{"id":"ASB-A-200682135","details":"In openFileAndEnforcePathPermissionsHelper of MediaProvider.java, there is a possible bypass of a permissions check due to a confused deputy. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-200682135","CVE-2021-39663"],"modified":"2026-05-19T16:54:37.272608834Z","published":"2022-02-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2022-02-01"}],"affected":[{"package":{"name":"platform/packages/providers/MediaProvider","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"10:0"},{"fixed":"10:2022-02-01"}]}],"versions":["10"],"ecosystem_specific":{"types":["EoP"],"fixes":["https://android.googlesource.com/platform/packages/providers/MediaProvider/+/b50868065a4cf0c15e96aea66732afc89c388022"],"vanir_signatures":[{"source":"https://android.googlesource.com/platform/packages/providers/MediaProvider/+/b50868065a4cf0c15e96aea66732afc89c388022","deprecated":false,"digest":{"length":558,"function_hash":"165616400455024994892517906895191784291"},"signature_version":"v1","id":"ASB-A-200682135-5f359beb","target":{"file":"src/com/android/providers/media/MediaProvider.java","function":"openTypedAssetFileCommon"},"signature_type":"Function"},{"source":"https://android.googlesource.com/platform/packages/providers/MediaProvider/+/b50868065a4cf0c15e96aea66732afc89c388022","deprecated":false,"digest":{"length":1420,"function_hash":"112285523604073142095418550921513705140"},"signature_version":"v1","id":"ASB-A-200682135-8b355753","target":{"file":"src/com/android/providers/media/MediaProvider.java","function":"openFileCommon"},"signature_type":"Function"},{"source":"https://android.googlesource.com/platform/packages/providers/MediaProvider/+/b50868065a4cf0c15e96aea66732afc89c388022","deprecated":false,"digest":{"length":2377,"function_hash":"284525932788735169382226148928346094244"},"signature_version":"v1","id":"ASB-A-200682135-962c8aa2","target":{"file":"src/com/android/providers/media/MediaProvider.java","function":"openFileAndEnforcePathPermissionsHelper"},"signature_type":"Function"},{"source":"https://android.googlesource.com/platform/packages/providers/MediaProvider/+/b50868065a4cf0c15e96aea66732afc89c388022","deprecated":false,"digest":{"line_hashes":["301230924079322411707306435658694167231","119934892804168007671710819972308779864","199487414863393805613893393325696610053","162360384384749213345567536258975167779","281055015758836343142548915437798574571","221706412158811096265614557779732931585","182383650732400534176262118348651346131","185664529873386261295334187875465343000","172024512681413809249593304452825948661","187769825546625509013337805616455216952","253087205555732787596386662491868256880","134226128641440851766864797113642402358","95336984391022107399284068656457382680","82787907556720293565485704345509551568","213204510778106549042434355760192794507","332959931777799172079287323201771234549","133596333348576970970733937787512775629","1694689932720584837483373116289838099","246425859373065730087414984618554517129","69207298254231555346135493797051147018","146011506290389155650539787564751170842","250478298507667485277041063687181726894","158519083428419644750957911501626877546","254102938929140759440146827680883211708","162879964757682414177023233577190795421","310358380949384310875695053651920800400","43233373684009478504010354450779091670","165570269486723337793374398703277539992","197756927111725734253362481862997469015","185040904275557993485879863883766089670","3846512432080304883829143243894092442","24322872871318015983352795926468960142","315278518823851250907608978082096455149","103539333113218161862557549421981177779","335093249454313703290108671264029322501","83724094901120736497911731160934322367","303279304179388736378044696196841160238","99654987882633657501185966106724953567","333337238505504014933896228287819450521","330401764247701592708522675639968086618","11559575761700046304819877678158831154","63189297716160860855887423975874749820"],"threshold":0.9},"signature_version":"v1","id":"ASB-A-200682135-e3310dcc","target":{"file":"src/com/android/providers/media/MediaProvider.java"},"signature_type":"Line"}],"severity":"High","spl":"2022-02-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-200682135.json"}}],"schema_version":"1.7.5"}