ASB-A-205130886

See a problem?
Import Source
https://storage.googleapis.com/android-osv/ASB-A-205130886.json
JSON Data
https://api.osv.dev/v1/vulns/ASB-A-205130886
Aliases
  • A-205130886
  • CVE-2021-39758
Published
2022-10-01T00:00:00Z
Modified
2024-08-07T19:29:28.945689Z
Summary
Presentation can make the app start activities in the background
Details

In createPresentationContext of Presentation.java, there is a possible way to start a foreground activity from background due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

References

Affected packages

Android / platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
10:0
Fixed
10:2022-10-01

Affected versions

Other

10

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "29840440586258169693462454076158925556",
                    "213396486038452831278377549094169843602",
                    "228445899389099079593691071735995055390",
                    "251578245069968599296638591181347011752",
                    "333900397814330802755872188782388426748",
                    "73164140829396596013584142068435983733",
                    "57908055369602442342969322100064423101",
                    "322529904216023784252135970667632781390",
                    "9750100643542470922863240679374362718",
                    "333122694766293271160191850213446839841",
                    "75798385379077713637207440080716134025"
                ]
            },
            "id": "ASB-A-205130886-20dedc0b",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/c97296e9d9d2bad7bdd2d34c9428ba5f092fa8c1",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/wm/RootWindowContainer.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 199.0,
                "function_hash": "118031723022519068736264188622598971298"
            },
            "id": "ASB-A-205130886-adba426d",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/c97296e9d9d2bad7bdd2d34c9428ba5f092fa8c1",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/wm/RootWindowContainer.java",
                "function": "isAnyNonToastWindowVisibleForUid"
            },
            "signature_type": "Function"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/c97296e9d9d2bad7bdd2d34c9428ba5f092fa8c1"
    ],
    "spl": "2022-10-01",
    "severity": "Moderate",
    "types": [
        "EoP"
    ]
}

Android / platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
11:0
Fixed
11:2022-10-01

Affected versions

Other

11

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 105.0,
                "function_hash": "309892185118692997003263110580644362314"
            },
            "id": "ASB-A-205130886-353bac28",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/778191bdf21661b41030f9308e095c0445dec33c",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/wm/WindowState.java",
                "function": "isNonToastOrStarting"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "10313335488045220910035931167300170355",
                    "261372803265082561517492750361881604635",
                    "278399851811985462604047126646984147638",
                    "75641407910770251937695312410220914176",
                    "50169372483916373397872568910188853356",
                    "99847271758102256908039258320305980609",
                    "206496492593111140008101430373728818789",
                    "295136802722067114420916440743897339347",
                    "327629897799297319038583944539384123633",
                    "121227489019215725058657148439372717846",
                    "170590786134876909076710201705065516382"
                ]
            },
            "id": "ASB-A-205130886-fb44b63e",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/778191bdf21661b41030f9308e095c0445dec33c",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/wm/WindowState.java"
            },
            "signature_type": "Line"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/778191bdf21661b41030f9308e095c0445dec33c"
    ],
    "spl": "2022-10-01",
    "severity": "Moderate",
    "types": [
        "EoP"
    ]
}

Android / platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
12:0
Fixed
12:2022-10-01

Affected versions

Other

12

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "332816131073195698316323346625055011373",
                    "248018738654998027143918272432072286269",
                    "171592344151606292867477664931624942558",
                    "94859399021469200881821990861703741625"
                ]
            },
            "id": "ASB-A-205130886-14eb8a35",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/88e98e0a853f7530d61aab13dea2bfc9792e3f32",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/wm/WindowState.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 520.0,
                "function_hash": "237856969500410895529135917091395492974"
            },
            "id": "ASB-A-205130886-7363d6c3",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/88e98e0a853f7530d61aab13dea2bfc9792e3f32",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/wm/WindowState.java",
                "function": "onSurfaceShownChanged"
            },
            "signature_type": "Function"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/88e98e0a853f7530d61aab13dea2bfc9792e3f32"
    ],
    "spl": "2022-10-01",
    "severity": "Moderate",
    "types": [
        "EoP"
    ]
}