{"id":"ASB-A-200164168", "published":"2022-03-01T00:00:00Z", "modified":"2026-05-01T15:24:27.653932157Z", "aliases":["CVE-2021-39706", "A-200164168"], "details":"In onResume of CredentialStorage.java, there is a possible way to cleanup content of credentials storage due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.", "affected":[{"package":{"name":"platform/packages/apps/Settings", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"10:0"}, {"fixed":"10:2022-03-01"}]}], "versions":["10"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/packages/apps/Settings/+/35e3d0c1b0598b2032fc6c134c657255f1907594"], "severity":"High", "spl":"2022-03-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["294847935106685419390405624134946482607", "82906614265495310515570653317557617056", "159861592737700861009703597589919275556", "227542447424445244222662292374115168909", "201542614339003240336485074705580277268", "181950869077538877837885426374100210392", "163365771531368183851379029453875709304"], "threshold":0.9}, "id":"ASB-A-200164168-b96ef1b6", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/apps/Settings/+/35e3d0c1b0598b2032fc6c134c657255f1907594", "target":{"file":"src/com/android/settings/security/CredentialStorage.java"}}, {"deprecated":false, "digest":{"function_hash":"152680907284903635233314357538861496727", "length":460}, "id":"ASB-A-200164168-babd9d97", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/apps/Settings/+/35e3d0c1b0598b2032fc6c134c657255f1907594", "target":{"file":"src/com/android/settings/security/CredentialStorage.java", "function":"onResume"}}]}}, {"package":{"name":"platform/packages/apps/Car/Settings", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"11:0"}, {"fixed":"11:2022-03-01"}]}], "versions":["11"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/packages/apps/Car/Settings/+/6a6489935d203715a755b21b374e1e3b3085aa3f"], "severity":"High", "spl":"2022-03-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["227648426079284531361252755530448575297", "319836403509873846234084515950353464245", "79660424378960435000974712114857405762", "269091642270754071500476499506653333382", "273640597411792409689188349763575105779", "219276427171578401975723808035356768581", "324900859351151195652448818897023516213"], "threshold":0.9}, "id":"ASB-A-200164168-21994fbf", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/apps/Car/Settings/+/6a6489935d203715a755b21b374e1e3b3085aa3f", "target":{"file":"src/com/android/car/settings/security/CredentialStorageActivity.java"}}, {"deprecated":false, "digest":{"function_hash":"113359261602367393554565238702160217651", "length":461}, "id":"ASB-A-200164168-765af7bb", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/apps/Car/Settings/+/6a6489935d203715a755b21b374e1e3b3085aa3f", "target":{"file":"src/com/android/car/settings/security/CredentialStorageActivity.java", "function":"onResume"}}]}}, {"package":{"name":"platform/packages/apps/Settings", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"11:0"}, {"fixed":"11:2022-03-01"}]}], "versions":["11"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/packages/apps/Settings/+/f8a1a563c7c598db6fe5f902e35d968ea7dc0003"], "severity":"High", "spl":"2022-03-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"152680907284903635233314357538861496727", "length":460}, "id":"ASB-A-200164168-4f2d6cd4", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/apps/Settings/+/f8a1a563c7c598db6fe5f902e35d968ea7dc0003", "target":{"file":"src/com/android/settings/security/CredentialStorage.java", "function":"onResume"}}, {"deprecated":false, "digest":{"line_hashes":["294847935106685419390405624134946482607", "82906614265495310515570653317557617056", "159861592737700861009703597589919275556", "227542447424445244222662292374115168909", "264447109541725377457525668426737859850", "2489955176728554666695627062628097152", "163365771531368183851379029453875709304"], "threshold":0.9}, "id":"ASB-A-200164168-c04c1337", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/apps/Settings/+/f8a1a563c7c598db6fe5f902e35d968ea7dc0003", "target":{"file":"src/com/android/settings/security/CredentialStorage.java"}}]}}, {"package":{"name":"platform/packages/apps/Car/Settings", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"12:0"}, {"fixed":"12:2022-03-01"}]}], "versions":["12"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/packages/apps/Car/Settings/+/571f4c5b88c1e1ba3d7f04687d906cc89bfa6dc3"], "severity":"High", "spl":"2022-03-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"328604024871667527238186183680934489091", "length":599}, "id":"ASB-A-200164168-0655a3c2", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/apps/Car/Settings/+/571f4c5b88c1e1ba3d7f04687d906cc89bfa6dc3", "target":{"file":"src/com/android/car/settings/security/CredentialStorageActivity.java