087139-1bb96257",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/08d14944212a7026218bde79091f0d1d48bc1c79",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/wallpaper/WallpaperManagerService.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 235.0,
                "function_hash": "84032554352027808307393675842447019405"
            },
            "id": "ASB-A-204087139-2563de17",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/08d14944212a7026218bde79091f0d1d48bc1c79",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/wallpaper/WallpaperManagerService.java",
                "function": "onBootPhase"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 77.0,
                "function_hash": "290580165080064097473301853471677008198"
            },
            "id": "ASB-A-204087139-c13afda7",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/08d14944212a7026218bde79091f0d1d48bc1c79",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/wallpaper/WallpaperManagerService.java",
                "function": "onUserSwitching"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 1692.0,
                "function_hash": "217502069129547657298630657791721680375"
            },
            "id": "ASB-A-204087139-d8cc8714",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/08d14944212a7026218bde79091f0d1d48bc1c79",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/wallpaper/WallpaperManagerService.java",
                "function": "systemReady"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 5167.0,
                "function_hash": "74420489073673561421536574457559748720"
            },
            "id": "ASB-A-204087139-e7361ce7",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/08d14944212a7026218bde79091f0d1d48bc1c79",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/wallpaper/WallpaperManagerService.java",
                "function": "generateCrop"
            },
            "signature_type": "Function"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/08d14944212a7026218bde79091f0d1d48bc1c79"
    ],
    "spl": "2022-05-01",
    "severity": "High",
    "types": [
        "DoS"
    ]
}