{"id":"ASB-A-162627132", "published":"2020-12-01T00:00:00Z", "modified":"2026-06-17T15:23:34.405473849Z", "aliases":["CVE-2020-0440", "A-162627132"], "details":"In createVirtualDisplay of DisplayManagerService.java, there is a possible way to create a trusted virtual display due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.", "affected":[{"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"11:0"}, {"fixed":"11:2020-12-01"}]}], "versions":["11"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/11725e1206645e567cfdd70100d64d1e0a85180d", "https://android.googlesource.com/platform/frameworks/base/+/534bbaeead15bc3c540efd947b3a5ade62cf27be"], "severity":"High", "spl":"2020-12-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"239371168474435106705549436577521379820", "length":620}, "id":"ASB-A-162627132-423248a4", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/11725e1206645e567cfdd70100d64d1e0a85180d", "target":{"file":"core/java/android/app/ActivityView.java", "function":"ActivityView"}}, {"deprecated":false, "digest":{"line_hashes":["250896370136357360299701666135463075360", "201686686013155060205738386991483530780", "312711583752047043129679056824365673054", "189122960153261462874005845203010359948", "286399048268168781185554467120798134232", "106083281954009616223228637256462267615", "25850704806361255751968423519166396887", "12967322972079511881275869331236320072", "147716021270222420492105860109471466604", "131276406187877410944642951580088492827", "63377060841528466725544497714051852830"], "threshold":0.9}, "id":"ASB-A-162627132-65d2d104", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/11725e1206645e567cfdd70100d64d1e0a85180d", "target":{"file":"services/core/java/com/android/server/display/DisplayManagerService.java"}}, {"deprecated":false, "digest":{"line_hashes":["258553771971410405841084262629681100491", "7401628291545135932660139539553619545", "242204327715555293190831521448470172486", "92939128731960973492346651811509168753", "314433566844467450865012753231334211740", "274368783212763415446615146683375695911", "204010551266933520204560819755870222846", "203391213251224488244764204613584365300", "258366518084438667083298462982327040781", "323913289008743989267380426453474823230", "260321854692399135256547868646927935704", "205346645043153278868991523410521507592", "22316378711438805155223441773216217046", "288419990617274279659441749515198568054", "81949748116057554335464500557729565413", "269178950074266937729074231395410186816", "17744133001399994430564946342714323148", "307467135462894795426734241007414458866", "167262242747670297908136728001729126263"], "threshold":0.9}, "id":"ASB-A-162627132-6b4eacfa", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/11725e1206645e567cfdd70100d64d1e0a85180d", "target":{"file":"core/java/android/window/VirtualDisplayTaskEmbedder.java"}}, {"deprecated":false, "digest":{"line_hashes":["195379310623476678710410218490563778316", "319199624462453366552246890649462496261", "80218908142020543923972804654231410495", "303522696637731085215683590697967519853"], "threshold":0.9}, "id":"ASB-A-162627132-7efdb6d8", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/11725e1206645e567cfdd70100d64d1e0a85180d", "target":{"file":"packages/SystemUI/src/com/android/systemui/bubbles/BubbleExpandedView.java"}}, {"deprecated":false, "digest":{"function_hash":"121327654351840086936967050863261341871", "length":2507}, "id":"ASB-A-162627132-90e6a927", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/11725e1206645e567cfdd70100d64d1e0a85180d", "target":{"file":"services/core/java/com/android/server/display/DisplayManagerService.java", "function":"createVirtualDisplay"}}, {"deprecated":false, "digest":{"function_hash":"209332261248657150809766734052562692292", "length":161}, "id":"ASB-A-162627132-ab7c7fc2", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/11725e1206645e567cfdd70100d64d1e0a85180d", "target":{"file":"core/java/android/window/VirtualDisplayTaskEmbedder.java", "function":"VirtualDisplayTaskEmbedder"}}, {"deprecated":false, "digest":{"function_hash":"43726405350117188276488369128079194231", "length":1338}, "id":"ASB-A-162627132-cf11ce92", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/534bbaeead15bc3c540efd947b3a5ade62cf27be", "target":{"file":"services/core/java/com/android/server/vr/Vr2dDisplay.java", "function":"startVirtualDisplay"}}, {"deprecated":false, "digest":{"function_hash":"249708782117754009439509511991058852838", "length":2350}, "id":"ASB-A-162627132-d081ff13", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/11725e1206645e567cfdd70100d64d1e0a85180d", "target":{"file":"packages/SystemUI/src/com/android/systemui/bubbles/BubbleExpandedView.java", "function":"onFinishInflate"}}, {"deprecated":false, "digest":{"line_hashes":["96089115919927883009817411414754204204", "168523404340466835887044445921646800663", "294037072454595404292982144317110578447", "126970483900217361288029711032128925081", "278734129672993415439047871053023539114", "205633361048188683437656721048153866684", "305995911117668165260433079536015939528", "316001025617636284700875619530730735172", "222647459581260635751040637918951188586", "333153351279358913954905767948003468291", "78534315695932223970272974659965922195", "51482359258682009475703155298937932777", "4234172063000335714751786394933520430", "289396799751130489717411796309020430709"], "threshold":0.9}, "id":"ASB-A-162627132-ea5889e1", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/11725e1206645e567cfdd70100d64d1e0a85180d", "target":{"file":"core/java/android/app/ActivityView.java"}}, {"deprecated":false, "digest":{"function_hash":"217285014179210020151564900447951640456", "length":1103}, "id":"ASB-A-162627132-f16c942b", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/11725e1206645e567cfdd70100d64d1e0a85180d", "target":{"file":"core/java/android/window/VirtualDisplayTaskEmbedder.java", "function":"onInitialize"}}, {"deprecated":false, "digest":{"line_hashes":["130344569746675618631350674811462547750", "49170604162311517459516755728915256969", "137912597979153709748025113541476231099", "210888633868301561718554373832830691966"], "threshold":0.9}, "id":"ASB-A-162627132-f5f154c6", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/534bbaeead15bc3c540efd947b3a5ade62cf27be", "target":{"file":"services/core/java/com/android/server/vr/Vr2dDisplay.java"}}]}}], "references":[{"type":"ADVISORY", "url":"https://source.android.com/security/bulletin/2020-12-01"}, {"type":"FIX", "url":"https://android.googlesource.com/platform/frameworks/base/+/11725e1206645e567cfdd70100d64d1e0a85180d"}, {"type":"FIX", "url":"https://android.googlesource.com/platform/frameworks/base/+/534bbaeead15bc3c540efd947b3a5ade62cf27be"}]}