{"id":"ASB-A-197399948","details":"In updatePackageMappingsData of UsageStatsService.java, there is a possible way to bypass security and privacy settings of app usage due to an unusual root cause. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-197399948","CVE-2021-39619"],"modified":"2026-05-22T15:55:21.353668239Z","published":"2022-02-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2022-02-01"},{"type":"FIX","url":"https://android.googlesource.com/platform/frameworks/base/+/a70c46b8a5ac697c87017f9c3fdebb03d3cc0292"}],"affected":[{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"11:0"},{"fixed":"11:2022-02-01"}]}],"versions":["11"],"ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/d95ce6779da8410c5835385cb5785fb5b3a51d83","https://android.googlesource.com/platform/frameworks/base/+/b5fa0a6c5e96c420c1f6d808be603c4579f9a1ba"],"severity":"High","vanir_signatures":[{"id":"ASB-A-197399948-263482e7","target":{"file":"services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java"},"deprecated":false,"digest":{"line_hashes":["161288774986468459565598269355725474126","329396616622648099673251094480453682320","82919312261015283337183742791808614994","284289165421573062469083324324379657460"],"threshold":0.9},"signature_version":"v1","signature_type":"Line","source":"https://android.googlesource.com/platform/frameworks/base/+/b5fa0a6c5e96c420c1f6d808be603c4579f9a1ba"},{"id":"ASB-A-197399948-319aceca","target":{"file":"services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java"},"digest":{"line_hashes":["295747577431459138783214723720080232905","284102654686353315162191421088996306752","205811105208257373080435321540328406603","24006742917773354257830731092932731825"],"threshold":0.9},"deprecated":false,"signature_version":"v1","signature_type":"Line","source":"https://android.googlesource.com/platform/frameworks/base/+/d95ce6779da8410c5835385cb5785fb5b3a51d83"},{"id":"ASB-A-197399948-492d3891","target":{"file":"services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java","function":"getProfileOwnerOrDeviceOwnerSupervisionComponent"},"digest":{"function_hash":"64069718129752272757733867112281767204","length":548},"deprecated":false,"signature_type":"Function","signature_version":"v1","source":"https://android.googlesource.com/platform/frameworks/base/+/b5fa0a6c5e96c420c1f6d808be603c4579f9a1ba"},{"id":"ASB-A-197399948-6fb884aa","target":{"file":"services/usage/java/com/android/server/usage/UsageStatsService.java","function":"onUserUnlocked"},"digest":{"function_hash":"50669996759498033534389717371549312843","length":1078},"deprecated":false,"signature_version":"v1","signature_type":"Function","source":"https://android.googlesource.com/platform/frameworks/base/+/d95ce6779da8410c5835385cb5785fb5b3a51d83"},{"id":"ASB-A-197399948-79139123","target":{"file":"services/usage/java/com/android/server/usage/UsageStatsService.java"},"deprecated":false,"digest":{"line_hashes":["15739382261802027219805524109958553171","83055523982731680864442203307070783829","249381843647272814530559664511844422731","143445173573346503148343587426827100370","225465234577136177189757495045717378526","226899043618569941573107987308122350282","51983829634456079565805743014984841708","244849471679284245038178134250138285525","218820991025253401821410482186891620670","331949163597479799158265316572296283876","39186085366517114522806795243763238682","15633697030816666283926675216609553680","228090997483910925565025739251462788499","197745402981386281872755660143205306586","239363138978407201000673741134613025674","256963025264698054208211999444657656656","31315585709597617104668309672027895373","106201848419137870731740730809753017104","267364722753785665518956730195524321916","99564816612558946276983966100947043631","300474009991802540557028093826625215306","322468563243676142441922248531886555564","211940618594829629862818398484546639629","416264071013621142915355892345999272","243716861918668127527609794798764688213","273720738432000563901986357892796216409","60942699856907583210476725975665242144","171733751866352277524439972633375272027","302855100772343148077561813406514953986","79889171199037347484830656693083135322"],"threshold":0.9},"signature_version":"v1","signature_type":"Line","source":"https://android.googlesource.com/platform/frameworks/base/+/d95ce6779da8410c5835385cb5785fb5b3a51d83"},{"id":"ASB-A-197399948-887a32b5","target":{"file":"core/java/android/app/admin/DevicePolicyManagerInternal.java"},"digest":{"line_hashes":["336200022059160673240919356441507459810","36906959071589781806062529309887947352","233643822989951525812035392603806752462","166409102187358587779608842692043076865"],"threshold":0.9},"deprecated":false,"signature_version":"v1","signature