{"id":"ASB-A-197302116","details":"In checkUriPermission of MediaProvider.java , there is a possible way to gain access to the content of media provider collections due to a missing permission check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-197302116","CVE-2021-39662"],"modified":"2026-05-22T15:55:21.353668239Z","published":"2022-05-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2022-05-01"},{"type":"FIX","url":"https://android.googlesource.com/platform/packages/providers/MediaProvider/+/76f725361312644461b9021380ba4d0d9d32108e"}],"affected":[{"package":{"name":"platform/packages/providers/MediaProvider","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"11:0"},{"fixed":"11:2022-05-01"}]}],"versions":["11"],"ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/packages/providers/MediaProvider/+/a728dfa19c2601b576a718fd9f79916bccd07c0e"],"vanir_signatures":[{"id":"ASB-A-197302116-8466e10a","signature_type":"Function","signature_version":"v1","digest":{"length":706,"function_hash":"4474091377632993188748744114478412065"},"target":{"file":"src/com/android/providers/media/MediaProvider.java","function":"checkCallingPermissionGlobal"},"deprecated":false,"source":"https://android.googlesource.com/platform/packages/providers/MediaProvider/+/a728dfa19c2601b576a718fd9f79916bccd07c0e"},{"id":"ASB-A-197302116-bed77eec","source":"https://android.googlesource.com/platform/packages/providers/MediaProvider/+/a728dfa19c2601b576a718fd9f79916bccd07c0e","signature_version":"v1","signature_type":"Line","target":{"file":"src/com/android/providers/media/MediaProvider.java"},"deprecated":false,"digest":{"line_hashes":["25127089540446830365776893669670367074","52654365560282741827295200764621425196","26300234619064364160552495580696396765","234892767815313923050612973569646278697"],"threshold":0.9}}],"spl":"2022-05-01","types":["EoP"],"severity":"High"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-197302116.json"}},{"package":{"name":"platform/packages/providers/MediaProvider","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12:0"},{"fixed":"12:2022-05-01"}]}],"versions":["12"],"ecosystem_specific":{"severity":"High","vanir_signatures":[{"id":"ASB-A-197302116-82cb918e","source":"https://android.googlesource.com/platform/packages/providers/MediaProvider/+/76f725361312644461b9021380ba4d0d9d32108e","signature_version":"v1","signature_type":"Function","target":{"file":"src/com/android/providers/media/MediaProvider.java","function":"checkCallingPermissionGlobal"},"deprecated":false,"digest":{"length":473,"function_hash":"77917397673266524374997186027548272186"}},{"id":"ASB-A-197302116-9d38cdcb","signature_type":"Line","signature_version":"v1","digest":{"line_hashes":["179488332357500760464235199868250000541","187478289198325735826983537232858024645","120491782560672794494210877229389813743","92600504435141915104528076797454285329","127963006318052941156864521487158640799","73548561541516981385917645259986818141","285244454391137702933056196617636423388","266185567679167196513501867627317679055","182525984290406380742302441291159798810","68813998502226990251331405337490877221","8323709720999923258340560131546100764","58667546572850305526766049867153733009","186725081679960081437720087514013561272","226549758348081416692860462691351302638","25127089540446830365776893669670367074","52654365560282741827295200764621425196","170003878977492606213118720174031857260","155206640671181671793224228347242975948"],"threshold":0.9},"target":{"file":"src/com/android/providers/media/MediaProvider.java"},"deprecated":false,"source":"https://android.googlesource.com/platform/packages/providers/MediaProvider/+/76f725361312644461b9021380ba4d0d9d32108e"},{"id":"ASB-A-197302116-e8214d8c","signature_type":"Function","signature_version":"v1","digest":{"length":1361,"function_hash":"265008385440246623604938998864186753709"},"target":{"file":"src/com/android/providers/media/MediaProvider.java","function":"checkUriPermission"},"deprecated":false,"source":"https://android.googlesource.com/platform/packages/providers/MediaProvider/+/76f725361312644461b9021380ba4d0d9d32108e"}],"spl":"2022-05-01","types":["EoP"],"fixes":["https://android.googlesource.com/platform/packages/providers/MediaProvider/+/76f725361312644461b9021380ba4d0d9d32108e"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-197302116.json"}}],"schema_version":"1.7.5"}