{"id":"ASB-A-193790350","details":"In ~Impl of C2AllocatorIon.cpp, there is a possible out of bounds read due to a use after free. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.","aliases":["A-193790350","CVE-2021-39803"],"modified":"2026-05-26T15:46:26.044149249Z","published":"2022-04-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2022-04-01"},{"type":"FIX","url":"https://android.googlesource.com/platform/frameworks/av/+/4b93da988f02c652f3429661f9a9859fa1c1ea0a"}],"affected":[{"package":{"name":"platform/frameworks/av","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"10:0"},{"fixed":"10:2022-04-01"}]}],"versions":["10"],"ecosystem_specific":{"vanir_signatures":[{"source":"https://android.googlesource.com/platform/frameworks/av/+/ac5f5cade22029ffada814347500535a368d88d9","deprecated":false,"digest":{"threshold":0.9,"line_hashes":["39997725199372059577550694964669424809","273063931939842850401049194650282175628","23635781807921844450053971616494484260","79833116189996246325763992945216508705","122504346484478287434413399803169473137","282596664588746285551602688336961958615","304059659473115756915233644411737299832","123801798367134975462997417348237060122","314686063585001825113132334808958923677","195903363165327730377140988313203592017","316461725082244718898528055752115183257","66275611729325449737339854251446508253","274283264904369067223163265774635421682","154925317047249732204408814864411678525","93064771771212267697144890968037783838","54456604817051958429238255474257769216","4415980063983488735625236013337988711","121665763636476463751885739650815948483","63908884897072704198123042693509587337","19985124781375086165144574996702862129","136847701873993135194624429221300571733","263016725820583220635591645880946986040","337062871888618167084664621384105313237","242604353954162070547450642583046068316","156310894629892543309019154915813841814","11584878628880323870927814561550416871","264916801351005653970177793585135920505","324916189533104502194359447110009875807","298304806127997440014602776602130529632","124325789932757898411036688471256543692","318304630998875668424512610947930899267"]},"signature_version":"v1","signature_type":"Line","id":"ASB-A-193790350-2106de8c","target":{"file":"media/codec2/vndk/C2AllocatorIon.cpp"}}],"fixes":["https://android.googlesource.com/platform/frameworks/av/+/ac5f5cade22029ffada814347500535a368d88d9"],"types":["ID"],"severity":"High","spl":"2022-04-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-193790350.json"}},{"package":{"name":"platform/frameworks/av","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"11:0"},{"fixed":"11:2022-04-01"}]}],"versions":["11"],"ecosystem_specific":{"spl":"2022-04-01","fixes":["https://android.googlesource.com/platform/frameworks/av/+/416da6e8da6b6a16c5c00bddd9fbc7a5f060cd58"],"types":["ID"],"severity":"High","vanir_signatures":[{"digest":{"threshold":0.9,"line_hashes":["39997725199372059577550694964669424809","273063931939842850401049194650282175628","23635781807921844450053971616494484260","79833116189996246325763992945216508705","122504346484478287434413399803169473137","282596664588746285551602688336961958615","304059659473115756915233644411737299832","123801798367134975462997417348237060122","314686063585001825113132334808958923677","195903363165327730377140988313203592017","316461725082244718898528055752115183257","66275611729325449737339854251446508253","274283264904369067223163265774635421682","154925317047249732204408814864411678525","93064771771212267697144890968037783838","54456604817051958429238255474257769216","4415980063983488735625236013337988711","121665763636476463751885739650815948483","201169086221429799773184087444789434386","242490286077537834776466743498273079701","68494283354012933943687583105914507292","111695304500474698755220168894222327492","337062871888618167084664621384105313237","242604353954162070547450642583046068316","156310894629892543309019154915813841814","11584878628880323870927814561550416871","264916801351005653970177793585135920505","324916189533104502194359447110009875807","298304806127997440014602776602130529632","124325789932757898411036688471256543692","318304630998875668424512610947930899267"]},"deprecated":false,"source":"https://android.googlesource.com/platform/frameworks/av/+/416da6e8da6b6a16c5c00