{"id":"ASB-A-161149543", "published":"2021-09-01T00:00:00Z", "modified":"2026-06-09T15:27:06.151355248Z", "aliases":["CVE-2021-0688", "A-161149543"], "details":"In lockNow of PhoneWindowManager.java, there is a possible lock screen bypass due to a race condition. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.", "affected":[{"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"8.1:0"}, {"fixed":"8.1:2021-09-01"}]}], "versions":["8.1"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/1692babe5e60b4e10f23d4960455ccbff6616ba3"], "severity":"High", "spl":"2021-09-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"26157112456646219037242013414574115420", "length":588}, "id":"ASB-A-161149543-1252d454", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/1692babe5e60b4e10f23d4960455ccbff6616ba3", "target":{"file":"services/core/java/com/android/server/policy/PhoneWindowManager.java", "function":"updateLockScreenTimeout"}}, {"deprecated":false, "digest":{"line_hashes":["110296684141808678684021330201123592140", "132356450257849742953062358954520295662", "154809401863724267218166157270996940920", "149139943970841709575029173070530583599", "58802991114357024480375150965637399893", "125091519876953792970122920225599640127", "166846741850853768415146020153054657854", "170990589830754137692470038175414425508", "315474462340662722823114123202737043157", "115153995672427717755590657865936898035", "117868206297434497273464189127627886697", "329696182419953449747700532632314048659", "171498306297171837643959394816452619134", "162793250209821021751069352410584053381", "146599598161750512561113595922270640676", "177846352663443045193341583161698699370", "80653375123577783371946402788916196249", "70688700142308229714148814027431868371"], "threshold":0.9}, "id":"ASB-A-161149543-a49a0b9a", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/1692babe5e60b4e10f23d4960455ccbff6616ba3", "target":{"file":"services/core/java/com/android/server/policy/PhoneWindowManager.java"}}, {"deprecated":false, "digest":{"function_hash":"150325954876305094094106885358233961885", "length":263}, "id":"ASB-A-161149543-cee9105f", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/1692babe5e60b4e10f23d4960455ccbff6616ba3", "target":{"file":"services/core/java/com/android/server/policy/PhoneWindowManager.java", "function":"run"}}, {"deprecated":false, "digest":{"function_hash":"138995477143525658020805310948159355172", "length":271}, "id":"ASB-A-161149543-d91280a8", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/1692babe5e60b4e10f23d4960455ccbff6616ba3", "target":{"file":"services/core/java/com/android/server/policy/PhoneWindowManager.java", "function":"lockNow"}}]}}, {"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"9:0"}, {"fixed":"9:2021-09-01"}]}], "versions":["9"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/1d31270fd256b50c32f7b5f47ca61d1b96c9b4a7"], "severity":"High", "spl":"2021-09-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"138995477143525658020805310948159355172", "length":271}, "id":"ASB-A-161149543-038d61d7", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/1d31270fd256b50c32f7b5f47ca61d1b96c9b4a7", "target":{"file":"services/core/java/com/android/server/policy/PhoneWindowManager.java", "function":"lockNow"}}, {"deprecated":false, "digest":{"function_hash":"26157112456646219037242013414574115420", "length":588}, "id":"ASB-A-161149543-78f9f016", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/1d31270fd256b50c32f7b5f47ca61d1b96c9b4a7", "target":{"file":"services/core/java/com/android/server/policy/PhoneWindowManager.java", "function":"updateLockScreenTimeout"}}, {"deprecated":false, "digest":{"line_hashes":["115309189732792936565906214280093891428", "229157340037809237449487996861940247128", "123470776856715044908176069652625038320", "149139943970841709575029173070530583599", "58802991114357024480375150965637399893", "125091519876953792970122920225599640127", "166846741850853768415146020153054657854", "170990589830754137692470038175414425508", "315474462340662722823114123202737043157", "115153995672427717755590657865936898035", "117868206297434497273464189127627886697", "329696182419953449747700532632314048659", "171498306297171837643959394816452619134", "162793250209821021751069352410584053381", "146599598161750512561113595922270640676", "177846352663443045193341583161698699370", "80653375123577783371946402788916196249", "70688700142308229714148814027431868371"], "threshold":0.9}, "id":"ASB-A-161149543-8fa3a0b9", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/1d31270fd256b50c32f7b5f47ca61d1b96c9b4a7", "target":{"file":"services/core/java/com/android/server/policy/PhoneWindowManager.java"}}, {"deprecated":false, "digest":{"function_hash":"150325954876305094094106885358233961885", "length":263}, "id":"ASB-A-161149543-b5e46146", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/1d31270fd256b50c32f7b5f47ca61d1b96c9b4a7", "target":{"file":"services/core/java/com/android/server/policy/PhoneWindowManager.java", "function":