{"id":"ASB-A-185388103", "published":"2021-10-01T00:00:00Z", "modified":"2026-06-11T14:59:52.052110020Z", "aliases":["CVE-2021-0705", "A-185388103"], "details":"In sanitizeSbn of NotificationManagerService.java, there is a possible way to keep service running in foreground and keep granted permissions due to Bypass of Background Service Restrictions. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.", "affected":[{"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"12-next:0"}, {"fixed":"12-next:2021-10-01"}]}], "versions":["12-next"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/5fbeff59df3ea1441c3843aa1834616876ef1985"], "severity":"High", "spl":"2021-10-01", "types":["Unknown", "EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"129250324374518207856791093571407910633", "length":481}, "id":"ASB-A-185388103-31c1dbc3", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/5fbeff59df3ea1441c3843aa1834616876ef1985", "target":{"file":"services/core/java/com/android/server/notification/NotificationManagerService.java", "function":"sanitizeSbn"}}, {"deprecated":false, "digest":{"line_hashes":["260064964664509925507457788170373554312", "269656193381146895023300407932068489788", "321636917718518938470445409394647757083"], "threshold":0.9}, "id":"ASB-A-185388103-499b92dd", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/5fbeff59df3ea1441c3843aa1834616876ef1985", "target":{"file":"core/java/android/app/Notification.java"}}, {"deprecated":false, "digest":{"line_hashes":["81855488838477469179496458719629537308", "14709484016280441089291033526149403860", "115266411417733228463612026026332734468", "93277395173377804051250675227520262242", "251849273066466898884700983092081481348", "286942952937526398439648102069131187007", "140928927599591441175299291746994664276", "134213782391794968706503425816496704006", "118645373760215142617774357350071115069", "56763815027739642353879737109065787931", "49555328781797856484789641594507537348"], "threshold":0.9}, "id":"ASB-A-185388103-e9b3c3b4", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/5fbeff59df3ea1441c3843aa1834616876ef1985", "target":{"file":"services/core/java/com/android/server/notification/NotificationManagerService.java"}}]}}, {"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"10:0"}, {"fixed":"10:2021-10-01"}]}], "versions":["10"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/14c1c7b4a732c517ba18f5dd0598adb9f3b72221"], "severity":"High", "spl":"2021-10-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"129250324374518207856791093571407910633", "length":481}, "id":"ASB-A-185388103-50406882", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/14c1c7b4a732c517ba18f5dd0598adb9f3b72221", "target":{"file":"services/core/java/com/android/server/notification/NotificationManagerService.java", "function":"sanitizeSbn"}}, {"deprecated":false, "digest":{"line_hashes":["81855488838477469179496458719629537308", "14709484016280441089291033526149403860", "115266411417733228463612026026332734468", "93277395173377804051250675227520262242", "251849273066466898884700983092081481348", "286942952937526398439648102069131187007", "140928927599591441175299291746994664276", "134213782391794968706503425816496704006", "118645373760215142617774357350071115069", "56763815027739642353879737109065787931", "49555328781797856484789641594507537348"], "threshold":0.9}, "id":"ASB-A-185388103-99fd5c4d", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/14c1c7b4a732c517ba18f5dd0598adb9f3b72221", "target":{"file":"services/core/java/com/android/server/notification/NotificationManagerService.java"}}, {"deprecated":false, "digest":{"line_hashes":["260064964664509925507457788170373554312", "269656193381146895023300407932068489788", "321636917718518938470445409394647757083"], "threshold":0.9}, "id":"ASB-A-185388103-d6f410f2", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/14c1c7b4a732c517ba18f5dd0598adb9f3b72221", "target":{"file":"core/java/android/app/Notification.java"}}]}}, {"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"11:0"}, {"fixed":"11:2021-10-01"}]}], "versions":["11"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/14c1c7b4a732c517ba18f5dd0598adb9f3b72221"], "severity":"High", "spl":"2021-10-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"129250324374518207856791093571407910633", "length":481}, "id":"ASB-A-185388103-16c2edfb", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/14c1c7b4a732c517ba18f5dd0598adb9f3b72221", "target":{"file":"services/core/java/com/android/server/notification/NotificationManagerService.java", "function":"sanitizeSbn"}}, {"deprecated":false, "digest":{"line_hashes":["260064964664509925507457788170373554312", "269656193381146895023300407932068489788", "321636917718518938470445409394647757083"], "threshold":0.9}, "id":"ASB-A-185388103-f351951d", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/14c1c7b4a732c517ba18f5dd0598adb9f3b72221", "target":{"file":"core/java/android/app/Notification.java"}}, {"deprecated":false, "digest":{"line_hashes":["81855488838477469179496458719629537308", "14709484016280441089291033526149403860", "115266411417733228463612026026332734468", "93277395173377804051250675227520262242", "251849273066466898884700983092081481348", "286942952937526398439648102069131187007", "140928927599591441175299291746994664276", "134213782391794968706503425816496704006", "118645373760215142617774357350071115069", "56763815027739642353879737109065787931", "49555328781797856484789641594507537348"], "threshold":0.9}, "id":"ASB-A-185388103-f3a0daea", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/14c1c7b4a732c517ba18f5dd0598adb9f3b72221", "target":{"file":"services/core/java/com/android/server/notification/NotificationManagerService.java"}}]}}, {"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"12:0"}, {"fixed":"12:2021-10-01"}]}], "versions":["12"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/5fbeff59df3ea1441c3843aa1834616876ef1985"], "severity":"High", "spl":"2021-10-01", "types":["Unknown"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["81855488838477469179496458719629537308", "14709484016280441089291033526149403860", "115266411417733228463612026026332734468", "93277395173377804051250675227520262242", "251849273066466898884700983092081481348", "286942952937526398439648102069131187007", "140928927599591441175299291746994664276", "134213782391794968706503425816496704006", "118645373760215142617774357350071115069", "56763815027739642353879737109065787931", "49555328781797856484789641594507537348"], "threshold":0.9}, "id":"ASB-A-185388103-b85703a1", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/5fbeff59df3ea1441c3843aa1834616876ef1985", "target":{"file":"services/core/java/com/android/server/notification/NotificationManagerService.java"}}, {"deprecated":false, "digest":{"function_hash":"129250324374518207856791093571407910633", "length":481}, "id":"ASB-A-185388103-d2c5baff", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/5fbeff59df3ea1441c3843aa1834616876ef1985", "target":{"file":"services/core/java/com/android/server/notification/NotificationManagerService.java", "function":"sanitizeSbn"}}, {"deprecated":false, "digest":{"line_hashes":["260064964664509925507457788170373554312", "269656193381146895023300407932068489788", "321636917718518938470445409394647757083"], "threshold":0.9}, "id":"ASB-A-185388103-e5b1495e", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/5fbeff59df3ea1441c3843aa1834616876ef1985", "target":{"file":"core/java/android/app/Notification.java"}}]}}], "references":[{"type":"ADVISORY", "url":"https://source.android.com/security/bulletin/2021-10-01"}, {"type":"FIX", "url":"https://android.googlesource.com/platform/frameworks/base/+/4eba7e65cd0cc2f2c87b001fb34b9f28ee7c70ab"}]}