{"id":"ASB-A-202312327","details":"In parse of RoleParser.java, there is a possible way for default apps to get permissions explicitly denied by the user due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-202312327","CVE-2021-39694"],"modified":"2026-04-17T15:55:28.020024Z","published":"2022-03-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2022-03-01"}],"affected":[{"package":{"name":"platform/packages/modules/Permission","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12:0"},{"fixed":"12:2022-03-01"}]}],"versions":["12"],"ecosystem_specific":{"types":["EoP"],"spl":"2022-03-01","fixes":["https://android.googlesource.com/platform/packages/modules/Permission/+/a360d5f391d02be49a2dbf46e912fe0b2155f9fd","https://android.googlesource.com/platform/packages/modules/Permission/+/6352f97b38b45c40113014cc68d85360616a18ce"],"severity":"High","vanir_signatures":[{"digest":{"line_hashes":["121578046762402760678451496766722934098","82162443013285345151826544704580319998","116745813951158498584025616739610164313","29812320765426490626524666859772648553"],"threshold":0.9},"signature_type":"Line","target":{"file":"PermissionController/src/com/android/permissioncontroller/role/model/RoleParser.java"},"source":"https://android.googlesource.com/platform/packages/modules/Permission/+/a360d5f391d02be49a2dbf46e912fe0b2155f9fd","signature_version":"v1","id":"ASB-A-202312327-585f4204","deprecated":false},{"digest":{"length":4409,"function_hash":"262304303829255986312520805563047167242"},"signature_type":"Function","target":{"file":"PermissionController/src/com/android/permissioncontroller/role/model/RoleParser.java","function":"parseRole"},"source":"https://android.googlesource.com/platform/packages/modules/Permission/+/a360d5f391d02be49a2dbf46e912fe0b2155f9fd","signature_version":"v1","id":"ASB-A-202312327-f0dd9bb9","deprecated":false}]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-202312327.json"}},{"package":{"name":"platform/packages/modules/Permission","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12L:0"},{"fixed":"12L:2022-03-01"}]}],"versions":["12L"],"ecosystem_specific":{"types":["EoP"],"spl":"2022-03-01","fixes":["https://android.googlesource.com/platform/packages/modules/Permission/+/a360d5f391d02be49a2dbf46e912fe0b2155f9fd","https://android.googlesource.com/platform/packages/modules/Permission/+/6352f97b38b45c40113014cc68d85360616a18ce"],"severity":"High","vanir_signatures":[{"digest":{"line_hashes":["121578046762402760678451496766722934098","82162443013285345151826544704580319998","116745813951158498584025616739610164313","29812320765426490626524666859772648553"],"threshold":0.9},"signature_type":"Line","target":{"file":"PermissionController/src/com/android/permissioncontroller/role/model/RoleParser.java"},"source":"https://android.googlesource.com/platform/packages/modules/Permission/+/a360d5f391d02be49a2dbf46e912fe0b2155f9fd","signature_version":"v1","id":"ASB-A-202312327-8e4c69dd","deprecated":false},{"digest":{"length":4409,"function_hash":"262304303829255986312520805563047167242"},"signature_type":"Function","target":{"file":"PermissionController/src/com/android/permissioncontroller/role/model/RoleParser.java","function":"parseRole"},"source":"https://android.googlesource.com/platform/packages/modules/Permission/+/a360d5f391d02be49a2dbf46e912fe0b2155f9fd","signature_version":"v1","id":"ASB-A-202312327-d778ee52","deprecated":false}]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-202312327.json"}}],"schema_version":"1.7.5"}