{"id":"ASB-A-188675581", "published":"2021-11-01T00:00:00Z", "modified":"2026-05-01T15:24:27.653932157Z", "aliases":["CVE-2021-0928", "A-188675581"], "details":"In createFromParcel of OutputConfiguration.java, there is a possible parcel serialization/deserialization mismatch due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.", "affected":[{"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"9:0"}, {"fixed":"9:2021-11-01"}]}], "versions":["9"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/8a11538146d894264420d5baa554e3968496b020"], "severity":"High", "spl":"2021-11-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"76093156863976474586356531644141148758", "length":227}, "id":"ASB-A-188675581-24cefa87", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/8a11538146d894264420d5baa554e3968496b020", "target":{"file":"core/java/android/hardware/camera2/params/VendorTagDescriptor.java", "function":"createFromParcel"}}, {"deprecated":false, "digest":{"line_hashes":["317483527648198509270140802827447531782", "223002703699211872129359134200179336438", "221450786313566647513099793628289661548", "313528256641003536810992463552861425957", "324427275809028332310722070584879438496", "177679753297519812690569650647470702063", "226482931100025291448174953009991502882", "10557001945486301106050378499633951520", "111106639122235668039694155904913124616", "171915954708776976830306371819336556732"], "threshold":0.9}, "id":"ASB-A-188675581-59b56edc", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/8a11538146d894264420d5baa554e3968496b020", "target":{"file":"core/java/android/hardware/camera2/params/OutputConfiguration.java"}}, {"deprecated":false, "digest":{"line_hashes":["55948512943992732438289951357765895868", "63330846775195551209605279357996019631", "273408181363306553741003517302417019867", "323580076011241559958992004763198920291", "28705630028658975241407202452171672217", "134854737740638073177096359259814546084", "48690313245675545338122514461806755622", "253602079636673948349820405558010193493", "111106639122235668039694155904913124616", "92411138204201860379570380065896571488"], "threshold":0.9}, "id":"ASB-A-188675581-6cad3ff6", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/8a11538146d894264420d5baa554e3968496b020", "target":{"file":"core/java/android/hardware/camera2/params/VendorTagDescriptorCache.java"}}, {"deprecated":false, "digest":{"function_hash":"192616195078580846107894632108500532721", "length":227}, "id":"ASB-A-188675581-9def4575", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/8a11538146d894264420d5baa554e3968496b020", "target":{"file":"core/java/android/hardware/camera2/params/OutputConfiguration.java", "function":"createFromParcel"}}, {"deprecated":false, "digest":{"line_hashes":["153417852049301962207569779497827171531", "261000798068641417599860683920950769917", "68380207807907527116214470036115371347", "36914989888970600394132832822505474009", "237971076016265399093107091487085744480", "125120888478096195769098937328838614142", "332931380088863269407041538114198722673", "37970245084357154993585643344969614462", "111106639122235668039694155904913124616", "290256071414516235837538977928667726928"], "threshold":0.9}, "id":"ASB-A-188675581-c179aba1", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/8a11538146d894264420d5baa554e3968496b020", "target":{"file":"core/java/android/hardware/camera2/params/VendorTagDescriptor.java"}}, {"deprecated":false, "digest":{"function_hash":"304382079224574811999329775731874862630", "length":232}, "id":"ASB-A-188675581-e909db41", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/8a11538146d894264420d5baa554e3968496b020", "target":{"file":"core/java/android/hardware/camera2/params/VendorTagDescriptorCache.java", "function":"createFromParcel"}}]}}, {"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"10:0"}, {"fixed":"10:2021-11-01"}]}], "versions":["10"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/7bf30cb92ab213c07241ad22def6816ae201dbab"], "severity":"High", "spl":"2021-11-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"192616195078580846107894632108500532721", "length":227}, "id":"ASB-A-188675581-15e9629a", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/7bf30cb92ab213c07241ad22def6816ae201dbab", "target":{"file":"core/java/android/hardware/camera2/params/OutputConfiguration.java", "function":"createFromParcel"}}, {"deprecated":false, "digest":{"function_hash":"76093156863976474586356531644141148758", "length":227}, "id":"ASB-A-188675581-16a5e4a4", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/7bf30cb92ab213c07241ad22def6816ae201dbab", "target":{"file":"core/java/android/hardware/camera2/params/VendorTagDescriptor.java", "function":"createFromParcel"}}, {"deprecated":false, "digest":{"line_hashes":["230352104463149322020516772239022149833", "243872001309038146320784694779324733857", "1987689868153551222234223639152650997", "92097555207732753286478878071925575645", "201550405209711947197728996795368769293", "116311922245513189830199955547492906938", "82429457986271022162143760017490601323", "69352991995164639378330939860494258757", "111106639122235668039694155904913124616", "142009069770802382041921867158857961337"], "threshold":0.9}, "id":"ASB-A-188675581-1d89aa28", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/7bf30cb92ab213c07241ad22def6816ae201dbab", "target":{"file":"core/java/android/hardware/camera2/params/SessionConfiguration.java"}}, {"deprecated":false, "digest":{"function_hash":"304382079224574811999329775731874862630", "length":232}, "id":"ASB-A-188675581-4bb8143a", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/7bf30cb92ab213c07241ad22def6816ae201dbab", "target":{"file":"core/java/android/hardware/camera2/params/VendorTagDescriptorCache.java", "function":"createFromParcel"}}, {"deprecated":false, "digest":{"function_hash":"66656033281491477789090332981665643467", "length":228}, "id":"ASB-A-188675581-5daa56b3", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/7bf30cb92ab213c07241ad22def6816ae201dbab", "target":{"file":"core/java/android/hardware/camera2/params/SessionConfiguration.java", "function":"createFromParcel"}}, {"deprecated":false, "digest":{"line_hashes":["153417852049301962207569779497827171531", "261000798068641417599860683920950769917", "68380207807907527116214470036115371347", "36914989888970600394132832822505474009", "237971076016265399093107091487085744480", "125120888478096195769098937328838614142", "332931380088863269407041538114198722673", "37970245084357154993585643344969614462", "111106639122235668039694155904913124616", "290256071414516235837538977928667726928"], "threshold":0.9}, "id":"ASB-A-188675581-79aa071c", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/7bf30cb92ab213c07241ad22def6816ae201dbab", "target":{"file":"core/java/android/hardware/camera2/params/VendorTagDescriptor.java"}}, {"deprecated":false, "digest":{"line_hashes":["317483527648198509270140802827447531782", "223002703699211872129359134200179336438", "221450786313566647513099793628289661548", "313528256641003536810992463552861425957", "324427275809028332310722070584879438496", "177679753297519812690569650647470702063", "226482931100025291448174953009991502882", "10557001945486301106050378499633951520", "111106639122235668039694155904913124616", "171915954708776976830306371819336556732"], "threshold":0.9}, "id":"ASB-A-188675581-bfa3b659", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/7bf30cb92ab213c07241ad22def6816ae201dbab", "target":{"file":"core/java/android/hardware/camera2/params/OutputConfiguration.java"}}, {"deprecated":false, "digest":{"line_hashes":["55948512943992732438289951357765895868", "63330846775195551209605279357996019631", "273408181363306553741003517302417019867", "323580076011241559958992004763198920291", "28705630028658975241407202452171672217", "134854737740638073177096359259814546084", "48690313245675545338122514461806755622", "253602079636673948349820405558010193493", "111106639122235668039694155904913124616", "92411138204201860379570380065896571488"], "threshold":0.9}, "id":"ASB-A-188675581-cce59c71", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/7bf30cb92ab213c07241ad22def6816ae201dbab", "target":{"file":"core/java/android/hardware/camera2/params/VendorTagDescriptorCache.java"}}]}}, {"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"11:0"}, {"fixed":"11:2021-11-01"}]}], "versions":["11"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/7bf30cb92ab213c07241ad22def6816ae201dbab"], "severity":"High", "spl":"2021-11-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"304382079224574811999329775731874862630", "length":232}, "id":"ASB-A-188675581-1080fa75", