{"id":"ASB-A-158570769","details":"In applyPolicy of PackageManagerService.java, there is possible arbitrary command execution as System due to an unenforced protected-broadcast. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-158570769","CVE-2020-0391"],"modified":"2026-06-12T15:08:17.296522730Z","published":"2020-09-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2020-09-01"},{"type":"FIX","url":"https://android.googlesource.com/platform/frameworks/base/+/860fd4b6a2a4fe5d681bc07f2567fdc84f0d1580"}],"affected":[{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"9:0"},{"fixed":"9:2020-09-01"}]}],"versions":["9"],"ecosystem_specific":{"types":["EoP"],"spl":"2020-09-01","vanir_signatures":[{"deprecated":false,"signature_version":"v1","source":"https://android.googlesource.com/platform/frameworks/base/+/860fd4b6a2a4fe5d681bc07f2567fdc84f0d1580","id":"ASB-A-158570769-649d43ce","digest":{"length":3510,"function_hash":"299406272119259219443769710308745694672"},"signature_type":"Function","target":{"file":"services/core/java/com/android/server/pm/PackageManagerService.java","function":"applyPolicy"}},{"deprecated":false,"signature_version":"v1","source":"https://android.googlesource.com/platform/frameworks/base/+/860fd4b6a2a4fe5d681bc07f2567fdc84f0d1580","id":"ASB-A-158570769-96a96009","digest":{"threshold":0.9,"line_hashes":["29476088397626934255782681732558219891","63871891460911835576750413812945491381","72932945594333732404607200467991905441","245874843605600483921481272653366313891","238732176647902697823352846318706752228","189965108243197535006988581043124382574","328607116985240898584503504748393033284","129038796275686579837932806172424791770"]},"signature_type":"Line","target":{"file":"services/core/java/com/android/server/pm/PackageManagerService.java"}}],"severity":"High","fixes":["https://android.googlesource.com/platform/frameworks/base/+/860fd4b6a2a4fe5d681bc07f2567fdc84f0d1580"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-158570769.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"10:0"},{"fixed":"10:2020-09-01"}]}],"versions":["10"],"ecosystem_specific":{"types":["EoP"],"spl":"2020-09-01","vanir_signatures":[{"deprecated":false,"signature_version":"v1","source":"https://android.googlesource.com/platform/frameworks/base/+/860fd4b6a2a4fe5d681bc07f2567fdc84f0d1580","id":"ASB-A-158570769-506b49bd","digest":{"threshold":0.9,"line_hashes":["29476088397626934255782681732558219891","63871891460911835576750413812945491381","72932945594333732404607200467991905441","245874843605600483921481272653366313891","238732176647902697823352846318706752228","189965108243197535006988581043124382574","328607116985240898584503504748393033284","129038796275686579837932806172424791770"]},"signature_type":"Line","target":{"file":"services/core/java/com/android/server/pm/PackageManagerService.java"}},{"deprecated":false,"signature_version":"v1","source":"https://android.googlesource.com/platform/frameworks/base/+/860fd4b6a2a4fe5d681bc07f2567fdc84f0d1580","id":"ASB-A-158570769-7bd7af1d","digest":{"length":3510,"function_hash":"299406272119259219443769710308745694672"},"signature_type":"Function","target":{"file":"services/core/java/com/android/server/pm/PackageManagerService.java","function":"applyPolicy"}}],"severity":"High","fixes":["https://android.googlesource.com/platform/frameworks/base/+/860fd4b6a2a4fe5d681bc07f2567fdc84f0d1580"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-158570769.json"}}],"schema_version":"1.7.5"}