{"id":"ASB-A-199754277", "published":"2021-12-01T00:00:00Z", "modified":"2026-07-03T16:08:45.503432344Z", "aliases":["CVE-2021-0963", "A-199754277"], "details":"In onCreate of KeyChainActivity.java, there is a possible way to use an app certificate stored in keychain due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.", "affected":[{"package":{"name":"platform/packages/apps/KeyChain", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"9:0"}, {"fixed":"9:2021-12-01"}]}], "versions":["9"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/packages/apps/KeyChain/+/cdca35442c767d64f6d0db4af438a3856263857a", "https://android.googlesource.com/platform/packages/apps/KeyChain/+/42d5b5ec58893e5f7f7d3bcc4a1e069aab3481b6"], "severity":"High", "spl":"2021-12-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"150779138925376225849993218317483860163", "length":229}, "id":"ASB-A-199754277-01442b80", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/apps/KeyChain/+/cdca35442c767d64f6d0db4af438a3856263857a", "target":{"file":"src/com/android/keychain/KeyChainActivity.java", "function":"onCreate"}}, {"deprecated":false, "digest":{"line_hashes":["303597175863065157596178365770904233588", "48256645860803694307132140820223977274", "217809699249745623648040710182897893395", "125037849551146727792591082922861769984", "326674869829824742598621061880651146141", "74405704416687296925880408315642770338", "153275313607274137358411093416341818351"], "threshold":0.9}, "id":"ASB-A-199754277-2f71314e", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/apps/KeyChain/+/cdca35442c767d64f6d0db4af438a3856263857a", "target":{"file":"src/com/android/keychain/KeyChainActivity.java"}}, {"deprecated":false, "digest":{"function_hash":"136996276653729503400298582803212933472", "length":3204}, "id":"ASB-A-199754277-38371cc6", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/apps/KeyChain/+/42d5b5ec58893e5f7f7d3bcc4a1e069aab3481b6", "target":{"file":"src/com/android/keychain/KeyChainActivity.java", "function":"displayCertChooserDialog"}}, {"deprecated":false, "digest":{"line_hashes":["135855190934219119756034388740564437399", "235540904095868242127131780153901629847", "259238752188879198495785490080792033447", "142819830997902240228446618298227373261"], "threshold":0.9}, "id":"ASB-A-199754277-f933ea8f", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/apps/KeyChain/+/42d5b5ec58893e5f7f7d3bcc4a1e069aab3481b6", "target":{"file":"src/com/android/keychain/KeyChainActivity.java"}}]}}, {"package":{"name":"platform/packages/apps/KeyChain", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"10:0"}, {"fixed":"10:2021-12-01"}]}], "versions":["10"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/packages/apps/KeyChain/+/7771b58966715ef430f5cb6d81344192ab6d258f", "https://android.googlesource.com/platform/packages/apps/KeyChain/+/2b7ea9710d2069f9768cc3c2350df74b60f9ecbf"], "severity":"High", "spl":"2021-12-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["303597175863065157596178365770904233588", "48256645860803694307132140820223977274", "217809699249745623648040710182897893395", "149797091561683545734968523231355275794", "59096776248267728189978126642021086297", "223171761866261416097529983750924596398"], "threshold":0.9}, "id":"ASB-A-199754277-0f35481e", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/apps/KeyChain/+/7771b58966715ef430f5cb6d81344192ab6d258f", "target":{"file":"src/com/android/keychain/KeyChainActivity.java"}}, {"deprecated":false, "digest":{"line_hashes":["135855190934219119756034388740564437399", "235540904095868242127131780153901629847", "259238752188879198495785490080792033447", "142819830997902240228446618298227373261"], "threshold":0.9}, "id":"ASB-A-199754277-a0ed1fb2", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/apps/KeyChain/+/2b7ea9710d2069f9768cc3c2350df74b60f9ecbf", "target":{"file":"src/com/android/keychain/KeyChainActivity.java"}}, {"deprecated":false, "digest":{"function_hash":"73505772937041119365331112705127743616", "length":2980}, "id":"ASB-A-199754277-c5fb9d5c", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/apps/KeyChain/+/2b7ea9710d2069f9768cc3c2350df74b60f9ecbf", "target":{"file":"src/com/android/keychain/KeyChainActivity.java", "function":