{"id":"ASB-A-195962697", "published":"2021-11-01T00:00:00Z", "modified":"2026-05-01T15:24:27.653932157Z", "aliases":["CVE-2021-0921", "A-195962697"], "details":"In ParsingPackageImpl of ParsingPackageImpl.java, there is a possible parcel serialization/deserialization mismatch due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.", "affected":[{"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"11:0"}, {"fixed":"11:2021-11-01"}]}], "versions":["11"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/37a0b6de89f7fb321fbeac02ec1a012817b8e682"], "severity":"High", "spl":"2021-11-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"99100697387140839554966702934242077285", "length":8115}, "id":"ASB-A-195962697-170ed122", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/37a0b6de89f7fb321fbeac02ec1a012817b8e682", "target":{"file":"core/java/android/content/pm/parsing/ParsingPackageImpl.java", "function":"ParsingPackageImpl"}}, {"deprecated":false, "digest":{"line_hashes":["68896256394410199598413605213761244301", "217009120226524868252066078517746715740", "93629877243590214160948290486212397867", "52327039998346520930140804119495652956", "78338779693442238923096934458057188476", "336210896519298546841556745773074056774", "318705937697210214821082097925467310906", "323816308728497968662577184529289135060", "85186955688304431731143572044404897618", "21888774256786285171950660888063437462", "193009650628039144781995821182891316220", "4391955342863366787914820282888738252"], "threshold":0.9}, "id":"ASB-A-195962697-3b426bfb", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/37a0b6de89f7fb321fbeac02ec1a012817b8e682", "target":{"file":"core/java/android/content/pm/parsing/ParsingPackageImpl.java"}}, {"deprecated":false, "digest":{"line_hashes":["29679118256754993236176310721150695790", "322258887350876419067175094266234239393", "206871791855760028647029641554666676000", "103335789839369259862298907790943317853", "312954562133464252866431607033718140141", "60305359041782497121913040503948066749", "279386003929800785714870412801894137635"], "threshold":0.9}, "id":"ASB-A-195962697-537087fd", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/37a0b6de89f7fb321fbeac02ec1a012817b8e682", "target":{"file":"core/java/android/content/pm/parsing/ParsingPackageUtils.java"}}, {"deprecated":false, "digest":{"function_hash":"285737106146630588615380589794033057518", "length":7776}, "id":"ASB-A-195962697-731e07b2", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/37a0b6de89f7fb321fbeac02ec1a012817b8e682", "target":{"file":"core/java/android/content/pm/parsing/ParsingPackageImpl.java", "function":"writeToParcel"}}]}}], "references":[{"type":"ADVISORY", "url":"https://source.android.com/security/bulletin/2021-11-01"}, {"type":"FIX", "url":"https://android.googlesource.com/platform/frameworks/base/+/f93af7ef7ebe9d139a34e615b97393a41ebabb56"}]}