{"id":"ASB-A-200688991","details":"In onReceive of AppRestrictionsFragment.java, there is a possible way to start a phone call without permissions due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-200688991","CVE-2021-39707"],"modified":"2026-04-23T15:15:38.048727Z","published":"2022-03-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2022-03-01"},{"type":"FIX","url":"https://android.googlesource.com/platform/packages/apps/Settings/+/4fb753d22e6a2505b1667950d153bc03ad8ae422"}],"affected":[{"package":{"name":"platform/packages/apps/Settings","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"10:0"},{"fixed":"10:2022-03-01"}]}],"versions":["10"],"ecosystem_specific":{"severity":"High","types":["EoP"],"fixes":["https://android.googlesource.com/platform/packages/apps/Settings/+/f57d75f127fe96e91250585208a339763f1a2253"],"vanir_signatures":[{"id":"ASB-A-200688991-1637f245","signature_version":"v1","target":{"file":"src/com/android/settings/users/AppRestrictionsFragment.java"},"source":"https://android.googlesource.com/platform/packages/apps/Settings/+/f57d75f127fe96e91250585208a339763f1a2253","deprecated":false,"signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["25773313590578301909770280378145394169","998002664358991226549625720005163034","184557601896126998774372606455908481492","8725612031362875280293404008541639922","263652157868942015372852595692019924264","266345770853377246326559123612364591999","92886632093687862575761156928663257027","5125628849487778448830293822799454652","229984845727493768315449970480846857775","120783485870668307593467657794719425133","248990728719954200371713960077160859241","192497369389172935363379212909343471421","267786699608572883225187067660587640153","111871638115009029157642403469356194843","235513615326855201199349692386757969529","82542431251053983535395211463109219730","150311428605553795670256246034595443020","104148611440174321452056313171669862655","25375867160530765286428555796606026667","339978714582775340128437482086169236936"]}},{"id":"ASB-A-200688991-290f1e4b","signature_version":"v1","target":{"file":"src/com/android/settings/users/AppRestrictionsFragment.java","function":"onReceive"},"source":"https://android.googlesource.com/platform/packages/apps/Settings/+/f57d75f127fe96e91250585208a339763f1a2253","deprecated":false,"signature_type":"Function","digest":{"function_hash":"248855116433774637405381666376387624271","length":688}},{"id":"ASB-A-200688991-e3a088d4","signature_version":"v1","target":{"file":"src/com/android/settings/users/AppRestrictionsFragment.java","function":"assertSafeToStartCustomActivity"},"source":"https://android.googlesource.com/platform/packages/apps/Settings/+/f57d75f127fe96e91250585208a339763f1a2253","deprecated":false,"signature_type":"Function","digest":{"function_hash":"126382469407775841340500000808370560677","length":466}}],"spl":"2022-03-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-200688991.json"}},{"package":{"name":"platform/packages/apps/Settings","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"11:0"},{"fixed":"11:2022-03-01"}]}],"versions":["11"],"ecosystem_specific":{"severity":"High","types":["EoP"],"fixes":["https://android.googlesource.com/platform/packages/apps/Settings/+/dc44d01a16461027ace52eb30faa9281e102ed3a"],"vanir_signatures":[{"id":"ASB-A-200688991-a463f1a8","signature_version":"v1","target":{"file":"src/com/android/settings/users/AppRestrictionsFragment.java"},"source":"https://android.googlesource.com/platform/packages/apps/Settings/+/dc44d01a16461027ace52eb30faa9281e102ed3a","deprecated":false,"signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["25773313590578301909770280378145394169","998002664358991226549625720005163034","184557601896126998774372606455908481492","8725612031362875280293404008541639922","263652157868942015372852595692019924264","266345770853377246326559123612364591999","92886632093687862575761156928663257027","5125628849487778448830293822799454652","229984845727493768315449970480846857775","120783485870668307593467657794719425133","248990728719954200371713960077160859241","192497369389172935363379212909343471421","267786699608572883225187067660587640153","111871638115009029157642403469356194843","235513615326855201199349692386757969529","82542431251053983535395211463109219730","150311428605553795670256246034595443020","104148611440174321452056313171669862655","25375867160530765286428555796606026667","339978714582775340128437482086169236936"]}},{"id":"ASB-A-200688991-e140e50e","signature_version":"v1","target":{"file":"src/com/android/settings/users/AppRestrictionsFragment.java","function":"assertSafeToStartCustomActivity"},"source":"https://android.googlesource.com/platform/packages/apps/Settings/+/dc44d01a16461027ace52eb30faa9281e102ed3a","deprecated":false,"signature_type":"Function","digest":{"function_hash":"126382469407775841340500000808370560677","length":466}},{"id":"ASB-A-200688991-e8d569fe","signature_version":"v1","target":{"file":"src/com/android/settings/users/AppRestrictionsFragment.java","function":"onReceive"},"source":"https://android.googlesource.com/platform/packages/apps/Settings/+/dc44d01a16461027ace52