{"id":"ASB-A-206090748", "published":"2022-03-01T00:00:00Z", "modified":"2026-04-03T15:37:31.002635057Z", "aliases":["CVE-2021-39689", "A-206090748"], "details":"In multiple functions of odsign_main.cpp, there is a possible way to persist system attack due to a logic error in the code. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.", "affected":[{"package":{"name":"platform/system/security", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"12:0"}, {"fixed":"12:2022-03-01"}]}], "versions":["12"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/system/security/+/9a374680df1912fb983bf174d88ddeb71932cec1"], "severity":"Moderate", "spl":"2022-03-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"115174242607445837283827550791433440053", "length":3127}, "id":"ASB-A-206090748-1e752266", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/security/+/9a374680df1912fb983bf174d88ddeb71932cec1", "target":{"file":"ondevice-signing/odsign_main.cpp", "function":"main"}}, {"deprecated":false, "digest":{"line_hashes":["155002132074404346642667567063298957642", "297260879976898572002085567125824570400", "188117423437172400110849304914488873278", "157142425212623079288036371350014858728", "204697804969151301657652142831750749263", "246063165005463238593878401576263943808", "46466359620560727117279535738104699931", "141059372346926048512427331198909030998", "2730617571386842996949351571057359371", "231174964654211160397274464679379716942", "79564985896302873437179230076078962713", "66258345296755914229722793912710658752", "119779208966118517802654399430476717338", "77624105651785219220920525729304708538", "251820337726636477205310617262680283716", "4251731988487157458031956612984751316", "272146446085519213110283545910970836919", "326391328849996974035268250804048831285", "302112193165383670968896532470765648117", "193934157389329987789925357200475432871", "27788796301632880293569162245196199580", "93910542072745963730906210286960621174", "143651183351945654395008936788862968309", "153565588807519245516641321357548138267", "181518540221266179414657618596067690955", "79190526905929199974984233414112142614", "226990917230412597926031777425518894451", "192038301750522978732304252332380591310", "73712142896677038537369976998197256465", "55819269734436224158671719536097316376", "178908855247042236448030067729071985011", "291864525956619739958175182635457124986", "159187200350724936694553768699727121852", "2840041652715579188324822575814674158", "25265074336690209759976022906363770937", "135838650960097277714843292576097054593", "28467515644553834983081233901945956675", "213516555238620568387563257684182639544", "182105187982994865056634254009835838869", "238646132370444170511494890340449228166", "309208033224288258558599515700297799420", "122663547908006295962942936874099607553", "104194636075107744279129509670243687737"], "threshold":0.9}, "id":"ASB-A-206090748-c9c7a03e", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/security/+/9a374680df1912fb983bf174d88ddeb71932cec1", "target":{"file":"ondevice-signing/odsign_main.cpp"}}, {"deprecated":false, "digest":{"function_hash":"284493981387205415012846669277598690417", "length":539}, "id":"ASB-A-206090748-edf45161", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/security/+/9a374680df1912fb983bf174d88ddeb71932cec1", "target":{"file":"ondevice-signing/odsign_main.cpp", "function":"verifyArtifacts"}}]}}, {"package":{"name":"platform/system/security", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"12L:0"}, {"fixed":"12L:2022-03-01"}]}], "versions":["12L"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/system/security/+/7bf6e0a053307a0918965da9be6560e77d6cfe59"], "severity":"Moderate", "spl":"2022-03-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["155002132074404346642667567063298957642", "297260879976898572002085567125824570400", "188117423437172400110849304914488873278", "157142425212623079288036371350014858728", "204697804969151301657652142831750749263", "246063165005463238593878401576263943808", "46466359620560727117279535738104699931", "141059372346926048512427331198909030998", "2730617571386842996949351571057359371", "231174964654211160397274464679379716942", "79564985896302873437179230076078962713", "66258345296755914229722793912710658752", "119779208966118517802654399430476717338", "77624105651785219220920525729304708538", "251820337726636477205310617262680283716", "4251731988487157458031956612984751316", "272146446085519213110283545910970836919", "326391328849996974035268250804048831285", "302112193165383670968896532470765648117", "193934157389329987789925357200475432871", "27788796301632880293569162245196199580", "93910542072745963730906210286960621174", "143651183351945654395008936788862968309", "153565588807519245516641321357548138267", "181518540221266179414657618596067690955", "79190526905929199974984233414112142614", "226990917230412597926031777425518894451", "192038301750522978732304252332380591310", "73712142896677038537369976998197256465", "55819269734436224158671719536097316376", "178908855247042236448030067729071985011", "291864525956619739958175182635457124986", "159187200350724936694553768699727121852", "2840041652715579188324822575814674158", "25265074336690209759976022906363770937", "135838650960097277714843292576097054593", "28467515644553834983081233901945956675", "213516555238620568387563257684182639544", "182105187982994865056634254009835838869", "238646132370444170511494890340449228166", "309208033224288258558599515700297799420", "122663547908006295962942936874099607553", "104194636075107744279129509670243687737"], "threshold":0.9}, "id":"ASB-A-206090748-7c0af659", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/security/+/7bf6e0a053307a0918965da9be6560e77d6cfe59", "target":{"file":"ondevice-signing/odsign_main.cpp"}}, {"deprecated":false, "digest":{"function_hash":"284493981387205415012846669277598690417", "length":539}, "id":"ASB-A-206090748-9edf6fd0", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/security/+/7bf6e0a053307a0918965da9be6560e77d6cfe59", "target":{"file":"ondevice-signing/odsign_main.cpp", "function":"verifyArtifacts"}}, {"deprecated":false, "digest":{"function_hash":"115174242607445837283827550791433440053", "length":3127}, "id":"ASB-A-206090748-cf64cc47", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/system/security/+/7bf6e0a053307a0918965da9be6560e77d6cfe59", "target":{"file":"ondevice-signing/odsign_main.cpp", "function":"main"}}]}}], "references":[{"type":"ADVISORY", "url":"https://source.android.com/security/bulletin/2022-03-01"}, {"type":"FIX", "url":"https://android.googlesource.com/platform/system/security/+/9a374680df1912fb983bf174d88ddeb71932cec1"}]}