ASB-A-67862680

See a problem?
Import Source
https://storage.googleapis.com/android-osv/ASB-A-67862680.json
JSON Data
https://api.osv.dev/v1/vulns/ASB-A-67862680
Aliases
  • A-67862680
  • CVE-2021-39624
Published
2022-10-01T00:00:00Z
Modified
2024-08-07T19:29:48.384791Z
Summary
Malicious APP Causes Device DoS - test
Details

In freeStageDirs PackageInstallerService.java, there is a possible permanent denial of service due to resource exhaustion. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation.

References

Affected packages

Android / platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
11:0
Fixed
11:2022-10-01

Affected versions

Other

11

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "231647071772300585465452312863038561230",
                    "226961283473680660607497783371622940641",
                    "1590874551250501115739775307183070921",
                    "268560991134431821572885859330076120373",
                    "21684450436685452503377492655903552717",
                    "102944836080010692696237589225087457442",
                    "173973518293171333763135467069174745777",
                    "212827379500181317594361103633482382789"
                ]
            },
            "id": "ASB-A-67862680-2afd9c55",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/c98f06c286eb0d41f57e0a00b9f59044b9f12706",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/pm/PackageInstallerSession.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 737.0,
                "function_hash": "273805400080081880170723381856832337468"
            },
            "id": "ASB-A-67862680-379897d7",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/c98f06c286eb0d41f57e0a00b9f59044b9f12706",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/pm/PackageInstallerSession.java",
                "function": "abandon"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "54572172434278520596962232904901486513",
                    "87996143593032764240316947583968091144",
                    "165345424111386554270972408050563292929",
                    "295655804509923656326529606040952594600"
                ]
            },
            "id": "ASB-A-67862680-3ae1d82f",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/c98f06c286eb0d41f57e0a00b9f59044b9f12706",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/pm/PackageManagerService.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "128839209409286695299493028545535967504",
                    "224031725987460491461566968220000447043",
                    "243104723397195501898965355495311790902",
                    "155764645013897787359166779249695006000",
                    "65284601596300055773876624228434667212",
                    "207788746859773401556292978391996005677",
                    "269537525648202871467085885312664657285",
                    "99592466177856074331007684156578867769",
                    "121710756038622164578913279598147800399",
                    "130207987762410951472723258930684168127",
                    "235078564691420998246240548120553881543",
                    "117943856060304130069094321922237453938",
                    "159747545260426523876163702384838669919",
                    "222226010543324602698304872379985283612",
                    "163176054255348541535607879171415433635",
                    "11035555290304133429925253652975625397",
                    "112314239359983007446312754720742605261",
                    "212406622336035543534616037676055919110",
                    "211383553759032931568668796291548314536"
                ]
            },
            "id": "ASB-A-67862680-3b469981",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/c98f06c286eb0d41f57e0a00b9f59044b9f12706",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/pm/PackageInstallerService.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 518.0,
                "function_hash": "210904226249863099572505035061816571741"
            },
            "id": "ASB-A-67862680-dad6a969",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/c685f8b19adcec0dc49ffaa1e94d7caa4f9d05ba",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/pm/PackageInstallerService.java",
                "function": "freeStageDirs"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "22968990478075691637095528458948844044",
                    "304935604944217512273695771374069683000",
                    "171628562803422686560729299510946201548",
                    "81491461421845956552653412657681604930"
                ]
            },
            "id": "ASB-A-67862680-dd49740a",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/c685f8b19adcec0dc49ffaa1e94d7caa4f9d05ba",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/pm/PackageInstallerService.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 2118.0,
                "function_hash": "228585989790663195563271860885308040657"
            },
            "id": "ASB-A-67862680-f278169a",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/c98f06c286eb0d41f57e0a00b9f59044b9f12706",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/pm/PackageManagerService.java",
                "function": "freeStorage"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 555.0,
                "function_hash": "220724026739935213801116183738240306443"
            },
            "id": "ASB-A-67862680-fe4ae9e8",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/c98f06c286eb0d41f57e0a00b9f59044b9f12706",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/pm/PackageInstallerService.java",
                "function": "reconcileStagesLocked"
            },
            "signature_type": "Function"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/e58049a3ea2c056b999c281c7031f9e16e42f809",
        "https://android.googlesource.com/platform/frameworks/base/+/c98f06c286eb0d41f57e0a00b9f59044b9f12706",
        "https://android.googlesource.com/platform/frameworks/base/+/c685f8b19adcec0dc49ffaa1e94d7caa4f9d05ba"
    ],
    "spl": "2022-10-01",
    "severity": "High",
    "types": [
        "DoS"
    ]
}

Android / platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
12:0
Fixed
12:2022-10-01

