{"id":"ASB-A-67862680", "published":"2022-10-01T00:00:00Z", "modified":"2026-05-01T15:24:27.653932157Z", "aliases":["CVE-2021-39624", "A-67862680"], "details":"In freeStageDirs PackageInstallerService.java, there is a possible permanent denial of service due to resource exhaustion. This could lead to local denial of service with User execution privileges needed. User interaction is not needed for exploitation.", "affected":[{"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"11:0"}, {"fixed":"11:2022-10-01"}]}], "versions":["11"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/e58049a3ea2c056b999c281c7031f9e16e42f809", "https://android.googlesource.com/platform/frameworks/base/+/c98f06c286eb0d41f57e0a00b9f59044b9f12706", "https://android.googlesource.com/platform/frameworks/base/+/c685f8b19adcec0dc49ffaa1e94d7caa4f9d05ba"], "severity":"High", "spl":"2022-10-01", "types":["DoS"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["231647071772300585465452312863038561230", "226961283473680660607497783371622940641", "1590874551250501115739775307183070921", "268560991134431821572885859330076120373", "21684450436685452503377492655903552717", "102944836080010692696237589225087457442", "173973518293171333763135467069174745777", "212827379500181317594361103633482382789"], "threshold":0.9}, "id":"ASB-A-67862680-2afd9c55", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/c98f06c286eb0d41f57e0a00b9f59044b9f12706", "target":{"file":"services/core/java/com/android/server/pm/PackageInstallerSession.java"}}, {"deprecated":false, "digest":{"function_hash":"273805400080081880170723381856832337468", "length":737}, "id":"ASB-A-67862680-379897d7", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/c98f06c286eb0d41f57e0a00b9f59044b9f12706", "target":{"file":"services/core/java/com/android/server/pm/PackageInstallerSession.java", "function":"abandon"}}, {"deprecated":false, "digest":{"line_hashes":["54572172434278520596962232904901486513", "87996143593032764240316947583968091144", "165345424111386554270972408050563292929", "295655804509923656326529606040952594600"], "threshold":0.9}, "id":"ASB-A-67862680-3ae1d82f", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/c98f06c286eb0d41f57e0a00b9f59044b9f12706", "target":{"file":"services/core/java/com/android/server/pm/PackageManagerService.java"}}, {"deprecated":false, "digest":{"line_hashes":["128839209409286695299493028545535967504", "224031725987460491461566968220000447043", "243104723397195501898965355495311790902", "155764645013897787359166779249695006000", "65284601596300055773876624228434667212", "207788746859773401556292978391996005677", "269537525648202871467085885312664657285", "99592466177856074331007684156578867769", "121710756038622164578913279598147800399", "130207987762410951472723258930684168127", "235078564691420998246240548120553881543", "117943856060304130069094321922237453938", "159747545260426523876163702384838669919", "222226010543324602698304872379985283612", "163176054255348541535607879171415433635", "11035555290304133429925253652975625397", "112314239359983007446312754720742605261", "212406622336035543534616037676055919110", "211383553759032931568668796291548314536"], "threshold":0.9}, "id":"ASB-A-67862680-3b469981", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/c98f06c286eb0d41f57e0a00b9f59044b9f12706", "target":{"file":"services/core/java/com/android/server/pm/PackageInstallerService.java"}}, {"deprecated":false, "digest":{"function_hash":"210904226249863099572505035061816571741", "length":518}, "id":"ASB-A-67862680-dad6a969", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/c685f8b19adcec0dc49ffaa1e94d7caa4f9d05ba", "target":{"file":"services/core/java/com/android/server/pm/PackageInstallerService.java", "function":"freeStageDirs"}}, {"deprecated":false, "digest":{"line_hashes":["22968990478075691637095528458948844044", "304935604944217512273695771374069683000", "171628562803422686560729299510946201548", "81491461421845956552653412657681604930"], "threshold":0.9}, "id":"ASB-A-67862680-dd49740a", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/c685f8b19adcec0dc49ffaa1e94d7caa4f9d05ba", "target":{"file":"services/core/java/com/android/server/pm/PackageInstallerService.java"}}, {"deprecated":false, "digest":{"function_hash":"228585989790663195563271860885308040657", "length":2118}, "id":"ASB-A-67862680-f278169a", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/c98f06c286eb0d41f57e0a00b9f59044b9f12706", "target":{"file":"services/core/java/com/android/server/pm/PackageManagerService.java", "function":"freeStorage"}}, {"deprecated":false, "digest":{"function_hash":"220724026739935213801116183738240306443", "length":555}, "id":"ASB-A-67862680-fe4ae9e8", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/c98f06c286eb0d41f57e0a00b9f59044b9f12706", "target":{"file":"services/core/java/com/android/server/pm/PackageInstallerService.java", "function":"reconcileStagesLocked"}}]}}, {"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"12:0"}, {"fixed":"12:2022-10-01"}]}], "versions":["12"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/73d533592a754abd0f209f665c72af87ba99dd71", "https://android.googlesource.com/platform/frameworks/base/+/7cd25e1f638d3d52bf244f6f18c820ad786b3d75", "https://android