{"id":"ASB-A-184963385", "published":"2021-07-01T00:00:00Z", "modified":"2026-04-30T15:48:46.890647439Z", "aliases":["CVE-2021-0585", "A-184963385"], "details":"In beginWrite and beginRead  of MessageQueueBase.h, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.", "affected":[{"package":{"name":"platform/system/libfmq", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"8.1:0"}, {"fixed":"8.1:2021-07-01"}]}], "versions":["8.1"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/system/libfmq/+/3f308c6acfcb65f393edbd6116b22b533ef326b2"], "severity":"High", "spl":"2021-07-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["300022660320167551308862749013558626121", "254649352422238151419608266615740997635", "53657500343593482583714925289490764735", "292970735981558875510801691438496921814", "250292387344981924642512342354457729211", "339156788682527144629979745978484334149", "271850609831749251151038958195363888005", "288871552498701704663384623211518767190", "61593552060179744651164239855191336885", "92802034542751339213119156295249367201", "168538043508961032340963671571992798762", "42247331127913660586074889430481403667", "79088654464790524357252826744186188969", "112624877699840080183006125848811958253", "12429203616456136708920844482689329677", "181592415355305386570539476014158765742", "317687778973974435522516822096999496081", "40910131920625444190999795801859453116", "302802101381875735461446465709124607644", "178979752920340011727083479353157198063", "216928357803509634681769277560485086209", "107310925987573623907065954361058072137"], "threshold":0.9}, "id":"ASB-A-184963385-0f71992c", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/libfmq/+/3f308c6acfcb65f393edbd6116b22b533ef326b2", "target":{"file":"include/fmq/MessageQueue.h"}}, {"deprecated":false, "digest":{"function_hash":"25814852906500043335487120437247780942", "length":789}, "id":"ASB-A-184963385-287fbee7", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/libfmq/+/3f308c6acfcb65f393edbd6116b22b533ef326b2", "target":{"file":"include/fmq/MessageQueue.h", "function":"beginRead"}}, {"deprecated":false, "digest":{"function_hash":"1132215189128848320662267450900731733", "length":647}, "id":"ASB-A-184963385-96422510", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/libfmq/+/3f308c6acfcb65f393edbd6116b22b533ef326b2", "target":{"file":"include/fmq/MessageQueue.h", "function":"beginWrite"}}, {"deprecated":false, "digest":{"line_hashes":["86464080605561577303249332346361936345", "200842590254382353602991587513115428166", "331990379976521815974052574618971388267"], "threshold":0.9}, "id":"ASB-A-184963385-cb25342e", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/libfmq/+/3f308c6acfcb65f393edbd6116b22b533ef326b2", "target":{"file":"tests/msgq_test_client.cpp"}}]}}, {"package":{"name":"platform/system/libfmq", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"9:0"}, {"fixed":"9:2021-07-01"}]}], "versions":["9"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/system/libfmq/+/c7d5f09188ed79704bcf740ec22a5f762ae3d941"], "severity":"High", "spl":"2021-07-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"1132215189128848320662267450900731733", "length":647}, "id":"ASB-A-184963385-1ce32c61", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/libfmq/+/c7d5f09188ed79704bcf740ec22a5f762ae3d941", "target":{"file":"include/fmq/MessageQueue.h", "function":"beginWrite"}}, {"deprecated":false, "digest":{"line_hashes":["300022660320167551308862749013558626121", "254649352422238151419608266615740997635", "53657500343593482583714925289490764735", "292970735981558875510801691438496921814", "250292387344981924642512342354457729211", "339156788682527144629979745978484334149", "271850609831749251151038958195363888005", "288871552498701704663384623211518767190", "61593552060179744651164239855191336885", "92802034542751339213119156295249367201", "168538043508961032340963671571992798762", "42247331127913660586074889430481403667", "79088654464790524357252826744186188969", "112624877699840080183006125848811958253", "12429203616456136708920844482689329677", "181592