{"id":"ASB-A-208662370", "published":"2022-03-01T00:00:00Z", "modified":"2026-05-01T15:24:27.653932157Z", "aliases":["CVE-2021-39693", "A-208662370"], "details":"In onUidStateChanged of AppOpsService.java, there is a possible way to access location without a visible indicator due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.", "affected":[{"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"12:0"}, {"fixed":"12:2022-03-01"}]}], "versions":["12"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/f14e212d82b32053d151eedf97ac59a4b5b18369"], "severity":"High", "spl":"2022-03-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"315538145376716360253371471486438683231", "length":1235}, "id":"ASB-A-208662370-acba7904", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/f14e212d82b32053d151eedf97ac59a4b5b18369", "target":{"file":"services/core/java/com/android/server/appop/AppOpsService.java", "function":"onUidStateChanged"}}, {"deprecated":false, "digest":{"line_hashes":["37134809959087956661517944958170528644", "328764706330746749091075703301307103179", "6457097028563598592615406195549245715"], "threshold":0.9}, "id":"ASB-A-208662370-ae70cc6f", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/f14e212d82b32053d151eedf97ac59a4b5b18369", "target":{"file":"services/core/java/com/android/server/appop/AppOpsService.java"}}]}}, {"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"12L:0"}, {"fixed":"12L:2022-03-01"}]}], "versions":["12L"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/2623d2792bb56bd81cfeec0430cb0c024ddaf684"], "severity":"High", "spl":"2022-03-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"315538145376716360253371471486438683231", "length":1235}, "id":"ASB-A-208662370-0602e1fe", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/2623d2792bb56bd81cfeec0430cb0c024ddaf684", "target":{"file":"services/core/java/com/android/server/appop/AppOpsService.java", "function":"onUidStateChanged"}}, {"deprecated":false, "digest":{"line_hashes":["37134809959087956661517944958170528644", "328764706330746749091075703301307103179", "6457097028563598592615406195549245715"], "threshold":0.9}, "id":"ASB-A-208662370-73172252", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/2623d2792bb56bd81cfeec0430cb0c024ddaf684", "target":{"file":"services/core/java/com/android/server/appop/AppOpsService.java"}}]}}], "references":[{"type":"ADVISORY", "url":"https://source.android.com/security/bulletin/2022-03-01"}, {"type":"FIX", "url":"https://android.googlesource.com/platform/frameworks/base/+/f14e212d82b32053d151eedf97ac59a4b5b18369"}]}