{"id":"ASB-A-204316511","details":"In setDisplayPadding of WallpaperManagerService.java, there is a possible way to cause a persistent DoS due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-204316511","CVE-2021-39690"],"modified":"2026-04-30T15:48:46.890647Z","published":"2022-03-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2022-03-01"}],"affected":[{"package":{"name":"platform/frameworks/native","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12:0"},{"fixed":"12:2022-03-01"}]}],"versions":["12"],"ecosystem_specific":{"severity":"High","spl":"2022-03-01","fixes":["https://android.googlesource.com/platform/frameworks/native/+/ec7e4d9a5cc4dfc2937bb80d51cdb85193f5d72f"],"types":["DoS"],"vanir_signatures":[{"id":"ASB-A-204316511-0861fe58","deprecated":false,"source":"https://android.googlesource.com/platform/frameworks/native/+/ec7e4d9a5cc4dfc2937bb80d51cdb85193f5d72f","signature_type":"Function","digest":{"function_hash":"44791309334450844456675503081552095819","length":10777},"signature_version":"v1","target":{"function":"SurfaceFlinger::setClientStateLocked","file":"services/surfaceflinger/SurfaceFlinger.cpp"}},{"id":"ASB-A-204316511-0b67edba","deprecated":false,"source":"https://android.googlesource.com/platform/frameworks/native/+/ec7e4d9a5cc4dfc2937bb80d51cdb85193f5d72f","signature_type":"Function","digest":{"function_hash":"68970275361145897337197793897902028755","length":448},"signature_version":"v1","target":{"function":"TEST_F","file":"services/surfaceflinger/tests/ScreenCapture_test.cpp"}},{"id":"ASB-A-204316511-168df7b9","deprecated":false,"source":"https://android.googlesource.com/platform/frameworks/native/+/ec7e4d9a5cc4dfc2937bb80d51cdb85193f5d72f","signature_type":"Line","digest":{"line_hashes":["270393534189313986138406752366389592692","275259688982229378796214134438810533892","32658692480511583052221100177423045760","325541602959327163285295616554781221560","150656553309228583418935861274375229415","79007643362002399721069831287191174013","260638839433997621765035161646269865569","51154081431170123515244966929876425018","293354864219505538563937347222591001955"],"threshold":0.9},"signature_version":"v1","target":{"file":"services/surfaceflinger/SurfaceFlinger.h"}},{"id":"ASB-A-204316511-30d9ecb9","deprecated":false,"source":"https://android.googlesource.com/platform/frameworks/native/+/ec7e4d9a5cc4dfc2937bb80d51cdb85193f5d72f","signature_type":"Line","digest":{"line_hashes":["50831744151293563148774182705800289957","246199372833904166426758290384853950570","65259641609290005896131676617688977408","279126005880760193766664021394497039369","114752519249385513995651475033615615074","223068659330178039251646065577549184712","116805605386415337921854819471103920582","46940868681131104489128586934369862391","288853366720205307429930853653298883587","233984338985834847923886988015087369311","18657092450738869211298242413185952565","86695048204250042932197239666050511902","40418084175344883626793243264844743296","43438680977200929748427574570371657025","3780668423173098917055057446348319336","295639582164583522627760560888713544779","250396443443507962491849439221007485627","245702862578622383129984366220320368129","230294016904879018548020527969489015517","203097268619279677733732202238894647297","278766065261577349261352574376242545677","29906286069791369883975108308481887364","72906806340084835044783543252159141174","244090735304815118576609476576699676636","257692195445048202689568642402809250204","75965817899740505879480859937455098457","87490741968727612907253607811001194436","246792299017957834943432765355298996049","38086289253211337153918046234844497640","304760948508225125354257263857742277736","321530385934897649262916508893414142493"],"threshold":0.9},"signature_version":"v1","target":{"file":"services/surfaceflinger/SurfaceFlinger.cpp"}},{"id":"ASB-A-204316511-af82110b","deprecated":false,"source":"https://android.googlesource.com/platform/frameworks/native/+/ec7e4d9a5cc4dfc2937bb80d51cdb85193f5d72f","signature_type":"Line","digest":{"line_hashes":["326617142731568385770532707510707597822","47224220044425117570889795875636002776","266900134505728704137495987384257683944","12034557646692221699214601096237409888","70221427526257988746382306026655633745","73995432580248685550342145545719205906","11258871478258743572994716079609741247"],"threshold":0.9},"signature_version":"v1","target":{"file":"services/surfaceflinger/BufferQueueLayer.cpp"}},{"id":"ASB-A-204316511-b8fbbe91","deprecated":false,"source":"https://android.googlesource.com/platform/frameworks/native/+/ec7e4d9a5cc4dfc2937bb80d51cdb85193f5d72f","signature_type":"Line","digest":{"line_hashes":["156929728718137448873133453971998890982","324896239003313475224695704815249716963","157859793816611732865379366320154745581","213776545598