eb30faa9281e102ed3a","deprecated":false,"signature_type":"Function","digest":{"function_hash":"248855116433774637405381666376387624271","length":688}}],"spl":"2022-03-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-200688991.json"}},{"package":{"name":"platform/packages/apps/Settings","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12:0"},{"fixed":"12:2022-03-01"}]}],"versions":["12"],"ecosystem_specific":{"severity":"High","types":["EoP"],"fixes":["https://android.googlesource.com/platform/packages/apps/Settings/+/99261879727c972c2fdcc44ee1ed47d4de52b7bf"],"vanir_signatures":[{"id":"ASB-A-200688991-39f69d17","signature_version":"v1","target":{"file":"src/com/android/settings/users/AppRestrictionsFragment.java"},"source":"https://android.googlesource.com/platform/packages/apps/Settings/+/99261879727c972c2fdcc44ee1ed47d4de52b7bf","deprecated":false,"signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["25773313590578301909770280378145394169","998002664358991226549625720005163034","184557601896126998774372606455908481492","8725612031362875280293404008541639922","263652157868942015372852595692019924264","266345770853377246326559123612364591999","92886632093687862575761156928663257027","5125628849487778448830293822799454652","229984845727493768315449970480846857775","120783485870668307593467657794719425133","248990728719954200371713960077160859241","192497369389172935363379212909343471421","267786699608572883225187067660587640153","111871638115009029157642403469356194843","235513615326855201199349692386757969529","82542431251053983535395211463109219730","150311428605553795670256246034595443020","104148611440174321452056313171669862655","25375867160530765286428555796606026667","339978714582775340128437482086169236936"]}},{"id":"ASB-A-200688991-56be47e1","signature_version":"v1","target":{"file":"src/com/android/settings/users/AppRestrictionsFragment.java","function":"onReceive"},"source":"https://android.googlesource.com/platform/packages/apps/Settings/+/99261879727c972c2fdcc44ee1ed47d4de52b7bf","deprecated":false,"signature_type":"Function","digest":{"function_hash":"248855116433774637405381666376387624271","length":688}},{"id":"ASB-A-200688991-67410139","signature_version":"v1","target":{"file":"src/com/android/settings/users/AppRestrictionsFragment.java","function":"assertSafeToStartCustomActivity"},"source":"https://android.googlesource.com/platform/packages/apps/Settings/+/99261879727c972c2fdcc44ee1ed47d4de52b7bf","deprecated":false,"signature_type":"Function","digest":{"function_hash":"126382469407775841340500000808370560677","length":466}}],"spl":"2022-03-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-200688991.json"}},{"package":{"name":"platform/packages/apps/Settings","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12L:0"},{"fixed":"12L:2022-03-01"}]}],"versions":["12L"],"ecosystem_specific":{"severity":"High","types":["EoP"],"fixes":["https://android.googlesource.com/platform/packages/apps/Settings/+/4fb753d22e6a2505b1667950d153bc03ad8ae422"],"vanir_signatures":[{"id":"ASB-A-200688991-03bc1b2e","signature_version":"v1","target":{"file":"src/com/android/settings/users/AppRestrictionsFragment.java"},"source":"https://android.googlesource.com/platform/packages/apps/Settings/+/4fb753d22e6a2505b1667950d153bc03ad8ae422","deprecated":false,"signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["25773313590578301909770280378145394169","998002664358991226549625720005163034","184557601896126998774372606455908481492","8725612031362875280293404008541639922","263652157868942015372852595692019924264","266345770853377246326559123612364591999","92886632093687862575761156928663257027","5125628849487778448830293822799454652","229984845727493768315449970480846857775","120783485870668307593467657794719425133","248990728719954200371713960077160859241","192497369389172935363379212909343471421","267786699608572883225187067660587640153","111871638115009029157642403469356194843","235513615326855201199349692386757969529","82542431251053983535395211463109219730","150311428605553795670256246034595443020","104148611440174321452056313171669862655","25375867160530765286428555796606026667","339978714582775340128437482086169236936"]}},{"id":"ASB-A-200688991-e41ae46b","signature_version":"v1","target":{"file":"src/com/android/settings/users/AppRestrictionsFragment.java","function":"onReceive"},"source":"https://android.googlesource.com/platform/packages/apps/Settings/+/4fb753d22e6a2505b1667950d153bc03ad8ae422","deprecated":false,"signature_type":"Function","digest":{"function_hash":"248855116433774637405381666376387624271","length":688}},{"id":"ASB-A-200688991-ef6e77bd","signature_version":"v1","target":{"file":"src/com/android/settings/users/AppRestrictionsFragment.java","function":"assertSafeToStartCustomActivity"},"source":"https://android.googlesource.com/platform/packages/apps/Settings/+/4fb753d22e6a2505b1667950d153bc03ad8ae422","deprecated":false,"signature_type":"Function","digest":{"function_hash":"126382469407775841340500000808370560677","length":466}}],"spl":"2022-03-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-200688991.json"}}],"schema_version":"1.7.5"}