{"id":"ASB-A-170731783", "published":"2021-02-01T00:00:00Z", "modified":"2026-04-29T15:10:00.007170452Z", "aliases":["CVE-2021-0331", "A-170731783"], "details":"In onCreate of NotificationAccessConfirmationActivity.java, there is a possible overlay attack due to an insecure default value. This could lead to local escalation of privilege and notification access with User execution privileges needed. User interaction is needed for exploitation.", "affected":[{"package":{"name":"platform/packages/apps/Settings", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"8.0:0"}, {"fixed":"8.0:2021-02-01"}]}], "versions":["8.0"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/packages/apps/Settings/+/8cef97cb2bb8a728e5f70644accad1a3306c6d38"], "severity":"High", "spl":"2021-02-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"145358671088144896228324099267018853571", "length":928}, "id":"ASB-A-170731783-405a3818", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/apps/Settings/+/8cef97cb2bb8a728e5f70644accad1a3306c6d38", "target":{"file":"src/com/android/settings/notification/NotificationAccessConfirmationActivity.java", "function":"onCreate"}}, {"deprecated":false, "digest":{"line_hashes":["87350972594315985056756197480146312750", "128441514203815780955371503440319638117", "42504521014124521314865413295361664258", "48431991658275707829598539139946437564"], "threshold":0.9}, "id":"ASB-A-170731783-fcf54f0c", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/apps/Settings/+/8cef97cb2bb8a728e5f70644accad1a3306c6d38", "target":{"file":"src/com/android/settings/notification/NotificationAccessConfirmationActivity.java"}}]}}, {"package":{"name":"platform/packages/apps/Settings", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"8.1:0"}, {"fixed":"8.1:2021-02-01"}]}], "versions":["8.1"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/packages/apps/Settings/+/8cef97cb2bb8a728e5f70644accad1a3306c6d38"], "severity":"High", "spl":"2021-02-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"145358671088144896228324099267018853571", "length":928}, "id":"ASB-A-170731783-04be69c1", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/apps/Settings/+/8cef97cb2bb8a728e5f70644accad1a3306c6d38", "target":{"file":"src/com/android/settings/notification/NotificationAccessConfirmationActivity.java", "function":"onCreate"}}, {"deprecated":false, "digest":{"line_hashes":["87350972594315985056756197480146312750", "128441514203815780955371503440319638117", "42504521014124521314865413295361664258", "48431991658275707829598539139946437564"], "threshold":0.9}, "id":"ASB-A-170731783-33bc39ba", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/apps/Settings/+/8cef97cb2bb8a728e5f70644accad1a3306c6d38", "target":{"file":"src/com/android/settings/notification/NotificationAccessConfirmationActivity.java"}}]}}, {"package":{"name":"platform/packages/apps/Settings", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"9:0"}, {"fixed":"9:2021-02-01"}]}], "versions":["9"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/packages/apps/Settings/+/8cef97cb2bb8a728e5f70644accad1a3306c6d38"], "severity":"High", "spl":"2021-02-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"145358671088144896228324099267018853571", "length":928}, "id":"ASB-A-170731783-3fb0935a", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/apps/Settings/+/8cef97cb2bb8a728e5f70644accad1a3306c6d38", "target":{"file":"src/com/android/settings/notification/NotificationAccessConfirmationActivity.java", "function":"onCreate"}}, {"deprecated":false, "digest":{"line_hashes":["87350972594315985056756197480146312750", "128441514203815780955371503440319638117", "42504521014124521314865413295361664258", "48431991658275707829598539139946437564"], "threshold":0.9}, "id":"ASB-A-170731783-dfb9879c", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/apps/Settings/+/8cef97cb2bb8a728e5f70644accad1a3306c6d38", "target":{"file":"src/com/android/settings/notification/NotificationAccessConfirmationActivity.java"}}]}}, {"package":{"name":"platform/packages/apps/Settings", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"10:0"}, {"fixed":"10:2021-02-01"}]}], "versions":["10"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/packages/apps/Settings/+/8cef97cb2bb8a728e5f70644accad1a3306c6d38"], "severity":"High", "spl":"2021-02-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["87350972594315985056756197480146312750", "128441514203815780955371503440319638117", "42504521014124521314865413295361664258", "48431991658275707829598539139946437564"], "threshold":0.9}, "id":"ASB-A-170731783-b937f92b", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/apps/Settings/+/8cef97cb2bb8a728e5f70644accad1a3306c6d38", "target":{"file":"src/com/android/settings/notification/NotificationAccessConfirmationActivity.java"}}, {"deprecated":false, "digest":{"function_hash":"145358671088144896228324099267018853571", "length":928}, "id":"ASB-A-170731783-e14ac1f2", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/apps/Settings/+/8cef97cb2bb8a728e5f70644accad1a3306c6d38", "target":{"file":"src/com/android/settings/notification/NotificationAccessConfirmationActivity.java", "function":"onCreate"}}]}}, {"package":{"name":"platform/packages/apps/Settings", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"11:0"}, {"fixed":"11:2021-02-01"}]}], "versions":["11"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/packages/apps/Settings/+/8cef97cb2bb8a728e5f70644accad1a3306c6d38"], "severity":"High", "spl":"2021-02-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"145358671088144896228324099267018853571", "length":928}, "id":"ASB-A-170731783-85523074", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/apps/Settings/+/8cef97cb2bb8a728e5f70644accad1a3306c6d38", "target":{"file":"src/com/android/settings/notification/NotificationAccessConfirmationActivity.java", "function":"onCreate"}}, {"deprecated":false, "digest":{"line_hashes":["87350972594315985056756197480146312750", "128441514203815780955371503440319638117", "42504521014124521314865413295361664258", "48431991658275707829598539139946437564"], "threshold":0.9}, "id":"ASB-A-170731783-ebd4ad9b", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/apps/Settings/+/8cef97cb2bb8a728e5f70644accad1a3306c6d38", "target":{"file":"src/com/android/settings/notification/NotificationAccessConfirmationActivity.java"}}]}}], "references":[{"type":"ADVISORY", "url":"https://source.android.com/security/bulletin/2021-02-01"}, {"type":"FIX", "url":"https://android.googlesource.com/platform/packages/apps/Settings/+/8cef97cb2bb8a728e5f70644accad1a3306c6d38"}]}