{"id":"ASB-A-180422108", "published":"2021-09-01T00:00:00Z", "modified":"2026-04-30T15:48:46.890647439Z", "aliases":["CVE-2021-0598", "A-180422108"], "details":"In onCreate of ConfirmConnectActivity.java, there is a possible pairing of untrusted Bluetooth devices due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.", "affected":[{"package":{"name":"platform/packages/apps/Nfc", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"8.1:0"}, {"fixed":"8.1:2021-09-01"}]}], "versions":["8.1"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/packages/apps/Nfc/+/662f5b3fe7eba4ed70abebd53dcd4563089cf7dd", "https://android.googlesource.com/platform/packages/apps/Nfc/+/9c56b01c5745252c13c05a2fe39faaef130813e5"], "severity":"High", "spl":"2021-09-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["296836596259220472807285156088569815707", "251353598694993409561482738213207804904", "242448319632971748835599379515892226753", "136108756541527684360426470570335133777", "278324471406019200716570849452251027803"], "threshold":0.9}, "id":"ASB-A-180422108-cecfb396", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/apps/Nfc/+/662f5b3fe7eba4ed70abebd53dcd4563089cf7dd", "target":{"file":"src/com/android/nfc/handover/ConfirmConnectActivity.java"}}, {"deprecated":false, "digest":{"function_hash":"128962696814408615060862366236348820039", "length":1613}, "id":"ASB-A-180422108-e63a2584", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/apps/Nfc/+/662f5b3fe7eba4ed70abebd53dcd4563089cf7dd", "target":{"file":"src/com/android/nfc/handover/ConfirmConnectActivity.java", "function":"onCreate"}}]}}, {"package":{"name":"platform/packages/apps/Nfc", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"9:0"}, {"fixed":"9:2021-09-01"}]}], "versions":["9"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/packages/apps/Nfc/+/662f5b3fe7eba4ed70abebd53dcd4563089cf7dd", "https://android.googlesource.com/platform/packages/apps/Nfc/+/9c56b01c5745252c13c05a2fe39faaef130813e5"], "severity":"High", "spl":"2021-09-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["296836596259220472807285156088569815707", "251353598694993409561482738213207804904", "242448319632971748835599379515892226753", "136108756541527684360426470570335133777", "278324471406019200716570849452251027803"], "threshold":0.9}, "id":"ASB-A-180422108-450716f4", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/apps/Nfc/+/662f5b3fe7eba4ed70abebd53dcd4563089cf7dd", "target":{"file":"src/com/android/nfc/handover/ConfirmConnectActivity.java"}}, {"deprecated":false, "digest":{"function_hash":"128962696814408615060862366236348820039", "length":1613}, "id":"ASB-A-180422108-90423ed7", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/apps/Nfc/+/662f5b3fe7eba4ed70abebd53dcd4563089cf7dd", "target":{"file":"src/com/android/nfc/handover/ConfirmConnectActivity.java", "function":"onCreate"}}]}}, {"package":{"name":"platform/packages/apps/Nfc", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"10:0"}, {"fixed":"10:2021-09-01"}]}], "versions":["10"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/packages/apps/Nfc/+/8afc24e296743c5c294444a14da20bc4c44dec6a", "https://android.googlesource.com/platform/packages/apps/Nfc/+/9c56b01c5745252c13c05a2fe39faaef130813e5"], "severity":"High", "spl":"2021-09-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"128962696814408615060862366236348820039", "length":1613}, "id":"ASB-A-180422108-38cabd9d", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/apps/Nfc/+/8afc24e296743c5c294444a14da20bc4c44dec6a", "target":{"file":"src/com/android/nfc/handover/ConfirmConnectActivity.java", "function":"onCreate"}}, {"deprecated":false, "digest":{"line_hashes":["296836596259220472807285156088569815707", "251353598694993409561482738213207804904", "242448319632971748835599379515892226753", "136108756541527684360426470570335133777", "278324471406019200716570849452251027803"], "threshold":0.9}, "id":"ASB-A-180422108-7bff64a5", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/apps/Nfc/+/8afc24e296743c5c294444a14da20bc4c44dec6a", "target":{"file":"src/com/android/nfc/handover/ConfirmConnectActivity.java"}}]}}, {"package":{"name":"platform/packages/apps/Nfc", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"11:0"}, {"fixed":"11:2021-09-01"}]}], "versions":["11"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/packages/apps/Nfc/+/8afc24e296743c5c294444a14da20bc4c44dec6a", "https://android.googlesource.com/platform/packages/apps/Nfc/+/9c56b01c5745252c13c05a2fe39faaef130813e5"], "severity":"High", "spl":"2021-09-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"128962696814408615060862366236348820039", "length":1613}, "id":"ASB-A-180422108-5e113c84", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/apps/Nfc/+/8afc24e296743c5c294444a14da20bc4c44dec6a", "target":{"file":"src/com/android/nfc/handover/ConfirmConnectActivity.java", "function":"onCreate"}}, {"deprecated":false, "digest":{"line_hashes":["296836596259220472807285156088569815707", "251353598694993409561482738213207804904", "242448319632971748835599379515892226753", "136108756541527684360426470570335133777", "278324471406019200716570849452251027803"], "threshold":0.9}, "id":"ASB-A-180422108-9c5fe78b", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/apps/Nfc/+/8afc24e296743c5c294444a14da20bc4c44dec6a", "target":{"file":"src/com/android/nfc/handover/ConfirmConnectActivity.java"}}]}}], "references":[{"type":"ADVISORY", "url":"https://source.android.com/security/bulletin/2021-09-01"}, {"type":"FIX", "url":"https://android.googlesource.com/platform/packages/apps/Nfc/+/e08056f8eafdc98e2db27b9936e61225b5e1ea7d"}, {"type":"FIX", "url":"https://android.googlesource.com/platform/packages/apps/Nfc/+/fd697c56b7795a7f0cf50cac55db71a60d5bd357"}]}