415355305386570539476014158765742", "317687778973974435522516822096999496081", "40910131920625444190999795801859453116", "302802101381875735461446465709124607644", "178979752920340011727083479353157198063", "216928357803509634681769277560485086209", "107310925987573623907065954361058072137"], "threshold":0.9}, "id":"ASB-A-184963385-3b8caeb0", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/libfmq/+/c7d5f09188ed79704bcf740ec22a5f762ae3d941", "target":{"file":"include/fmq/MessageQueue.h"}}, {"deprecated":false, "digest":{"function_hash":"25814852906500043335487120437247780942", "length":789}, "id":"ASB-A-184963385-c77506cd", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/libfmq/+/c7d5f09188ed79704bcf740ec22a5f762ae3d941", "target":{"file":"include/fmq/MessageQueue.h", "function":"beginRead"}}, {"deprecated":false, "digest":{"line_hashes":["86464080605561577303249332346361936345", "200842590254382353602991587513115428166", "331990379976521815974052574618971388267"], "threshold":0.9}, "id":"ASB-A-184963385-cd3a437b", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/libfmq/+/c7d5f09188ed79704bcf740ec22a5f762ae3d941", "target":{"file":"tests/msgq_test_client.cpp"}}]}}, {"package":{"name":"platform/frameworks/av", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"10:0"}, {"fixed":"10:2021-07-01"}]}], "versions":["10"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/av/+/b0e09634903a73908b84361564215a79f1f6bdb1"], "severity":"High", "spl":"2021-07-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["320969485079306349290330415981021442138", "15124061242647060976983700580520203911", "57939858987354665103425629076016381741"], "threshold":0.9}, "id":"ASB-A-184963385-dd1f2afc", "match_only_versions":["10"], "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/av/+/b0e09634903a73908b84361564215a79f1f6bdb1", "target":{"file":"media/bufferpool/2.0/BufferStatus.cpp"}}]}}, {"package":{"name":"platform/system/libfmq", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"10:0"}, {"fixed":"10:2021-07-01"}]}], "versions":["10"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/system/libfmq/+/4dfdd1b76d0c3dc95bf0cbc7fb815e7216fa1f94"], "severity":"High", "spl":"2021-07-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["227302126195856825414451364477443874828", "247158300231320596903620852611188645202", "300022660320167551308862749013558626121", "254649352422238151419608266615740997635", "53657500343593482583714925289490764735", "292970735981558875510801691438496921814", "250292387344981924642512342354457729211", "339156788682527144629979745978484334149", "271850609831749251151038958195363888005", "288871552498701704663384623211518767190", "61593552060179744651164239855191336885", "92802034542751339213119156295249367201", "168538043508961032340963671571992798762", "42247331127913660586074889430481403667", "79088654464790524357252826744186188969", "112624877699840080183006125848811958253", "12429203616456136708920844482689329677", "181592415355305386570539476014158765742", "317687778973974435522516822096999496081", "40910131920625444190999795801859453116", "302802101381875735461446465709124607644", "178979752920340011727083479353157198063", "216928357803509634681769277560485086209", "107310925987573623907065954361058072137"], "threshold":0.9}, "id":"ASB-A-184963385-57eb5add", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/libfmq/+/4dfdd1b76d0c3dc95bf0cbc7fb815e7216fa1f94", "target":{"file":"include/fmq/MessageQueue.h"}}, {"deprecated":false, "digest":{"function_hash":"25814852906500043335487120437247780942", "length":789}, "id":"ASB-A-184963385-8e061e22", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/libfmq/+/4dfdd1b76d0c3dc95bf0cbc7fb815e7216fa1f94", "target":{"file":"include/fmq/MessageQueue.h", "function":"beginRead"}}, {"deprecated":false, "digest":{"line_hashes":["304724205008051771174038391144772804717", "9431047653358304405740597187304665060", "330652359866260078959063697446346183067", "63834971338319188425783480848334362287", "86464080605561577303249332346361936345", "200842590254382353602991587513115