{"id":"ASB-A-174495520", "published":"2021-07-01T00:00:00Z", "modified":"2026-04-29T15:10:00.007170452Z", "aliases":["CVE-2021-0441", "A-174495520"], "details":"In onCreate of PermissionActivity.java, there is a possible permission bypass due to Confusing UI. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.", "affected":[{"package":{"name":"platform/packages/providers/MediaProvider", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"11:0"}, {"fixed":"11:2021-07-01"}]}], "versions":["11"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/packages/providers/MediaProvider/+/fa329dfa35d4d555eb7f67b5747308d0d5936943", "https://android.googlesource.com/platform/packages/providers/MediaProvider/+/800a66dc43292ab6acef3ec4e0cdca5d6bea532e"], "severity":"High", "spl":"2021-07-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"160634276961276626730964263451174363386", "length":1674}, "id":"ASB-A-174495520-21d22508", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/providers/MediaProvider/+/fa329dfa35d4d555eb7f67b5747308d0d5936943", "target":{"file":"src/com/android/providers/media/PermissionActivity.java", "function":"onCreate"}}, {"deprecated":false, "digest":{"line_hashes":["31141919643176627659328153472245179229", "86999575972865929992235964596735627872", "108140269969557220328071357316817313185", "233291842943152428503794391126055964450", "257020400239190153513363887187329512809", "295115850453021058172030059775192157888", "43255174627124142986229736576335918809", "251315986620641389059933065344829739555", "104969052765098577474846901634074063506"], "threshold":0.9}, "id":"ASB-A-174495520-4d22feb5", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/providers/MediaProvider/+/fa329dfa35d4d555eb7f67b5747308d0d5936943", "target":{"file":"src/com/android/providers/media/PermissionActivity.java"}}, {"deprecated":false, "digest":{"function_hash":"257520595334706914842036177510462948143", "length":1921}, "id":"ASB-A-174495520-6947f26e", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/providers/MediaProvider/+/800a66dc43292ab6acef3ec4e0cdca5d6bea532e", "target":{"file":"src/com/android/providers/media/PermissionActivity.java", "function":"onCreate"}}, {"deprecated":false, "digest":{"line_hashes":["280100266042028428875410183654160789372", "156977328917707171523931752373514320166", "195267572625652295709624300500963580664", "299086581888739430307899335704689694326", "165211276270851910358578421461215445477"], "threshold":0.9}, "id":"ASB-A-174495520-a279c693", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/providers/MediaProvider/+/800a66dc43292ab6acef3ec4e0cdca5d6bea532e", "target":{"file":"src/com/android/providers/media/PermissionActivity.java"}}]}}], "references":[{"type":"ADVISORY", "url":"https://source.android.com/security/bulletin/2021-07-01"}, {"type":"FIX", "url":"https://android.googlesource.com/platform/packages/providers/MediaProvider/+/800a66dc43292ab6acef3ec4e0cdca5d6bea532e"}, {"type":"FIX", "url":"https://android.googlesource.com/platform/packages/providers/MediaProvider/+/fa329dfa35d4d555eb7f67b5747308d0d5936943"}]}