{"id":"ASB-A-195338390","details":"In createOrUpdate of Permission.java, there is a possible way to gain internal permissions due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-195338390","CVE-2021-0923"],"modified":"2026-05-22T15:55:21.353668239Z","published":"2021-11-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2021-11-01"},{"type":"FIX","url":"https://android.googlesource.com/platform/frameworks/base/+/63777c0ca8e194ab3efc51905e83b07ea0d351a9"}],"affected":[{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12:0"},{"fixed":"12:2021-11-01"}]}],"versions":["12"],"ecosystem_specific":{"types":["EoP"],"vanir_signatures":[{"signature_version":"v1","deprecated":false,"signature_type":"Function","digest":{"length":1619,"function_hash":"10398377879930122985996826165233028513"},"id":"ASB-A-195338390-106f5326","source":"https://android.googlesource.com/platform/frameworks/base/+/ce576f8f6831d46d71fb74df4e95fa36dc433e87","target":{"function":"revokeRuntimePermissionsIfPermissionDefinitionChangedInternal","file":"services/core/java/com/android/server/pm/permission/PermissionManagerService.java"}},{"target":{"function":"revokeRuntimePermissionInternal","file":"services/core/java/com/android/server/pm/permission/PermissionManagerService.java"},"signature_version":"v1","signature_type":"Function","source":"https://android.googlesource.com/platform/frameworks/base/+/ce576f8f6831d46d71fb74df4e95fa36dc433e87","id":"ASB-A-195338390-4e9a1e7e","digest":{"length":3022,"function_hash":"173310955961255058604024706731620038496"},"deprecated":false},{"target":{"file":"services/core/java/com/android/server/pm/permission/PermissionManagerService.java"},"signature_version":"v1","signature_type":"Line","source":"https://android.googlesource.com/platform/frameworks/base/+/ce576f8f6831d46d71fb74df4e95fa36dc433e87","id":"ASB-A-195338390-67426d84","digest":{"threshold":0.9,"line_hashes":["222273581131476333251158200754876163989","114525043889790144806268605988273313788","32355866003698517076087548646093884894","194614932531463864324452253302642484140","82414703211227529030403701170223469642","104314630980706397450659964061909642381","66192663707392411850494339439980666620","153695918165227233423521605332753522211","64482130110292781664011638300455111943","242901863083591288339634272987136709504","266058369859306509244983760191260860487","150198578947028193438057291642360518411","124390315483722004241672626364171039183","51326007226365411267361335414310487497","328992153803158932237137733695972051040","282548361383701040461331675301269815039","158172164881551266841965878222066981184","55648652649340219512009517599118066374","64821213720775443408314476760079419205","164620961177324021686775905883990090172","77922158108255598997812320132122134424","129809764039649965438120694068743365818"]},"deprecated":false},{"signature_type":"Line","deprecated":false,"signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["149889175907308862112246394769003122151","57126926199514680371015733813943539902","164123177424740117392696444616546638506","169909794344193229313091115174225767762"]},"id":"ASB-A-195338390-720bc642","source":"https://android.googlesource.com/platform/frameworks/base/+/ce576f8f6831d46d71fb74df4e95fa36dc433e87","target":{"file":"services/core/java/com/android/server/pm/permission/Permission.java"}},{"digest":{"length":2388,"function_hash":"250786376110665315634871076352086685974"},"signature_version":"v1","signature_type":"Function","deprecated":false,"id":"ASB-A-195338390-f4634eb6","source":"https://android.googlesource.com/platform/frameworks/base/+/ce576f8f6831d46d71fb74df4e95fa36dc433e87","target":{"function":"createOrUpdate","file":"services/core/java/com/android/server/pm/permission/Permission.java"}}],"severity":"High","fixes":["https://android.googlesource.com/platform/frameworks/base/+/ce576f8f6831d46d71fb74df4e95fa36dc433e87"],"spl":"2021-11-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-195338390.json"}}],"schema_version":"1.7.5"}