{"id":"ASB-A-209611539", "published":"2022-03-01T00:00:00Z", "modified":"2026-05-01T15:24:27.653932157Z", "aliases":["CVE-2021-39692", "A-209611539"], "details":"In onCreate of SetupLayoutActivity.java, there is a possible way to setup a work profile bypassing user consent due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.", "affected":[{"package":{"name":"platform/packages/apps/ManagedProvisioning", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"10:0"}, {"fixed":"10:2022-03-01"}]}], "versions":["10"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/packages/apps/ManagedProvisioning/+/f0908ba3ccf4b294be011cb3cb3441b34144f06e"], "severity":"High", "spl":"2022-03-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"279812341486862715102499333121300560131", "length":270}, "id":"ASB-A-209611539-2d7408e3", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/apps/ManagedProvisioning/+/f0908ba3ccf4b294be011cb3cb3441b34144f06e", "target":{"file":"src/com/android/managedprovisioning/common/SetupLayoutActivity.java", "function":"onCreate"}}, {"deprecated":false, "digest":{"line_hashes":["220332388498290215213726294612743642964", "335942912665976225110949355242464214081", "286508034715687416815902777443473931615", "195276513162238704053113346935851779543", "53727082822104917753235367368246502408", "310872518984056668347119424478769359078"], "threshold":0.9}, "id":"ASB-A-209611539-739108de", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/apps/ManagedProvisioning/+/f0908ba3ccf4b294be011cb3cb3441b34144f06e", "target":{"file":"src/com/android/managedprovisioning/common/SetupLayoutActivity.java"}}]}}, {"package":{"name":"platform/packages/apps/ManagedProvisioning", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"11:0"}, {"fixed":"11:2022-03-01"}]}], "versions":["11"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/packages/apps/ManagedProvisioning/+/4b04bf81f88385d9a364a6a6ef88e0025fd0f84a"], "severity":"High", "spl":"2022-03-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"279812341486862715102499333121300560131", "length":270}, "id":"ASB-A-209611539-3830400c", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/apps/ManagedProvisioning/+/4b04bf81f88385d9a364a6a6ef88e0025fd0f84a", "target":{"file":"src/com/android/managedprovisioning/common/SetupLayoutActivity.java", "function":"onCreate"}}, {"deprecated":false, "digest":{"line_hashes":["220332388498290215213726294612743642964", "335942912665976225110949355242464214081", "286508034715687416815902777443473931615", "195276513162238704053113346935851779543", "53727082822104917753235367368246502408", "310872518984056668347119424478769359078"], "threshold":0.9}, "id":"ASB-A-209611539-e2979154", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/apps/ManagedProvisioning/+/4b04bf81f88385d9a364a6a6ef88e0025fd0f84a", "target":{"file":"src/com/android/managedprovisioning/common/SetupLayoutActivity.java"}}]}}, {"package":{"name":"platform/packages/apps/ManagedProvisioning", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"12:0"}, {"fixed":"12:2022-03-01"}]}], "versions":["12"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/packages/apps/ManagedProvisioning/+/a07188111567974bc8a2c817825c28169c589535"], "severity":"High", "spl":"2022-03-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["314336311971156495770716358307085283278", "57288772857243715499003298683184410612", "167039254005696276617368158317989525581", "194597702290193553871435272377110277713", "62972918542328533708134472281361535958"], "threshold":0.9}, "id":"ASB-A-209611539-1749addc", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/apps/ManagedProvisioning/+/a07188111567974bc8a2c817825c28169c589535", "target":{"file":"src/com/android/managedprovisioning/common/SetupLayoutActivity.java"}}, {"deprecated":false, "digest":{"function_hash":"138985004227445478747826064386264047309", "length":513}, "id":"ASB-A-209611539-be270d63", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/apps/ManagedProvisioning/+/a07188111567974bc8a2c817825c28169c589535", "target":{"file":"src/com/android/managedprovisioning/common/SetupLayoutActivity.java", "function":"onCreate"}}]}}, {"package":{"name":"platform/packages/apps/ManagedProvisioning", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"12L:0"}, {"fixed":"12L:2022-03-01"}]}], "versions":["12L"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/packages/apps/ManagedProvisioning/+/a07188111567974bc8a2c817825c28169c589535"], "severity":"High", "spl":"2022-03-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["314336311971156495770716358307085283278", "57288772857243715499003298683184410612", "167039254005696276617368158317989525581", "194597702290193553871435272377110277713", "62972918542328533708134472281361535958"], "threshold":0.9}, "id":"ASB-A-209611539-373c73e1", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/apps/ManagedProvisioning/+/a07188111567974bc8a2c817825c28169c589535", "target":{"file":"src/com/android/managedprovisioning/common/SetupLayoutActivity.java"}}, {"deprecated":false, "digest":{"function_hash":"138985004227445478747826064386264047309", "length":513}, "id":"ASB-A-209611539-fc94c1ba", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/apps/ManagedProvisioning/+/a07188111567974bc8a2c817825c28169c589535", "target":{"file":"src/com/android/managedprovisioning/common/SetupLayoutActivity.java", "function":"onCreate"}}]}}], "references":[{"type":"ADVISORY", "url":"https://source.android.com/security/bulletin/2022-03-01"}, {"type":"FIX", "url":"https://android.googlesource.com/platform/packages/apps/ManagedProvisioning/+/a07188111567974bc8a2c817825c28169c589535"}]}