237756212767554286521257586"],"threshold":0.9},"signature_version":"v1","target":{"file":"services/surfaceflinger/tests/unittests/TestableSurfaceFlinger.h"}},{"id":"ASB-A-204316511-cf763faf","deprecated":false,"source":"https://android.googlesource.com/platform/frameworks/native/+/ec7e4d9a5cc4dfc2937bb80d51cdb85193f5d72f","signature_type":"Function","digest":{"function_hash":"267808185272358036404270983592380047937","length":1192},"signature_version":"v1","target":{"function":"SurfaceFlinger::captureScreenCommon","file":"services/surfaceflinger/SurfaceFlinger.cpp"}},{"id":"ASB-A-204316511-d1082d8c","deprecated":false,"source":"https://android.googlesource.com/platform/frameworks/native/+/ec7e4d9a5cc4dfc2937bb80d51cdb85193f5d72f","signature_type":"Function","digest":{"function_hash":"178068123687975233729835503111490358002","length":523},"signature_version":"v1","target":{"function":"BufferQueueLayer::setDefaultBufferProperties","file":"services/surfaceflinger/BufferQueueLayer.cpp"}},{"id":"ASB-A-204316511-df7ed311","deprecated":false,"source":"https://android.googlesource.com/platform/frameworks/native/+/ec7e4d9a5cc4dfc2937bb80d51cdb85193f5d72f","signature_type":"Line","digest":{"line_hashes":["251512948118852365255095896215843666341","18271132180437244950113978482901102267","195922620811718844315764548131075066561","273208535694031873339281917213734725627","317254991244631110115633483299150761479","184247728271956556618092849541992375104","81972724684050499725850284010752823515"],"threshold":0.9},"signature_version":"v1","target":{"file":"services/surfaceflinger/tests/ScreenCapture_test.cpp"}},{"id":"ASB-A-204316511-e061132e","deprecated":false,"source":"https://android.googlesource.com/platform/frameworks/native/+/ec7e4d9a5cc4dfc2937bb80d51cdb85193f5d72f","signature_type":"Function","digest":{"function_hash":"198360065419706188038951677303151724041","length":103},"signature_version":"v1","target":{"function":"SurfaceFlinger::getMaxViewportDims","file":"services/surfaceflinger/SurfaceFlinger.cpp"}},{"id":"ASB-A-204316511-f8a2a7fb","deprecated":false,"source":"https://android.googlesource.com/platform/frameworks/native/+/ec7e4d9a5cc4dfc2937bb80d51cdb85193f5d72f","signature_type":"Function","digest":{"function_hash":"73337789091569781885641322594455116534","length":101},"signature_version":"v1","target":{"function":"SurfaceFlinger::getMaxTextureSize","file":"services/surfaceflinger/SurfaceFlinger.cpp"}},{"id":"ASB-A-204316511-f9fb53aa","deprecated":false,"source":"https://android.googlesource.com/platform/frameworks/native/+/ec7e4d9a5cc4dfc2937bb80d51cdb85193f5d72f","signature_type":"Function","digest":{"function_hash":"295098899868169209202705964467570467921","length":2406},"signature_version":"v1","target":{"function":"SurfaceFlinger::init","file":"services/surfaceflinger/SurfaceFlinger.cpp"}}]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-204316511.json"}},{"package":{"name":"platform/frameworks/native","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12L:0"},{"fixed":"12L:2022-03-01"}]}],"versions":["12L"],"ecosystem_specific":{"severity":"High","spl":"2022-03-01","fixes":["https://android.googlesource.com/platform/frameworks/native/+/9c9c19134593655c36fe70aaa45a91ad4f75e36f"],"types":["DoS"],"vanir_signatures":[{"id":"ASB-A-204316511-00524bfa","deprecated":false,"source":"https://android.googlesource.com/platform/frameworks/native/+/9c9c19134593655c36fe70aaa45a91ad4f75e36f","signature_type":"Function","digest":{"function_hash":"198360065419706188038951677303151724041","length":103},"signature_version":"v1","target":{"function":"SurfaceFlinger::getMaxViewportDims","file":"services/surfaceflinger/SurfaceFlinger.cpp"}},{"id":"ASB-A-204316511-02b83fe4","deprecated":false,"source":"https://android.googlesource.com/platform/frameworks/native/+/9c9c19134593655c36fe70aaa45a91ad4f75e36f","signature_type":"Line","digest":{"line_hashes":["156929728718137448873133453971998890982","324896239003313475224695704815249716963","157859793816611732865379366320154745581","213776545598237756212767554286521257586"],"threshold":0.9},"signature_version":"v1","target":{"file":"services/surfaceflinger/tests/unittests/TestableSurfaceFlinger.h"}},{"id":"ASB-A-204316511-06662e27","deprecated":false,"source":"https://android.googlesource.com/platform/frameworks/native/+/9c9c19134593655c36fe70aaa45a91ad4f75e36f","signature_type":"Function","digest":{"function_hash":"178068123687975233729835503111490358002","length":523},"signature_version":"v1","target":{"function":"BufferQueueLayer::setDefaultBufferProperties","file":"services/surfaceflinger/BufferQueueLayer.cpp"}},{"id":"ASB-A-204316511-1a3dedfe","deprecated":false,"source":"https://android.googlesource.com/platform/frameworks/native/+/9c9c19134593655c36fe70aaa45a91ad4f75e36f","signature