"displayCertChooserDialog"}}]}}, {"package":{"name":"platform/packages/apps/KeyChain", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"11:0"}, {"fixed":"11:2021-12-01"}]}], "versions":["11"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/packages/apps/KeyChain/+/3de513868e45f022fce83d738032fc69b8c6b0f5", "https://android.googlesource.com/platform/packages/apps/KeyChain/+/90c6182ef5933ec69383115e2703a177a0c5929b"], "severity":"High", "spl":"2021-12-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"203824814824031038019991900579206230944", "length":3011}, "id":"ASB-A-199754277-1019e4a8", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/apps/KeyChain/+/90c6182ef5933ec69383115e2703a177a0c5929b", "target":{"file":"src/com/android/keychain/KeyChainActivity.java", "function":"displayCertChooserDialog"}}, {"deprecated":false, "digest":{"line_hashes":["135855190934219119756034388740564437399", "235540904095868242127131780153901629847", "259238752188879198495785490080792033447", "142819830997902240228446618298227373261"], "threshold":0.9}, "id":"ASB-A-199754277-1024affc", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/apps/KeyChain/+/90c6182ef5933ec69383115e2703a177a0c5929b", "target":{"file":"src/com/android/keychain/KeyChainActivity.java"}}, {"deprecated":false, "digest":{"line_hashes":["128691875263131775220820109058442280430", "168206557357049122735330899459189004701", "41045489127893675357598209381160343343", "59364463441045711836603236181276549075", "273197236036770507062995719670167860476", "48256645860803694307132140820223977274", "219824241320010701138802366041289464563", "24326035824782186584841896781093620413", "180873309683049572042491718958890115237", "244121184130991112938393343813406232222"], "threshold":0.9}, "id":"ASB-A-199754277-184c19c6", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/apps/KeyChain/+/3de513868e45f022fce83d738032fc69b8c6b0f5", "target":{"file":"src/com/android/keychain/KeyChainActivity.java"}}]}}, {"package":{"name":"platform/packages/apps/KeyChain", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"12:0"}, {"fixed":"12:2021-12-01"}]}], "versions":["12"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/packages/apps/KeyChain/+/d2c543f9670ce4c6abc27fdc47d730b0c532d9fb", "https://android.googlesource.com/platform/packages/apps/KeyChain/+/0b90da9e52f53d089d34a895256f048729b36661"], "severity":"High", "spl":"2021-12-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["208145163328167472748897027555711714882", "30674088855709114898709890290627615336", "254801975279325279560290300634665894950", "196498049348011577982911759103546494316", "56162162265642485860413942937486547499", "100392728771381320547015046049976835169", "106258610578275625944997385992487392222"], "threshold":0.9}, "id":"ASB-A-199754277-231b5806", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/apps/KeyChain/+/d2c543f9670ce4c6abc27fdc47d730b0c532d9fb", "target":{"file":"src/com/android/keychain/KeyChainActivity.java"}}, {"deprecated":false, "digest":{"function_hash":"118549816647082231951580483889162385421", "length":2776}, "id":"ASB-A-199754277-b9e6c704", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/apps/KeyChain/+/0b90da9e52f53d089d34a895256f048729b36661", "target":{"file":"src/com/android/keychain/KeyChainActivity.java", "function":"displayCertChooserDialog"}}, {"deprecated":false, "digest":{"line_hashes":["135855190934219119756034388740564437399", "235540904095868242127131780153901629847", "259238752188879198495785490080792033447", "111842385937988146741835959770460073843"], "threshold":0.9}, "id":"ASB-A-199754277-c2ca4d46", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/apps/KeyChain/+/0b90da9e52f53d089d34a895256f048729b36661", "target":{"file":"src/com/android/keychain/KeyChainActivity.java"}}, {"deprecated":false, "digest":{"function_hash":"71065350424441331116573748980346557509", "length":109}, "id":"ASB-A-199754277-dca04a64", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/apps/KeyChain/+/d2c543f9670ce4c6abc27fdc47d730b0c532d9fb", "target":{"file":"src/com/android/keychain/KeyChainActivity.java", "function":"onCreate"}}]}}], "references":[{"type":"ADVISORY", "url":"https://source.android.com/security/bulletin/2021-12-01"}]}