_type":"Line","source":"https://android.googlesource.com/platform/frameworks/base/+/d95ce6779da8410c5835385cb5785fb5b3a51d83"},{"id":"ASB-A-197399948-957ff780","target":{"file":"services/usage/java/com/android/server/usage/UserUsageStatsService.java"},"deprecated":false,"digest":{"line_hashes":["294000136547875564545556699428084151041","211297050413554240476058039634847173079","143313904946101124634068262691300295460","255571295653408443153054036156108007627","334925152493268290078990351438316343278","213753662072708839768878308899966299679","28955006826260217234658032458366402310","265849404837441911542066898713137355573","248196663749833259145235904742724346881","105752448507465380360905222333222051508","109576485519562356834803063396979496656"],"threshold":0.9},"signature_version":"v1","signature_type":"Line","source":"https://android.googlesource.com/platform/frameworks/base/+/d95ce6779da8410c5835385cb5785fb5b3a51d83"},{"id":"ASB-A-197399948-a1b312bc","target":{"file":"services/usage/java/com/android/server/usage/UsageStatsService.java","function":"updatePackageMappingsData"},"digest":{"function_hash":"102687475184540260045167994145509247762","length":336},"deprecated":false,"signature_version":"v1","signature_type":"Function","source":"https://android.googlesource.com/platform/frameworks/base/+/d95ce6779da8410c5835385cb5785fb5b3a51d83"},{"id":"ASB-A-197399948-a665c563","target":{"file":"services/usage/java/com/android/server/usage/UsageStatsService.java","function":"onPackageRemoved"},"digest":{"function_hash":"221615865002871341262882931611708328409","length":173},"deprecated":false,"signature_version":"v1","signature_type":"Function","source":"https://android.googlesource.com/platform/frameworks/base/+/d95ce6779da8410c5835385cb5785fb5b3a51d83"},{"id":"ASB-A-197399948-aaa12215","target":{"file":"services/usage/java/com/android/server/usage/UserUsageStatsService.java","function":"readPackageMappingsLocked"},"digest":{"function_hash":"281705368494756598023915314414454137099","length":129},"deprecated":false,"signature_version":"v1","signature_type":"Function","source":"https://android.googlesource.com/platform/frameworks/base/+/d95ce6779da8410c5835385cb5785fb5b3a51d83"},{"id":"ASB-A-197399948-df25a0a0","target":{"file":"services/usage/java/com/android/server/usage/UserUsageStatsService.java","function":"init"},"digest":{"function_hash":"126774655612492578839911798546135594086","length":1030},"deprecated":false,"signature_version":"v1","signature_type":"Function","source":"https://android.googlesource.com/platform/frameworks/base/+/d95ce6779da8410c5835385cb5785fb5b3a51d83"},{"id":"ASB-A-197399948-e27a7867","target":{"file":"services/usage/java/com/android/server/usage/UsageStatsService.java","function":"initializeUserUsageStatsServiceLocked"},"digest":{"function_hash":"43948881933829829712620205739512579887","length":559},"deprecated":false,"signature_version":"v1","signature_type":"Function","source":"https://android.googlesource.com/platform/frameworks/base/+/d95ce6779da8410c5835385cb5785fb5b3a51d83"}],"spl":"2022-02-01","types":["EoP"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-197399948.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12:0"},{"fixed":"12:2022-02-01"}]}],"versions":["12"],"ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/157fbcfbe4b38075391aef5b4977d45702a06936"],"severity":"High","vanir_signatures":[{"id":"ASB-A-197399948-034f8b90","target":{"file":"services/usage/java/com/android/server/usage/UsageStatsService.java","function":"onPackageRemoved"},"digest":{"function_hash":"221615865002871341262882931611708328409","length":173},"deprecated":false,"signature_version":"v1","signature_type":"Function","source":"https://android.googlesource.com/platform/frameworks/base/+/157fbcfbe4b38075391aef5b4977d45702a06936"},{"id":"ASB-A-197399948-4b90d552","target":{"file":"services/usage/java/com/android/server/usage/UserUsageStatsService.java","function":"readPackageMappingsLocked"},"digest":{"function_hash":"281705368494756598023915314414454137099","length":129},"deprecated":false,"signature_version":"v1","signature_type":"Function","source":"https://android.googlesource.com/platform/frameworks/base/+/157fbcfbe4b38075391aef5b4977d45702a06936"},{"id":"ASB-A-197399948-50313b31","target":{"file":"services/usage/java/com/android/server/usage/UserUsageStatsService.java","function":"init"},"digest":{"function_hash":"126774655612492578839911798546135594086","length":1030},"deprecated":false,"signature_version":"v1","signature_type":"Function","source":"https://android.googlesource.com/platform/frameworks/base/+/157fbcfbe4b38075391aef5b4977d45702a06936"},{"id":"ASB-A-197399948-56f35fea","target":{"file":"services/usage/java/com/android/server