.googlesource.com/platform/frameworks/base/+/c981d90b495955a946bed7113517eeb3d823c88b"], "severity":"High", "spl":"2022-10-01", "types":["DoS"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"220724026739935213801116183738240306443", "length":555}, "id":"ASB-A-67862680-331186ff", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/7cd25e1f638d3d52bf244f6f18c820ad786b3d75", "target":{"file":"services/core/java/com/android/server/pm/PackageInstallerService.java", "function":"reconcileStagesLocked"}}, {"deprecated":false, "digest":{"line_hashes":["103443190344319973973825012108605555280", "316217299384235343536784232453023533906", "221707942330579387681176571021646217006", "177449583001484930030088534623615475761"], "threshold":0.9}, "id":"ASB-A-67862680-37eb13e2", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/7cd25e1f638d3d52bf244f6f18c820ad786b3d75", "target":{"file":"services/core/java/com/android/server/pm/PackageManagerService.java"}}, {"deprecated":false, "digest":{"line_hashes":["22968990478075691637095528458948844044", "304935604944217512273695771374069683000", "171628562803422686560729299510946201548", "81491461421845956552653412657681604930"], "threshold":0.9}, "id":"ASB-A-67862680-5c249807", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/c981d90b495955a946bed7113517eeb3d823c88b", "target":{"file":"services/core/java/com/android/server/pm/PackageInstallerService.java"}}, {"deprecated":false, "digest":{"line_hashes":["60313706750921253725998757920398118851", "128839209409286695299493028545535967504", "224031725987460491461566968220000447043", "243104723397195501898965355495311790902", "155764645013897787359166779249695006000", "65284601596300055773876624228434667212", "207788746859773401556292978391996005677", "269537525648202871467085885312664657285", "99592466177856074331007684156578867769", "121710756038622164578913279598147800399", "130207987762410951472723258930684168127", "235078564691420998246240548120553881543", "117943856060304130069094321922237453938", "159747545260426523876163702384838669919", "222226010543324602698304872379985283612", "163176054255348541535607879171415433635", "11035555290304133429925253652975625397", "295645009771639691784385040617066023861", "33968605865488762450864468177925313603", "117518711027179226394727454676648118492"], "threshold":0.9}, "id":"ASB-A-67862680-60b057c4", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/7cd25e1f638d3d52bf244f6f18c820ad786b3d75", "target":{"file":"services/core/java/com/android/server/pm/PackageInstallerService.java"}}, {"deprecated":false, "digest":{"function_hash":"210904226249863099572505035061816571741", "length":518}, "id":"ASB-A-67862680-6124dd87", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/c981d90b495955a946bed7113517eeb3d823c88b", "target":{"file":"services/core/java/com/android/server/pm/PackageInstallerService.java", "function":"freeStageDirs"}}, {"deprecated":false, "digest":{"line_hashes":["338004227660095807246749487123110646145", "89798891773103175219757413764010889210", "210940050885595020927298933586179622785", "213599235908530183567312343547404551199", "340044818369486424802421154219229638348", "177213166180946678913162557585476051641", "214941011192289964308809742900582088810", "226511401344734834386059972507781067555"], "threshold":0.9}, "id":"ASB-A-67862680-9b950bca", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/7cd25e1f638d3d52bf244f6f18c820ad786b3d75", "target":{"file":"services/core/java/com/android/server/pm/PackageInstallerSession.java"}}, {"deprecated":false, "digest":{"function_hash":"143949747924792052874930382854500256644", "length":2320}, "id":"ASB-A-67862680-f00d64a0", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/7cd25e1f638d3d52bf244f6f18c820ad786b3d75", "target":{"file":"services/core/java/com/android/server/pm/PackageManagerService.java", "function":"freeStorage"}}]}}, {"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"12L:0"}, {"fixed":"12L:2022-10-01"}]}], "versions":["12L"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/18179a8762ba14c44d287e853c9a1c38a3dfdddb"], "severity":"High", "spl":"2022-10-01", "types":["DoS"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"113414859979831663084025915012778787801", "length":637}, "id":"ASB-A-67862680-9434c7fd", "match_only_versions":["12L"], "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/18179a8762ba14c44d287e853c9a1c38a3dfdddb", "target":{"file":"services/core/java/com/android/server/pm/PackageInstallerService.java", "function":"freeStageDirs"}}, {"deprecated":false, "digest":{"line_hashes":["215422298831766357161196231978496841703", "60587799949749528309586503520119010137", "149996096424998432901563271616892761077", "66398056500748621238047225346594515873"], "threshold":0.9}, "id":"ASB-A-67862680-b4270b8d", "match_only_versions":["12L"], "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/18179a8762ba14c44d287e853c9a1c38a3dfdddb", "target":{"file":"services/core/java/com/android/server/pm/PackageInstallerService.java"}}]}}], "references":[{"type":"ADVISORY", "url":"https://source.android.com/security/bulletin/2022-10-01"}, {"type":"FIX", "url":"https://android.googlesource.com/platform/frameworks/base/+/07e31dfb1efabc8110d64819f26a06e12a35e020"}]}