Affected versions

Other

12

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 555.0,
                "function_hash": "220724026739935213801116183738240306443"
            },
            "id": "ASB-A-67862680-331186ff",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/7cd25e1f638d3d52bf244f6f18c820ad786b3d75",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/pm/PackageInstallerService.java",
                "function": "reconcileStagesLocked"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "103443190344319973973825012108605555280",
                    "316217299384235343536784232453023533906",
                    "221707942330579387681176571021646217006",
                    "177449583001484930030088534623615475761"
                ]
            },
            "id": "ASB-A-67862680-37eb13e2",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/7cd25e1f638d3d52bf244f6f18c820ad786b3d75",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/pm/PackageManagerService.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "22968990478075691637095528458948844044",
                    "304935604944217512273695771374069683000",
                    "171628562803422686560729299510946201548",
                    "81491461421845956552653412657681604930"
                ]
            },
            "id": "ASB-A-67862680-5c249807",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/c981d90b495955a946bed7113517eeb3d823c88b",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/pm/PackageInstallerService.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "60313706750921253725998757920398118851",
                    "128839209409286695299493028545535967504",
                    "224031725987460491461566968220000447043",
                    "243104723397195501898965355495311790902",
                    "155764645013897787359166779249695006000",
                    "65284601596300055773876624228434667212",
                    "207788746859773401556292978391996005677",
                    "269537525648202871467085885312664657285",
                    "99592466177856074331007684156578867769",
                    "121710756038622164578913279598147800399",
                    "130207987762410951472723258930684168127",
                    "235078564691420998246240548120553881543",
                    "117943856060304130069094321922237453938",
                    "159747545260426523876163702384838669919",
                    "222226010543324602698304872379985283612",
                    "163176054255348541535607879171415433635",
                    "11035555290304133429925253652975625397",
                    "295645009771639691784385040617066023861",
                    "33968605865488762450864468177925313603",
                    "117518711027179226394727454676648118492"
                ]
            },
            "id": "ASB-A-67862680-60b057c4",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/7cd25e1f638d3d52bf244f6f18c820ad786b3d75",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/pm/PackageInstallerService.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 518.0,
                "function_hash": "210904226249863099572505035061816571741"
            },
            "id": "ASB-A-67862680-6124dd87",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/c981d90b495955a946bed7113517eeb3d823c88b",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/pm/PackageInstallerService.java",
                "function": "freeStageDirs"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "338004227660095807246749487123110646145",
                    "89798891773103175219757413764010889210",
                    "210940050885595020927298933586179622785",
                    "213599235908530183567312343547404551199",
                    "340044818369486424802421154219229638348",
                    "177213166180946678913162557585476051641",
                    "214941011192289964308809742900582088810",
                    "226511401344734834386059972507781067555"
                ]
            },
            "id": "ASB-A-67862680-9b950bca",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/7cd25e1f638d3d52bf244f6f18c820ad786b3d75",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/pm/PackageInstallerSession.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 2320.0,
                "function_hash": "143949747924792052874930382854500256644"
            },
            "id": "ASB-A-67862680-f00d64a0",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/7cd25e1f638d3d52bf244f6f18c820ad786b3d75",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/pm/PackageManagerService.java",
                "function": "freeStorage"
            },
            "signature_type": "Function"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/73d533592a754abd0f209f665c72af87ba99dd71",
        "https://android.googlesource.com/platform/frameworks/base/+/7cd25e1f638d3d52bf244f6f18c820ad786b3d75",
        "https://android.googlesource.com/platform/frameworks/base/+/c981d90b495955a946bed7113517eeb3d823c88b"
    ],
    "spl": "2022-10-01",
    "severity": "High",
    "types": [
        "DoS"
    ]
}

Android / platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
12L:0
Fixed
12L:2022-10-01

Affected versions

Other

12L

Ecosystem specific

{
    "vanir_signatures": [
        {
            "match_only_versions": [
                "12L"
            ],
            "digest": {
                "length": 637.0,
                "function_hash": "113414859979831663084025915012778787801"
            },
            "id": "ASB-A-67862680-9434c7fd",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/18179a8762ba14c44d287e853c9a1c38a3dfdddb",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/pm/PackageInstallerService.java",
                "function": "freeStageDirs"
            },
            "signature_type": "Function"
        },
        {
            "match_only_versions": [
                "12L"
            ],
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "215422298831766357161196231978496841703",
                    "60587799949749528309586503520119010137",
                    "149996096424998432901563271616892761077",
                    "66398056500748621238047225346594515873"
                ]
            },
            "id": "ASB-A-67862680-b4270b8d",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/18179a8762ba14c44d287e853c9a1c38a3dfdddb",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/pm/PackageInstallerService.java"
            },
            "signature_type": "Line"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/18179a8762ba14c44d287e853c9a1c38a3dfdddb"
    ],
    "spl": "2022-10-01",
    "severity": "High",
    "types": [
        "DoS"
    ]
}