/usage/UsageStatsService.java","function":"initializeUserUsageStatsServiceLocked"},"digest":{"function_hash":"43948881933829829712620205739512579887","length":559},"deprecated":false,"signature_version":"v1","signature_type":"Function","source":"https://android.googlesource.com/platform/frameworks/base/+/157fbcfbe4b38075391aef5b4977d45702a06936"},{"id":"ASB-A-197399948-5e7a2dcd","target":{"file":"core/java/android/app/admin/DevicePolicyManagerInternal.java"},"digest":{"line_hashes":["223646346993315910025240562215812420112","110703602815063758305781773348771812583","162588307292105271166375227178807872428","220240408338143051924735606130638831438"],"threshold":0.9},"deprecated":false,"signature_version":"v1","signature_type":"Line","source":"https://android.googlesource.com/platform/frameworks/base/+/157fbcfbe4b38075391aef5b4977d45702a06936"},{"id":"ASB-A-197399948-776a0c56","target":{"file":"services/usage/java/com/android/server/usage/UsageStatsService.java","function":"onUserUnlocked"},"deprecated":false,"digest":{"function_hash":"267254102727102143179115606751468653269","length":1071},"signature_version":"v1","signature_type":"Function","source":"https://android.googlesource.com/platform/frameworks/base/+/157fbcfbe4b38075391aef5b4977d45702a06936"},{"id":"ASB-A-197399948-8683d7a6","target":{"file":"services/usage/java/com/android/server/usage/UserUsageStatsService.java"},"digest":{"line_hashes":["294000136547875564545556699428084151041","211297050413554240476058039634847173079","143313904946101124634068262691300295460","255571295653408443153054036156108007627","334925152493268290078990351438316343278","213753662072708839768878308899966299679","28955006826260217234658032458366402310","265849404837441911542066898713137355573","248196663749833259145235904742724346881","105752448507465380360905222333222051508","109576485519562356834803063396979496656"],"threshold":0.9},"deprecated":false,"signature_version":"v1","signature_type":"Line","source":"https://android.googlesource.com/platform/frameworks/base/+/157fbcfbe4b38075391aef5b4977d45702a06936"},{"id":"ASB-A-197399948-8f282f12","target":{"file":"services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java"},"digest":{"line_hashes":["295747577431459138783214723720080232905","280439223326171210138082892347267803714","57239724231739173197057376658607875646","168335576442741944574395425002770237373"],"threshold":0.9},"deprecated":false,"signature_version":"v1","signature_type":"Line","source":"https://android.googlesource.com/platform/frameworks/base/+/157fbcfbe4b38075391aef5b4977d45702a06936"},{"id":"ASB-A-197399948-b21db239","target":{"file":"services/usage/java/com/android/server/usage/UsageStatsService.java","function":"updatePackageMappingsData"},"deprecated":false,"digest":{"function_hash":"102687475184540260045167994145509247762","length":336},"signature_version":"v1","signature_type":"Function","source":"https://android.googlesource.com/platform/frameworks/base/+/157fbcfbe4b38075391aef5b4977d45702a06936"},{"id":"ASB-A-197399948-eb5123cd","target":{"file":"services/usage/java/com/android/server/usage/UsageStatsService.java"},"digest":{"line_hashes":["15739382261802027219805524109958553171","83055523982731680864442203307070783829","221589340389745726470519205209280265657","101513283102489886137992453619082761320","225465234577136177189757495045717378526","210564825910831840877352262484962317423","106433831250179573380334664304378785811","168111487789716588099930351368084743894","218820991025253401821410482186891620670","331949163597479799158265316572296283876","39186085366517114522806795243763238682","15633697030816666283926675216609553680","228090997483910925565025739251462788499","197745402981386281872755660143205306586","239363138978407201000673741134613025674","256963025264698054208211999444657656656","31315585709597617104668309672027895373","106201848419137870731740730809753017104","267364722753785665518956730195524321916","99564816612558946276983966100947043631","300474009991802540557028093826625215306","152884693162892210560404995673133831473","256401372802382245587432424746463345892","416264071013621142915355892345999272","243716861918668127527609794798764688213","273720738432000563901986357892796216409","60942699856907583210476725975665242144","171733751866352277524439972633375272027","302855100772343148077561813406514953986","79889171199037347484830656693083135322"],"threshold":0.9},"deprecated":false,"signature_version":"v1","signature_type":"Line","source":"https://android.googlesource.com/platform/frameworks/base/+/157fbcfbe4b38075391aef5b4977d45702a06936"}],"spl":"2022-02-01","types":["EoP"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-197399948.json"}}],"schema_version":"1.7.5"}