{"id":"ASB-A-176168330","details":"In setPlayPolicy of DrmPlugin.cpp, there is a possible double free. This could lead to local escalation of privilege in a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-176168330","CVE-2021-0437"],"modified":"2026-04-17T15:55:28.020024Z","published":"2021-04-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2021-04-01"},{"type":"FIX","url":"https://android.googlesource.com/platform/frameworks/av/+/e5bfb560a63daedbe1adf8bf41a20b572654f999"}],"affected":[{"package":{"name":"platform/frameworks/av","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"8.1:0"},{"fixed":"8.1:2021-04-01"}]}],"versions":["8.1"],"ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/av/+/a9249b2326cc16daf70beba36599e4c7e0e7c78b"],"severity":"High","types":["EoP"],"spl":"2021-04-01","vanir_signatures":[{"deprecated":false,"target":{"file":"drm/mediadrm/plugins/clearkey/DrmPlugin.cpp"},"id":"ASB-A-176168330-1bdba625","signature_version":"v1","signature_type":"Line","digest":{"line_hashes":["277647654049701842040020005981209239669","337347291428038009262703958042350551546","196332965495035693018918631873566770255","189936730275673973623392274714615070163"],"threshold":0.9},"source":"https://android.googlesource.com/platform/frameworks/av/+/a9249b2326cc16daf70beba36599e4c7e0e7c78b"},{"deprecated":false,"target":{"function":"DrmPlugin::setPlayPolicy","file":"drm/mediadrm/plugins/clearkey/DrmPlugin.cpp"},"id":"ASB-A-176168330-9fa53781","signature_version":"v1","signature_type":"Function","digest":{"function_hash":"124138467999583343896901194253437870339","length":231},"source":"https://android.googlesource.com/platform/frameworks/av/+/a9249b2326cc16daf70beba36599e4c7e0e7c78b"},{"deprecated":false,"target":{"file":"drm/mediadrm/plugins/clearkey/DrmPlugin.h"},"id":"ASB-A-176168330-b9d5ae52","signature_version":"v1","signature_type":"Line","digest":{"line_hashes":["170244612005113653958448783710832646932","36514416101165267035447270469753156359","235410787370684821809467340523965782734"],"threshold":0.9},"source":"https://android.googlesource.com/platform/frameworks/av/+/a9249b2326cc16daf70beba36599e4c7e0e7c78b"}]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-176168330.json"}},{"package":{"name":"platform/frameworks/av","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"9:0"},{"fixed":"9:2021-04-01"}]}],"versions":["9"],"ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/av/+/537144f77baad847d2c30be6436f94c917019e68"],"severity":"High","types":["EoP"],"spl":"2021-04-01","vanir_signatures":[{"deprecated":false,"target":{"file":"drm/mediadrm/plugins/clearkey/hidl/include/DrmPlugin.h"},"id":"ASB-A-176168330-41a70587","signature_version":"v1","signature_type":"Line","digest":{"line_hashes":["169648599502661296743590468667359412197","33339084550268418099872279509095153154","67897421153668916790469023000869426232","281979207586001694269462710533996401906"],"threshold":0.9},"source":"https://android.googlesource.com/platform/frameworks/av/+/537144f77baad847d2c30be6436f94c917019e68"},{"deprecated":false,"target":{"function":"DrmPlugin::setPlayPolicy","file":"drm/mediadrm/plugins/clearkey/hidl/DrmPlugin.cpp"},"id":"ASB-A-176168330-682e72af","signature_version":"v1","signature_type":"Function","digest":{"function_hash":"274556351059384776444078742130507726642","length":335},"source":"https://android.googlesource.com/platform/frameworks/av/+/537144f77baad847d2c30be6436f94c917019e68"},{"deprecated":false,"target":{"file":"drm/mediadrm/plugins/clearkey/default/DrmPlugin.cpp"},"id":"ASB-A-176168330-9380f2d7","signature_version":"v1","signature_type":"Line","digest":{"line_hashes":["277647654049701842040020005981209239669","337347291428038009262703958042350551546","196332965495035693018918631873566770255","189936730275673973623392274714615070163"],"threshold":0.9},"source":"https://android.googlesource.com/platform/frameworks/av/+/537144f77baad847d2c30be6436f94c917019e68"},{"deprecated":false,"target":{"function":"DrmPlugin::setPlayPolicy","file":"drm/mediadrm/plugins/clearkey/default/DrmPlugin.cpp"},"id":"ASB-A-176168330-ca305bf1","signature_version":"v1","signature_type":"Function","digest":{"function_hash":"124138467999583343896901194253437870339","length":231},"source":"https://android.googlesource.com/platform/frameworks/av/+/537144f77baad847d2c30be6436f94c917019e68"},{"deprecated":false,"target":{"file":"drm/mediadrm/plugins/clearkey/default/include/DrmPlugin.h"},"id":"ASB-A-176168330-d7f94d3b","signature_version":"v1","signature_type":"Line","digest":{"line_hashes":["40082905586839198296219594114499650548","260664228714579787593196633106299609915","25979424795661982874646665990172843558"],"threshold":0.9},"source":"https://android.googlesource.com/platform/frameworks/av/+/537144f77baad847d2c30be6436f94c917019e68"},{"deprecated":false,"target":{"file":"drm/mediadrm/plugins/clearkey/hidl/DrmPlugin.cpp"},"id":"ASB-A-176168330-eaf65a1e","signature_version":"v1","signature_type":"Line","digest":{"line_hashes":["62576416525505753232022194455009544291","330390870087450857971640968923587556379","80007568828424234879321150184775543567","207337967305905475310422429600507984517"],"threshold":0.9},"source":"https://android.googlesource.com/platform/frameworks/av/+/537144f77baad847d2c30be6436f94c917019e68"}]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-176168330.json"}},{"package":{"name":"platform/frameworks/av","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"10:0"},{"fixed":"10:2021-04-01"}]}],"versions":["10"],"ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/av/+/4b86f1dbae158737cd05aa4d5b5634985534cfc3"],"severity":"High","types":["EoP"],"spl":"2021-04-01","vanir_signatures":[{"deprecated":false,"target":{"file":"drm/mediadrm/plugins/clearkey/default/DrmPlugin.cpp"},"id":"ASB-A-176168330-07edb153","signature_version":"v1","signature_type":"Line","digest":{"line_hashes":["277647654049701842040020005981209239669","337347291428038009262703958042350551546","196332965495035693018918631873566770255","189936730275673973623392274714615070163"],"threshold":0.9},"source":"https://android.googlesource.com/platform/frameworks/av/+/4b86f1dbae158737cd05aa4d5b5634985534cfc3"},{"deprecated":false,"target":{"file":"drm/mediadrm/plugins/clearkey/default/include/DrmPlugin.h"},"id":"ASB-A-176168330-424bb338","signature_version":"v1","signature_type":"Line","digest":{"line_hashes":["40082905586839198296219594114499650548","260664228714579787593196633106299609915","25979424795661982874646665990172843558"],"threshold":0.9},"source":"https://android.googlesource.com/platform/frameworks/av/+/4b86f1dbae158737cd05aa4d5b5634985534cfc3"},{"deprecated":false,"target":{"file":"drm/mediadrm/plugins/clearkey/hidl/DrmPlugin.cpp"},"id":"ASB-A-176168330-4ddbab61","signature_version":"v1","signature_type":"Line","digest":{"line_hashes":["62576416525505753232022194455009544291","330390870087450857971640968923587556379","80007568828424234879321150184775543567","207337967305905475310422429600507984517"],"threshold":0.9},"source":"https://android.googlesource.com/platform/frameworks/av/+/4b86f1dbae158737cd05aa4d5b5634985534cfc3"},{"deprecated":false,"target":{"function":"DrmPlugin::setPlayPolicy","file":"drm/mediadrm/plugins/clearkey/hidl/DrmPlugin.cpp"},"id":"ASB-A-176168330-7ff2beae","signature_version":"v1","signature_type":"Function","digest":{"function_hash":"274556351059384776444078742130507726642","length":335},"source":"https://android.googlesource.com/platform/frameworks/av/+/4b86f1dbae158737cd05aa4d5b5634985534cfc3"},{"deprecated":false,"target":{"file":"drm/mediadrm/plugins/clearkey/hidl/include/DrmPlugin.h"},"id":"ASB-A-176168330-90b00c80","signature_version":"v1","signature_type":"Line","digest":{"line_hashes":["169648599502661296743590468667359412197","49413613