{"id":"ASB-A-196969991","details":"In onCreate of InstallCaCertificateWarning.java, there is a possible way to mislead an user about CA installation circumstances due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.","aliases":["A-196969991","CVE-2021-39669"],"modified":"2026-04-17T15:55:28.020024Z","published":"2022-02-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2022-02-01"},{"type":"FIX","url":"https://android.googlesource.com/platform/packages/apps/Settings/+/3dd874316af29ccd08d99dfea672ccd8a5d06452"}],"affected":[{"package":{"name":"platform/packages/apps/Settings","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"11:0"},{"fixed":"11:2022-02-01"}]}],"versions":["11"],"ecosystem_specific":{"spl":"2022-02-01","vanir_signatures":[{"deprecated":false,"target":{"file":"src/com/android/settings/security/InstallCaCertificateWarning.java"},"source":"https://android.googlesource.com/platform/packages/apps/Settings/+/fca5cb37486fb1072d6233670b2fd66e555b07c1","signature_version":"v1","signature_type":"Line","id":"ASB-A-196969991-82a26a49","digest":{"threshold":0.9,"line_hashes":["145984119826412137887365522958836089525","271052047774614255638688547336811261574","224193718576649971686208176432179941336","26052711315840096758655900168490125215","19758000283772949421970430401752037216","231780248116023935241289224723633017776","5963155973267531247118367759010803150","231647953475335774548604836890325105971","277782101132118132337762346633651364229","11405855597529914175509968925046682398","228846984088668657800784480770303483416","128096002704900087706872204186613580550","297765655423998637937568255368111140652"]}},{"deprecated":false,"target":{"file":"src/com/android/settings/security/InstallCaCertificateWarning.java","function":"onCreate"},"source":"https://android.googlesource.com/platform/packages/apps/Settings/+/fca5cb37486fb1072d6233670b2fd66e555b07c1","signature_version":"v1","signature_type":"Function","id":"ASB-A-196969991-bb18f3de","digest":{"length":765,"function_hash":"129563255700159500139202060907951319404"}}],"types":["EoP"],"severity":"High","fixes":["https://android.googlesource.com/platform/packages/apps/Settings/+/fca5cb37486fb1072d6233670b2fd66e555b07c1"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-196969991.json"}},{"package":{"name":"platform/packages/apps/Settings","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12:0"},{"fixed":"12:2022-02-01"}]}],"versions":["12"],"ecosystem_specific":{"spl":"2022-02-01","vanir_signatures":[{"deprecated":false,"target":{"file":"src/com/android/settings/security/InstallCaCertificateWarning.java"},"source":"https://android.googlesource.com/platform/packages/apps/Settings/+/02e8f56e67b91b0909c713bcbb949800f244b30a","signature_version":"v1","signature_type":"Line","id":"ASB-A-196969991-255e10f8","digest":{"threshold":0.9,"line_hashes":["145984119826412137887365522958836089525","123128323951627989715413380461821386545","253179951563642523207565695142790672985","68028135725796721549778570627646983169","282538426059907412126287408171392107523","231780248116023935241289224723633017776","5963155973267531247118367759010803150","231647953475335774548604836890325105971","277782101132118132337762346633651364229","11405855597529914175509968925046682398","228846984088668657800784480770303483416","128096002704900087706872204186613580550","297765655423998637937568255368111140652"]}},{"deprecated":false,"target":{"file":"src/com/android/settings/security/InstallCaCertificateWarning.java","function":"onCreate"},"source":"https://android.googlesource.com/platform/packages/apps/Settings/+/02e8f56e67b91b0909c713bcbb949800f244b30a","signature_version":"v1","signature_type":"Function","id":"ASB-A-196969991-bc89e90e","digest":{"length":929,"function_hash":"299861993106954700750925095272088265859"}}],"types":["EoP"],"severity":"High","fixes":["https://android.googlesource.com/platform/packages/apps/Settings/+/02e8f56e67b91b0909c713bcbb949800f244b30a"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-196969991.json"}}],"schema_version":"1.7.5"}