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/7bf30cb92ab213c07241ad22def6816ae201dbab", "target":{"file":"core/java/android/hardware/camera2/params/VendorTagDescriptorCache.java", "function":"createFromParcel"}}, {"deprecated":false, "digest":{"line_hashes":["55948512943992732438289951357765895868", "63330846775195551209605279357996019631", "273408181363306553741003517302417019867", "323580076011241559958992004763198920291", "28705630028658975241407202452171672217", "134854737740638073177096359259814546084", "48690313245675545338122514461806755622", "253602079636673948349820405558010193493", "111106639122235668039694155904913124616", "92411138204201860379570380065896571488"], "threshold":0.9}, "id":"ASB-A-188675581-17a1b571", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/7bf30cb92ab213c07241ad22def6816ae201dbab", "target":{"file":"core/java/android/hardware/camera2/params/VendorTagDescriptorCache.java"}}, {"deprecated":false, "digest":{"line_hashes":["230352104463149322020516772239022149833", "243872001309038146320784694779324733857", "1987689868153551222234223639152650997", "92097555207732753286478878071925575645", "201550405209711947197728996795368769293", "116311922245513189830199955547492906938", "82429457986271022162143760017490601323", "69352991995164639378330939860494258757", "111106639122235668039694155904913124616", "142009069770802382041921867158857961337"], "threshold":0.9}, "id":"ASB-A-188675581-3930d5c2", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/7bf30cb92ab213c07241ad22def6816ae201dbab", "target":{"file":"core/java/android/hardware/camera2/params/SessionConfiguration.java"}}, {"deprecated":false, "digest":{"line_hashes":["153417852049301962207569779497827171531", "261000798068641417599860683920950769917", "68380207807907527116214470036115371347", "36914989888970600394132832822505474009", "237971076016265399093107091487085744480", "125120888478096195769098937328838614142", "332931380088863269407041538114198722673", "37970245084357154993585643344969614462", "111106639122235668039694155904913124616", "290256071414516235837538977928667726928"], "threshold":0.9}, "id":"ASB-A-188675581-4044cce5", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/7bf30cb92ab213c07241ad22def6816ae201dbab", "target":{"file":"core/java/android/hardware/camera2/params/VendorTagDescriptor.java"}}, {"deprecated":false, "digest":{"function_hash":"192616195078580846107894632108500532721", "length":227}, "id":"ASB-A-188675581-450466ea", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/7bf30cb92ab213c07241ad22def6816ae201dbab", "target":{"file":"core/java/android/hardware/camera2/params/OutputConfiguration.java", "function":"createFromParcel"}}, {"deprecated":false, "digest":{"function_hash":"76093156863976474586356531644141148758", "length":227}, "id":"ASB-A-188675581-bc4a4c08", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/7bf30cb92ab213c07241ad22def6816ae201dbab", "target":{"file":"core/java/android/hardware/camera2/params/VendorTagDescriptor.java", "function":"createFromParcel"}}, {"deprecated":false, "digest":{"line_hashes":["317483527648198509270140802827447531782", "223002703699211872129359134200179336438", "221450786313566647513099793628289661548", "313528256641003536810992463552861425957", "324427275809028332310722070584879438496", "177679753297519812690569650647470702063", "226482931100025291448174953009991502882", "10557001945486301106050378499633951520", "111106639122235668039694155904913124616", "171915954708776976830306371819336556732"], "threshold":0.9}, "id":"ASB-A-188675581-cc7d7f5d", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/7bf30cb92ab213c07241ad22def6816ae201dbab", "target":{"file":"core/java/android/hardware/camera2/params/OutputConfiguration.java"}}, {"deprecated":false, "digest":{"function_hash":"66656033281491477789090332981665643467", "length":228}, "id":"ASB-A-188675581-ec785397", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/7bf30cb92ab213c07241ad22def6816ae201dbab", "target":{"file":"core/java/android/hardware/camera2/params/SessionConfiguration.java", "function":"createFromParcel"}}]}}], "references":[{"type":"ADVISORY", "url":"https://source.android.com/security/bulletin/2021-11-01"}, {"type":"FIX", "url":"https://android.googlesource.com/platform/frameworks/base/+/7bf30cb92ab213c07241ad22def6816ae201dbab"}]}