621428604505109545668770011988","192136308895045508117751610558866491637","260394573606572283555677481056013696668"],"threshold":0.9},"source":"https://android.googlesource.com/platform/frameworks/av/+/4b86f1dbae158737cd05aa4d5b5634985534cfc3"},{"deprecated":false,"target":{"function":"DrmPlugin::setPlayPolicy","file":"drm/mediadrm/plugins/clearkey/default/DrmPlugin.cpp"},"id":"ASB-A-176168330-e18d3f0c","signature_version":"v1","signature_type":"Function","digest":{"function_hash":"124138467999583343896901194253437870339","length":231},"source":"https://android.googlesource.com/platform/frameworks/av/+/4b86f1dbae158737cd05aa4d5b5634985534cfc3"}]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-176168330.json"}},{"package":{"name":"platform/frameworks/av","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"11:0"},{"fixed":"11:2021-04-01"}]}],"versions":["11"],"ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/av/+/4b86f1dbae158737cd05aa4d5b5634985534cfc3"],"severity":"High","types":["EoP"],"spl":"2021-04-01","vanir_signatures":[{"deprecated":false,"target":{"function":"DrmPlugin::setPlayPolicy","file":"drm/mediadrm/plugins/clearkey/hidl/DrmPlugin.cpp"},"id":"ASB-A-176168330-164c66ef","signature_version":"v1","signature_type":"Function","digest":{"function_hash":"274556351059384776444078742130507726642","length":335},"source":"https://android.googlesource.com/platform/frameworks/av/+/4b86f1dbae158737cd05aa4d5b5634985534cfc3"},{"deprecated":false,"target":{"file":"drm/mediadrm/plugins/clearkey/default/include/DrmPlugin.h"},"id":"ASB-A-176168330-28781619","signature_version":"v1","signature_type":"Line","digest":{"line_hashes":["40082905586839198296219594114499650548","260664228714579787593196633106299609915","25979424795661982874646665990172843558"],"threshold":0.9},"source":"https://android.googlesource.com/platform/frameworks/av/+/4b86f1dbae158737cd05aa4d5b5634985534cfc3"},{"deprecated":false,"target":{"function":"DrmPlugin::setPlayPolicy","file":"drm/mediadrm/plugins/clearkey/default/DrmPlugin.cpp"},"id":"ASB-A-176168330-2896e25f","signature_version":"v1","signature_type":"Function","digest":{"function_hash":"124138467999583343896901194253437870339","length":231},"source":"https://android.googlesource.com/platform/frameworks/av/+/4b86f1dbae158737cd05aa4d5b5634985534cfc3"},{"deprecated":false,"target":{"file":"drm/mediadrm/plugins/clearkey/hidl/DrmPlugin.cpp"},"id":"ASB-A-176168330-6a949dd8","signature_version":"v1","signature_type":"Line","digest":{"line_hashes":["62576416525505753232022194455009544291","330390870087450857971640968923587556379","80007568828424234879321150184775543567","207337967305905475310422429600507984517"],"threshold":0.9},"source":"https://android.googlesource.com/platform/frameworks/av/+/4b86f1dbae158737cd05aa4d5b5634985534cfc3"},{"deprecated":false,"target":{"file":"drm/mediadrm/plugins/clearkey/hidl/include/DrmPlugin.h"},"id":"ASB-A-176168330-9b94a4e4","signature_version":"v1","signature_type":"Line","digest":{"line_hashes":["169648599502661296743590468667359412197","49413613621428604505109545668770011988","192136308895045508117751610558866491637","260394573606572283555677481056013696668"],"threshold":0.9},"source":"https://android.googlesource.com/platform/frameworks/av/+/4b86f1dbae158737cd05aa4d5b5634985534cfc3"},{"deprecated":false,"target":{"file":"drm/mediadrm/plugins/clearkey/default/DrmPlugin.cpp"},"id":"ASB-A-176168330-f2e5e754","signature_version":"v1","signature_type":"Line","digest":{"line_hashes":["277647654049701842040020005981209239669","337347291428038009262703958042350551546","196332965495035693018918631873566770255","189936730275673973623392274714615070163"],"threshold":0.9},"source":"https://android.googlesource.com/platform/frameworks/av/+/4b86f1dbae158737cd05aa4d5b5634985534cfc3"}]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-176168330.json"}}],"schema_version":"1.7.5"}