{"id":"ASB-A-155648771", "published":"2021-01-01T00:00:00Z", "modified":"2026-04-30T15:48:46.890647439Z", "aliases":["CVE-2021-0307", "A-155648771"], "details":"In updatePermissionSourcePackage of PermissionManagerService.java, there is a possible automatic runtime permission grant due to a confused deputy. This could lead to local escalation of privilege allowing a malicious app to silently gain access to a dangerous permission with no additional execution privileges needed. User interaction is not needed for exploitation.", "affected":[{"package":{"name":"platform/cts", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"10:0"}, {"fixed":"10:2021-01-01"}]}], "versions":["10"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/cts/+/a8a90255d43845e307b6d133c710b802dbece622"], "severity":"High", "spl":"2021-01-01", "types":["EoP"]}}, {"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"10:0"}, {"fixed":"10:2021-01-01"}]}], "versions":["10"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/a9f825922e1870575aeab11a2035903c217233c9"], "severity":"High", "spl":"2021-01-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["42944500549505635161036987220393129218", "32374468865149567811517005251175270874", "182416145722170882610837408393988471387", "73133442436564090363183519967048906082"], "threshold":0.9}, "id":"ASB-A-155648771-4acbd12e", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/a9f825922e1870575aeab11a2035903c217233c9", "target":{"file":"services/core/java/com/android/server/pm/permission/PermissionManagerService.java"}}, {"deprecated":false, "digest":{"function_hash":"260801340390853921484827258252259891230", "length":1646}, "id":"ASB-A-155648771-ea459bf9", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/a9f825922e1870575aeab11a2035903c217233c9", "target":{"file":"services/core/java/com/android/server/pm/permission/PermissionManagerService.java", "function":"updatePermissionSourcePackage"}}]}}, {"package":{"name":"platform/cts", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"11:0"}, {"fixed":"11:2021-01-01"}]}], "versions":["11"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/cts/+/a8a90255d43845e307b6d133c710b802dbece622"], "severity":"High", "spl":"2021-01-01", "types":["EoP"]}}, {"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"11:0"}, {"fixed":"11:2021-01-01"}]}], "versions":["11"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/a9f825922e1870575aeab11a2035903c217233c9"], "severity":"High", "spl":"2021-01-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"260801340390853921484827258252259891230", "length":1646}, "id":"ASB-A-155648771-9979c947", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/a9f825922e1870575aeab11a2035903c217233c9", "target":{"file":"services/core/java/com/android/server/pm/permission/PermissionManagerService.java", "function":"updatePermissionSourcePackage"}}, {"deprecated":false, "digest":{"line_hashes":["42944500549505635161036987220393129218", "32374468865149567811517005251175270874", "182416145722170882610837408393988471387", "73133442436564090363183519967048906082"], "threshold":0.9}, "id":"ASB-A-155648771-dcfd25c1", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/a9f825922e1870575aeab11a2035903c217233c9", "target":{"file":"services/core/java/com/android/server/pm/permission/PermissionManagerService.java"}}]}}], "references":[{"type":"ADVISORY", "url":"https://source.android.com/security/bulletin/2021-01-01"}, {"type":"FIX", "url":"https://android.googlesource.com/platform/cts/+/a8a90255d43845e307b6d133c710b802dbece622"}, {"type":"FIX", "url":"https://android.googlesource.com/platform/frameworks/base/+/a9f825922e1870575aeab11a2035903c217233c9"}]}