{"id":"ASB-A-195338390", "published":"2021-11-01T00:00:00Z", "modified":"2026-05-01T15:24:27.653932157Z", "aliases":["CVE-2021-0923", "A-195338390"], "details":"In createOrUpdate of Permission.java, there is a possible way to gain internal permissions due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.", "affected":[{"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"12:0"}, {"fixed":"12:2021-11-01"}]}], "versions":["12"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/ce576f8f6831d46d71fb74df4e95fa36dc433e87"], "severity":"High", "spl":"2021-11-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"10398377879930122985996826165233028513", "length":1619}, "id":"ASB-A-195338390-106f5326", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/ce576f8f6831d46d71fb74df4e95fa36dc433e87", "target":{"file":"services/core/java/com/android/server/pm/permission/PermissionManagerService.java", "function":"revokeRuntimePermissionsIfPermissionDefinitionChangedInternal"}}, {"deprecated":false, "digest":{"function_hash":"173310955961255058604024706731620038496", "length":3022}, "id":"ASB-A-195338390-4e9a1e7e", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/ce576f8f6831d46d71fb74df4e95fa36dc433e87", "target":{"file":"services/core/java/com/android/server/pm/permission/PermissionManagerService.java", "function":"revokeRuntimePermissionInternal"}}, {"deprecated":false, "digest":{"line_hashes":["222273581131476333251158200754876163989", "114525043889790144806268605988273313788", "32355866003698517076087548646093884894", "194614932531463864324452253302642484140", "82414703211227529030403701170223469642", "104314630980706397450659964061909642381", "66192663707392411850494339439980666620", "153695918165227233423521605332753522211", "64482130110292781664011638300455111943", "242901863083591288339634272987136709504", "266058369859306509244983760191260860487", "150198578947028193438057291642360518411", "124390315483722004241672626364171039183", "51326007226365411267361335414310487497", "328992153803158932237137733695972051040", "282548361383701040461331675301269815039", "158172164881551266841965878222066981184", "55648652649340219512009517599118066374", "64821213720775443408314476760079419205", "164620961177324021686775905883990090172", "77922158108255598997812320132122134424", "129809764039649965438120694068743365818"], "threshold":0.9}, "id":"ASB-A-195338390-67426d84", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/ce576f8f6831d46d71fb74df4e95fa36dc433e87", "target":{"file":"services/core/java/com/android/server/pm/permission/PermissionManagerService.java"}}, {"deprecated":false, "digest":{"line_hashes":["149889175907308862112246394769003122151", "57126926199514680371015733813943539902", "164123177424740117392696444616546638506", "169909794344193229313091115174225767762"], "threshold":0.9}, "id":"ASB-A-195338390-720bc642", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/ce576f8f6831d46d71fb74df4e95fa36dc433e87", "target":{"file":"services/core/java/com/android/server/pm/permission/Permission.java"}}, {"deprecated":false, "digest":{"function_hash":"250786376110665315634871076352086685974", "length":2388}, "id":"ASB-A-195338390-f4634eb6", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/ce576f8f6831d46d71fb74df4e95fa36dc433e87", "target":{"file":"services/core/java/com/android/server/pm/permission/Permission.java", "function":"createOrUpdate"}}]}}], "references":[{"type":"ADVISORY", "url":"https://source.android.com/security/bulletin/2021-11-01"}, {"type":"FIX", "url":"https://android.googlesource.com/platform/frameworks/base/+/63777c0ca8e194ab3efc51905e83b07ea0d351a9"}]}