"run"}}]}}, {"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"10:0"}, {"fixed":"10:2021-09-01"}]}], "versions":["10"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/1fc88c383eb7d59b3eee7b0064a4aa80f3dee3ff"], "severity":"High", "spl":"2021-09-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"74038015658894357154343992338667324987", "length":645}, "id":"ASB-A-161149543-047c0e77", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/1fc88c383eb7d59b3eee7b0064a4aa80f3dee3ff", "target":{"file":"services/core/java/com/android/server/policy/PhoneWindowManager.java", "function":"updateLockScreenTimeout"}}, {"deprecated":false, "digest":{"function_hash":"150325954876305094094106885358233961885", "length":263}, "id":"ASB-A-161149543-094748f6", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/1fc88c383eb7d59b3eee7b0064a4aa80f3dee3ff", "target":{"file":"services/core/java/com/android/server/policy/PhoneWindowManager.java", "function":"run"}}, {"deprecated":false, "digest":{"line_hashes":["83294065643958449406529921329867526582", "77897212903232999051681698149966879511", "315252188664395093098679600340521514184", "149139943970841709575029173070530583599", "58802991114357024480375150965637399893", "125091519876953792970122920225599640127", "166846741850853768415146020153054657854", "170990589830754137692470038175414425508", "315474462340662722823114123202737043157", "115153995672427717755590657865936898035", "117868206297434497273464189127627886697", "329696182419953449747700532632314048659", "171498306297171837643959394816452619134", "100972395155472047536397767717712125297", "299975538857533994948103913983358902953", "333985421371425194719111149127907094429", "44036234350141183695055486435833539310", "158358897617130652935667504487149971305", "20744152542465715433779227326274216742"], "threshold":0.9}, "id":"ASB-A-161149543-8134961c", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/1fc88c383eb7d59b3eee7b0064a4aa80f3dee3ff", "target":{"file":"services/core/java/com/android/server/policy/PhoneWindowManager.java"}}, {"deprecated":false, "digest":{"function_hash":"138995477143525658020805310948159355172", "length":271}, "id":"ASB-A-161149543-b88997f5", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/1fc88c383eb7d59b3eee7b0064a4aa80f3dee3ff", "target":{"file":"services/core/java/com/android/server/policy/PhoneWindowManager.java", "function":"lockNow"}}]}}, {"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"11:0"}, {"fixed":"11:2021-09-01"}]}], "versions":["11"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/9c8b1512a532478dea055d82ad6a49d53a9f31b1"], "severity":"High", "spl":"2021-09-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"150325954876305094094106885358233961885", "length":263}, "id":"ASB-A-161149543-22d83928", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/9c8b1512a532478dea055d82ad6a49d53a9f31b1", "target":{"file":"services/core/java/com/android/server/policy/PhoneWindowManager.java", "function":"run"}}, {"deprecated":false, "digest":{"function_hash":"74038015658894357154343992338667324987", "length":645}, "id":"ASB-A-161149543-7775101f", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/9c8b1512a532478dea055d82ad6a49d53a9f31b1", "target":{"file":"services/core/java/com/android/server/policy/PhoneWindowManager.java", "function":"updateLockScreenTimeout"}}, {"deprecated":false, "digest":{"function_hash":"138995477143525658020805310948159355172", "length":271}, "id":"ASB-A-161149543-82712f05", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/9c8b1512a532478dea055d82ad6a49d53a9f31b1", "target":{"file":"services/core/java/com/android/server/policy/PhoneWindowManager.java", "function":"lockNow"}}, {"deprecated":false, "digest":{"line_hashes":["83294065643958449406529921329867526582", "77897212903232999051681698149966879511", "315252188664395093098679600340521514184", "149139943970841709575029173070530583599", "58802991114357024480375150965637399893", "125091519876953792970122920225599640127", "166846741850853768415146020153054657854", "170990589830754137692470038175414425508", "315474462340662722823114123202737043157", "115153995672427717755590657865936898035", "117868206297434497273464189127627886697", "329696182419953449747700532632314048659", "171498306297171837643959394816452619134", "100972395155472047536397767717712125297", "299975538857533994948103913983358902953", "333985421371425194719111149127907094429", "44036234350141183695055486435833539310", "158358897617130652935667504487149971305", "20744152542465715433779227326274216742"], "threshold":0.9}, "id":"ASB-A-161149543-b1838aa9", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/9c8b1512a532478dea055d82ad6a49d53a9f31b1", "target":{"file":"services/core/java/com/android/server/policy/PhoneWindowManager.java"}}]}}], "references":[{"type":"ADVISORY", "url":"https://source.android.com/security/bulletin/2021-09-01"}, {"type":"FIX", "url":"https://android.googlesource.com/platform/frameworks/base/+/372088d7721f4c8cb7260d8e9fdaf498c5a30464"}]}