{"id":"ASB-A-205130886", "published":"2022-10-01T00:00:00Z", "modified":"2026-06-11T14:59:52.052110020Z", "aliases":["CVE-2021-39758", "A-205130886"], "details":"In createPresentationContext of Presentation.java, there is a possible way to start a foreground activity from background due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.", "affected":[{"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"10:0"}, {"fixed":"10:2022-10-01"}]}], "versions":["10"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/c97296e9d9d2bad7bdd2d34c9428ba5f092fa8c1"], "severity":"Moderate", "spl":"2022-10-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["29840440586258169693462454076158925556", "213396486038452831278377549094169843602", "228445899389099079593691071735995055390", "251578245069968599296638591181347011752", "333900397814330802755872188782388426748", "73164140829396596013584142068435983733", "57908055369602442342969322100064423101", "322529904216023784252135970667632781390", "9750100643542470922863240679374362718", "333122694766293271160191850213446839841", "75798385379077713637207440080716134025"], "threshold":0.9}, "id":"ASB-A-205130886-20dedc0b", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/c97296e9d9d2bad7bdd2d34c9428ba5f092fa8c1", "target":{"file":"services/core/java/com/android/server/wm/RootWindowContainer.java"}}, {"deprecated":false, "digest":{"function_hash":"118031723022519068736264188622598971298", "length":199}, "id":"ASB-A-205130886-adba426d", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/c97296e9d9d2bad7bdd2d34c9428ba5f092fa8c1", "target":{"file":"services/core/java/com/android/server/wm/RootWindowContainer.java", "function":"isAnyNonToastWindowVisibleForUid"}}]}}, {"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"11:0"}, {"fixed":"11:2022-10-01"}]}], "versions":["11"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/778191bdf21661b41030f9308e095c0445dec33c"], "severity":"Moderate", "spl":"2022-10-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"309892185118692997003263110580644362314", "length":105}, "id":"ASB-A-205130886-353bac28", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/778191bdf21661b41030f9308e095c0445dec33c", "target":{"file":"services/core/java/com/android/server/wm/WindowState.java", "function":"isNonToastOrStarting"}}, {"deprecated":false, "digest":{"line_hashes":["10313335488045220910035931167300170355", "261372803265082561517492750361881604635", "278399851811985462604047126646984147638", "75641407910770251937695312410220914176", "50169372483916373397872568910188853356", "99847271758102256908039258320305980609", "206496492593111140008101430373728818789", "295136802722067114420916440743897339347", "327629897799297319038583944539384123633", "121227489019215725058657148439372717846", "170590786134876909076710201705065516382"], "threshold":0.9}, "id":"ASB-A-205130886-fb44b63e", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/778191bdf21661b41030f9308e095c0445dec33c", "target":{"file":"services/core/java/com/android/server/wm/WindowState.java"}}]}}, {"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"12:0"}, {"fixed":"12:2022-10-01"}]}], "versions":["12"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/88e98e0a853f7530d61aab13dea2bfc9792e3f32"], "severity":"Moderate", "spl":"2022-10-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["332816131073195698316323346625055011373", "248018738654998027143918272432072286269", "171592344151606292867477664931624942558", "94859399021469200881821990861703741625"], "threshold":0.9}, "id":"ASB-A-205130886-14eb8a35", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/88e98e0a853f7530d61aab13dea2bfc9792e3f32", "target":{"file":"services/core/java/com/android/server/wm/WindowState.java"}}, {"deprecated":false, "digest":{"function_hash":"237856969500410895529135917091395492974", "length":520}, "id":"ASB-A-205130886-7363d6c3", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/88e98e0a853f7530d61aab13dea2bfc9792e3f32", "target":{"file":"services/core/java/com/android/server/wm/WindowState.java", "function":"onSurfaceShownChanged"}}]}}], "references":[{"type":"ADVISORY", "url":"https://source.android.com/security/bulletin/2022-10-01"}, {"type":"FIX", "url":"https://android.googlesource.com/platform/frameworks/base/+/8e4efdb653ed38a6b9c3d306208557352d52cbd5"}]}