bddd9fbc7a5f060cd58","signature_type":"Line","id":"ASB-A-193790350-a1c48a58","target":{"file":"media/codec2/vndk/C2AllocatorIon.cpp"},"signature_version":"v1"}]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-193790350.json"}},{"package":{"name":"platform/frameworks/av","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12:0"},{"fixed":"12:2022-04-01"}]}],"versions":["12"],"ecosystem_specific":{"spl":"2022-04-01","fixes":["https://android.googlesource.com/platform/frameworks/av/+/416da6e8da6b6a16c5c00bddd9fbc7a5f060cd58"],"types":["ID"],"severity":"High","vanir_signatures":[{"source":"https://android.googlesource.com/platform/frameworks/av/+/416da6e8da6b6a16c5c00bddd9fbc7a5f060cd58","deprecated":false,"digest":{"threshold":0.9,"line_hashes":["39997725199372059577550694964669424809","273063931939842850401049194650282175628","23635781807921844450053971616494484260","79833116189996246325763992945216508705","122504346484478287434413399803169473137","282596664588746285551602688336961958615","304059659473115756915233644411737299832","123801798367134975462997417348237060122","314686063585001825113132334808958923677","195903363165327730377140988313203592017","316461725082244718898528055752115183257","66275611729325449737339854251446508253","274283264904369067223163265774635421682","154925317047249732204408814864411678525","93064771771212267697144890968037783838","54456604817051958429238255474257769216","4415980063983488735625236013337988711","121665763636476463751885739650815948483","201169086221429799773184087444789434386","242490286077537834776466743498273079701","68494283354012933943687583105914507292","111695304500474698755220168894222327492","337062871888618167084664621384105313237","242604353954162070547450642583046068316","156310894629892543309019154915813841814","11584878628880323870927814561550416871","264916801351005653970177793585135920505","324916189533104502194359447110009875807","298304806127997440014602776602130529632","124325789932757898411036688471256543692","318304630998875668424512610947930899267"]},"target":{"file":"media/codec2/vndk/C2AllocatorIon.cpp"},"signature_version":"v1","signature_type":"Line","id":"ASB-A-193790350-14792537"}]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-193790350.json"}},{"package":{"name":"platform/frameworks/av","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12L:0"},{"fixed":"12L:2022-04-01"}]}],"versions":["12L"],"ecosystem_specific":{"spl":"2022-04-01","fixes":["https://android.googlesource.com/platform/frameworks/av/+/416da6e8da6b6a16c5c00bddd9fbc7a5f060cd58"],"types":["ID"],"severity":"High","vanir_signatures":[{"digest":{"threshold":0.9,"line_hashes":["39997725199372059577550694964669424809","273063931939842850401049194650282175628","23635781807921844450053971616494484260","79833116189996246325763992945216508705","122504346484478287434413399803169473137","282596664588746285551602688336961958615","304059659473115756915233644411737299832","123801798367134975462997417348237060122","314686063585001825113132334808958923677","195903363165327730377140988313203592017","316461725082244718898528055752115183257","66275611729325449737339854251446508253","274283264904369067223163265774635421682","154925317047249732204408814864411678525","93064771771212267697144890968037783838","54456604817051958429238255474257769216","4415980063983488735625236013337988711","121665763636476463751885739650815948483","201169086221429799773184087444789434386","242490286077537834776466743498273079701","68494283354012933943687583105914507292","111695304500474698755220168894222327492","337062871888618167084664621384105313237","242604353954162070547450642583046068316","156310894629892543309019154915813841814","11584878628880323870927814561550416871","264916801351005653970177793585135920505","324916189533104502194359447110009875807","298304806127997440014602776602130529632","124325789932757898411036688471256543692","318304630998875668424512610947930899267"]},"deprecated":false,"source":"https://android.googlesource.com/platform/frameworks/av/+/416da6e8da6b6a16c5c00bddd9fbc7a5f060cd58","target":{"file":"media/codec2/vndk/C2AllocatorIon.cpp"},"signature_version":"v1","signature_type":"Line","id":"ASB-A-193790350-b9c6696c"}]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-193790350.json"}}],"schema_version":"1.7.5"}