", "function":"onCreate"}}, {"deprecated":false, "digest":{"line_hashes":["227648426079284531361252755530448575297", "319836403509873846234084515950353464245", "79660424378960435000974712114857405762", "269091642270754071500476499506653333382", "273640597411792409689188349763575105779", "219276427171578401975723808035356768581", "324900859351151195652448818897023516213"], "threshold":0.9}, "id":"ASB-A-200164168-24386706", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/apps/Car/Settings/+/571f4c5b88c1e1ba3d7f04687d906cc89bfa6dc3", "target":{"file":"src/com/android/car/settings/security/CredentialStorageActivity.java"}}]}}, {"package":{"name":"platform/packages/apps/Settings", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"12:0"}, {"fixed":"12:2022-03-01"}]}], "versions":["12"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/packages/apps/Settings/+/6407b20ab3ab49318ba5cbfc0d6b59c675df67b4"], "severity":"High", "spl":"2022-03-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"152680907284903635233314357538861496727", "length":460}, "id":"ASB-A-200164168-920fde37", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/apps/Settings/+/6407b20ab3ab49318ba5cbfc0d6b59c675df67b4", "target":{"file":"src/com/android/settings/security/CredentialStorage.java", "function":"onResume"}}, {"deprecated":false, "digest":{"line_hashes":["294847935106685419390405624134946482607", "82906614265495310515570653317557617056", "159861592737700861009703597589919275556", "227542447424445244222662292374115168909", "264447109541725377457525668426737859850", "2489955176728554666695627062628097152", "163365771531368183851379029453875709304"], "threshold":0.9}, "id":"ASB-A-200164168-93218dff", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/apps/Settings/+/6407b20ab3ab49318ba5cbfc0d6b59c675df67b4", "target":{"file":"src/com/android/settings/security/CredentialStorage.java"}}]}}, {"package":{"name":"platform/packages/apps/Car/Settings", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"12L:0"}, {"fixed":"12L:2022-03-01"}]}], "versions":["12L"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/packages/apps/Car/Settings/+/571f4c5b88c1e1ba3d7f04687d906cc89bfa6dc3"], "severity":"High", "spl":"2022-03-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["227648426079284531361252755530448575297", "319836403509873846234084515950353464245", "79660424378960435000974712114857405762", "269091642270754071500476499506653333382", "273640597411792409689188349763575105779", "219276427171578401975723808035356768581", "324900859351151195652448818897023516213"], "threshold":0.9}, "id":"ASB-A-200164168-882999a5", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/apps/Car/Settings/+/571f4c5b88c1e1ba3d7f04687d906cc89bfa6dc3", "target":{"file":"src/com/android/car/settings/security/CredentialStorageActivity.java"}}, {"deprecated":false, "digest":{"function_hash":"328604024871667527238186183680934489091", "length":599}, "id":"ASB-A-200164168-bbfbb2d2", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/apps/Car/Settings/+/571f4c5b88c1e1ba3d7f04687d906cc89bfa6dc3", "target":{"file":"src/com/android/car/settings/security/CredentialStorageActivity.java", "function":"onCreate"}}]}}, {"package":{"name":"platform/packages/apps/Settings", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"12L:0"}, {"fixed":"12L:2022-03-01"}]}], "versions":["12L"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/packages/apps/Settings/+/6407b20ab3ab49318ba5cbfc0d6b59c675df67b4"], "severity":"High", "spl":"2022-03-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"152680907284903635233314357538861496727", "length":460}, "id":"ASB-A-200164168-24f7eb5e", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/apps/Settings/+/6407b20ab3ab49318ba5cbfc0d6b59c675df67b4", "target":{"file":"src/com/android/settings/security/CredentialStorage.java", "function":"onResume"}}, {"deprecated":false, "digest":{"line_hashes":["294847935106685419390405624134946482607", "82906614265495310515570653317557617056", "159861592737700861009703597589919275556", "227542447424445244222662292374115168909", "264447109541725377457525668426737859850", "2489955176728554666695627062628097152", "163365771531368183851379029453875709304"], "threshold":0.9}, "id":"ASB-A-200164168-c4f6d901", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/apps/Settings/+/6407b20ab3ab49318ba5cbfc0d6b59c675df67b4", "target":{"file":"src/com/android/settings/security/CredentialStorage.java"}}]}}], "references":[{"type":"ADVISORY", "url":"https://source.android.com/security/bulletin/2022-03-01"}, {"type":"FIX", "url":"https://android.googlesource.com/platform/packages/apps/Settings/+/6407b20ab3ab49318ba5cbfc0d6b59c675df67b4"}, {"type":"FIX", "url":"https://android.googlesource.com/platform/packages/apps/Car/Settings/+/6a6489935d203715a755b21b374e1e3b3085aa3f"}]}