428166", "331990379976521815974052574618971388267"], "threshold":0.9}, "id":"ASB-A-184963385-a79b1f2d", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/libfmq/+/4dfdd1b76d0c3dc95bf0cbc7fb815e7216fa1f94", "target":{"file":"tests/msgq_test_client.cpp"}}, {"deprecated":false, "digest":{"function_hash":"213862884393298803354305101504209452764", "length":405}, "id":"ASB-A-184963385-c98807db", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/libfmq/+/4dfdd1b76d0c3dc95bf0cbc7fb815e7216fa1f94", "target":{"file":"tests/msgq_test_client.cpp", "function":"SetUp"}}, {"deprecated":false, "digest":{"function_hash":"1132215189128848320662267450900731733", "length":647}, "id":"ASB-A-184963385-d8febe24", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/libfmq/+/4dfdd1b76d0c3dc95bf0cbc7fb815e7216fa1f94", "target":{"file":"include/fmq/MessageQueue.h", "function":"beginWrite"}}]}}, {"package":{"name":"platform/system/libfmq", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"11:0"}, {"fixed":"11:2021-07-01"}]}], "versions":["11"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/system/libfmq/+/4ed31d5a6c5c48a2f9fc3e812600093f81c33d27"], "severity":"High", "spl":"2021-07-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["300022660320167551308862749013558626121", "254649352422238151419608266615740997635", "53657500343593482583714925289490764735", "292970735981558875510801691438496921814", "250292387344981924642512342354457729211", "339156788682527144629979745978484334149", "271850609831749251151038958195363888005", "288871552498701704663384623211518767190", "61593552060179744651164239855191336885", "92802034542751339213119156295249367201", "168538043508961032340963671571992798762", "42247331127913660586074889430481403667", "79088654464790524357252826744186188969", "112624877699840080183006125848811958253", "12429203616456136708920844482689329677", "181592415355305386570539476014158765742", "317687778973974435522516822096999496081", "40910131920625444190999795801859453116", "302802101381875735461446465709124607644", "178979752920340011727083479353157198063", "216928357803509634681769277560485086209", "107310925987573623907065954361058072137"], "threshold":0.9}, "id":"ASB-A-184963385-11190517", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/libfmq/+/4ed31d5a6c5c48a2f9fc3e812600093f81c33d27", "target":{"file":"include/fmq/MessageQueue.h"}}, {"deprecated":false, "digest":{"function_hash":"25814852906500043335487120437247780942", "length":789}, "id":"ASB-A-184963385-1183c25b", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/libfmq/+/4ed31d5a6c5c48a2f9fc3e812600093f81c33d27", "target":{"file":"include/fmq/MessageQueue.h", "function":"beginRead"}}, {"deprecated":false, "digest":{"function_hash":"213862884393298803354305101504209452764", "length":405}, "id":"ASB-A-184963385-68b4fc85", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/libfmq/+/4ed31d5a6c5c48a2f9fc3e812600093f81c33d27", "target":{"file":"tests/msgq_test_client.cpp", "function":"SetUp"}}, {"deprecated":false, "digest":{"line_hashes":["304724205008051771174038391144772804717", "9431047653358304405740597187304665060", "330652359866260078959063697446346183067", "63834971338319188425783480848334362287", "86464080605561577303249332346361936345", "200842590254382353602991587513115428166", "331990379976521815974052574618971388267"], "threshold":0.9}, "id":"ASB-A-184963385-c013d075", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/libfmq/+/4ed31d5a6c5c48a2f9fc3e812600093f81c33d27", "target":{"file":"tests/msgq_test_client.cpp"}}, {"deprecated":false, "digest":{"function_hash":"1132215189128848320662267450900731733", "length":647}, "id":"ASB-A-184963385-fe2e0e51", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/libfmq/+/4ed31d5a6c5c48a2f9fc3e812600093f81c33d27", "target":{"file":"include/fmq/MessageQueue.h", "function":"beginWrite"}}]}}], "references":[{"type":"ADVISORY", "url":"https://source.android.com/security/bulletin/2021-07-01"}, {"type":"FIX", "url":"https://android.googlesource.com/platform/system/libfmq/+/7f0e32bd77277a46759eb9f01a493b45c7e9a3c9"}]}