{"id":"ASB-A-158570769", "published":"2020-09-01T00:00:00Z", "modified":"2026-06-11T14:59:52.052110020Z", "aliases":["CVE-2020-0391", "A-158570769"], "details":"In applyPolicy of PackageManagerService.java, there is possible arbitrary command execution as System due to an unenforced protected-broadcast. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.", "affected":[{"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"9:0"}, {"fixed":"9:2020-09-01"}]}], "versions":["9"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/860fd4b6a2a4fe5d681bc07f2567fdc84f0d1580"], "severity":"High", "spl":"2020-09-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"299406272119259219443769710308745694672", "length":3510}, "id":"ASB-A-158570769-649d43ce", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/860fd4b6a2a4fe5d681bc07f2567fdc84f0d1580", "target":{"file":"services/core/java/com/android/server/pm/PackageManagerService.java", "function":"applyPolicy"}}, {"deprecated":false, "digest":{"line_hashes":["29476088397626934255782681732558219891", "63871891460911835576750413812945491381", "72932945594333732404607200467991905441", "245874843605600483921481272653366313891", "238732176647902697823352846318706752228", "189965108243197535006988581043124382574", "328607116985240898584503504748393033284", "129038796275686579837932806172424791770"], "threshold":0.9}, "id":"ASB-A-158570769-96a96009", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/860fd4b6a2a4fe5d681bc07f2567fdc84f0d1580", "target":{"file":"services/core/java/com/android/server/pm/PackageManagerService.java"}}]}}, {"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"10:0"}, {"fixed":"10:2020-09-01"}]}], "versions":["10"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/860fd4b6a2a4fe5d681bc07f2567fdc84f0d1580"], "severity":"High", "spl":"2020-09-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["29476088397626934255782681732558219891", "63871891460911835576750413812945491381", "72932945594333732404607200467991905441", "245874843605600483921481272653366313891", "238732176647902697823352846318706752228", "189965108243197535006988581043124382574", "328607116985240898584503504748393033284", "129038796275686579837932806172424791770"], "threshold":0.9}, "id":"ASB-A-158570769-506b49bd", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/860fd4b6a2a4fe5d681bc07f2567fdc84f0d1580", "target":{"file":"services/core/java/com/android/server/pm/PackageManagerService.java"}}, {"deprecated":false, "digest":{"function_hash":"299406272119259219443769710308745694672", "length":3510}, "id":"ASB-A-158570769-7bd7af1d", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/860fd4b6a2a4fe5d681bc07f2567fdc84f0d1580", "target":{"file":"services/core/java/com/android/server/pm/PackageManagerService.java", "function":"applyPolicy"}}]}}], "references":[{"type":"ADVISORY", "url":"https://source.android.com/security/bulletin/2020-09-01"}, {"type":"FIX", "url":"https://android.googlesource.com/platform/frameworks/base/+/860fd4b6a2a4fe5d681bc07f2567fdc84f0d1580"}]}