{"id":"ASB-A-202768292", "published":"2022-01-01T00:00:00Z", "modified":"2026-07-03T16:08:45.503432344Z", "aliases":["CVE-2021-39630", "A-202768292"], "details":"In executeRequest of OverlayManagerService.java, there is a possible way to control fabricated overlays from adb shell due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.", "affected":[{"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"12:0"}, {"fixed":"12:2022-01-01"}]}], "versions":["12"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/627d5eb68e19a8ea18c3c1405701b3a33f073315"], "severity":"High", "spl":"2022-01-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"326322751240508323355186466492298396434", "length":1337}, "id":"ASB-A-202768292-12db0af8", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/627d5eb68e19a8ea18c3c1405701b3a33f073315", "target":{"file":"services/core/java/com/android/server/om/OverlayManagerService.java", "function":"OverlayManagerService"}}, {"deprecated":false, "digest":{"function_hash":"22931789430284818538229315262645915337", "length":1784}, "id":"ASB-A-202768292-638c12c8", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/627d5eb68e19a8ea18c3c1405701b3a33f073315", "target":{"file":"services/core/java/com/android/server/om/OverlayManagerService.java", "function":"executeRequest"}}, {"deprecated":false, "digest":{"line_hashes":["264047575499705013826057957145778461627", "74772262489499897834733044985686582819", "119807025025831525566320421356378051124", "91008912170575886755658254909050260530", "308322145304475201728355297492677055162", "275155973538704798048365005284701952787", "32400124045898944545581680566210961286", "274268388700510425115480133473086407073", "42702381939894791518723683671897731020", "181485930362381194113622465111492284765", "74878875272942187113388173881169542538", "326663632130122039236458743459309863891", "254975610931225471233459325600541047397", "124160822546388015943020434133872821608"], "threshold":0.9}, "id":"ASB-A-202768292-e7a115a8", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/627d5eb68e19a8ea18c3c1405701b3a33f073315", "target":{"file":"services/core/java/com/android/server/om/OverlayManagerService.java"}}]}}], "references":[{"type":"ADVISORY", "url":"https://source.android.com/security/bulletin/2022-01-01"}, {"type":"FIX", "url":"https://android.googlesource.com/platform/frameworks/base/+/b2dc041a4e84986e3a6932b127d3a18ef02b6d0a"}]}