_type":"Line","digest":{"line_hashes":["50831744151293563148774182705800289957","246199372833904166426758290384853950570","65259641609290005896131676617688977408","279126005880760193766664021394497039369","114752519249385513995651475033615615074","223068659330178039251646065577549184712","116805605386415337921854819471103920582","46940868681131104489128586934369862391","288853366720205307429930853653298883587","233984338985834847923886988015087369311","18657092450738869211298242413185952565","86695048204250042932197239666050511902","40418084175344883626793243264844743296","43438680977200929748427574570371657025","3780668423173098917055057446348319336","295639582164583522627760560888713544779","250396443443507962491849439221007485627","245702862578622383129984366220320368129","230294016904879018548020527969489015517","203097268619279677733732202238894647297","278766065261577349261352574376242545677","29906286069791369883975108308481887364","72906806340084835044783543252159141174","244090735304815118576609476576699676636","257692195445048202689568642402809250204","75965817899740505879480859937455098457","87490741968727612907253607811001194436","246792299017957834943432765355298996049","38086289253211337153918046234844497640","304760948508225125354257263857742277736","321530385934897649262916508893414142493"],"threshold":0.9},"signature_version":"v1","target":{"file":"services/surfaceflinger/SurfaceFlinger.cpp"}},{"id":"ASB-A-204316511-599d680a","deprecated":false,"source":"https://android.googlesource.com/platform/frameworks/native/+/9c9c19134593655c36fe70aaa45a91ad4f75e36f","signature_type":"Function","digest":{"function_hash":"68970275361145897337197793897902028755","length":448},"signature_version":"v1","target":{"function":"TEST_F","file":"services/surfaceflinger/tests/ScreenCapture_test.cpp"}},{"id":"ASB-A-204316511-61b6eea1","deprecated":false,"source":"https://android.googlesource.com/platform/frameworks/native/+/9c9c19134593655c36fe70aaa45a91ad4f75e36f","signature_type":"Line","digest":{"line_hashes":["326617142731568385770532707510707597822","47224220044425117570889795875636002776","266900134505728704137495987384257683944","12034557646692221699214601096237409888","70221427526257988746382306026655633745","73995432580248685550342145545719205906","11258871478258743572994716079609741247"],"threshold":0.9},"signature_version":"v1","target":{"file":"services/surfaceflinger/BufferQueueLayer.cpp"}},{"id":"ASB-A-204316511-8077fa5f","deprecated":false,"source":"https://android.googlesource.com/platform/frameworks/native/+/9c9c19134593655c36fe70aaa45a91ad4f75e36f","signature_type":"Function","digest":{"function_hash":"184616818336390287183711972313303437495","length":10523},"signature_version":"v1","target":{"function":"SurfaceFlinger::setClientStateLocked","file":"services/surfaceflinger/SurfaceFlinger.cpp"}},{"id":"ASB-A-204316511-814c2845","deprecated":false,"source":"https://android.googlesource.com/platform/frameworks/native/+/9c9c19134593655c36fe70aaa45a91ad4f75e36f","signature_type":"Line","digest":{"line_hashes":["251512948118852365255095896215843666341","18271132180437244950113978482901102267","195922620811718844315764548131075066561","273208535694031873339281917213734725627","317254991244631110115633483299150761479","184247728271956556618092849541992375104","81972724684050499725850284010752823515"],"threshold":0.9},"signature_version":"v1","target":{"file":"services/surfaceflinger/tests/ScreenCapture_test.cpp"}},{"id":"ASB-A-204316511-95570f34","deprecated":false,"source":"https://android.googlesource.com/platform/frameworks/native/+/9c9c19134593655c36fe70aaa45a91ad4f75e36f","signature_type":"Function","digest":{"function_hash":"267808185272358036404270983592380047937","length":1192},"signature_version":"v1","target":{"function":"SurfaceFlinger::captureScreenCommon","file":"services/surfaceflinger/SurfaceFlinger.cpp"}},{"id":"ASB-A-204316511-a18c57a7","deprecated":false,"source":"https://android.googlesource.com/platform/frameworks/native/+/9c9c19134593655c36fe70aaa45a91ad4f75e36f","signature_type":"Function","digest":{"function_hash":"210867802122516337948994985812555593841","length":2357},"signature_version":"v1","target":{"function":"SurfaceFlinger::init","file":"services/surfaceflinger/SurfaceFlinger.cpp"}},{"id":"ASB-A-204316511-bfbc29e4","deprecated":false,"source":"https://android.googlesource.com/platform/frameworks/native/+/9c9c19134593655c36fe70aaa45a91ad4f75e36f","signature_type":"Line","digest":{"line_hashes":["270393534189313986138406752366389592692","275259688982229378796214134438810533892","32658692480511583052221100177423045760","325541602959327163285295616554781221560","150656553309228583418935861274375229415","79007643362002399721069831287191174013","260638839433997621765035161646269865569","51154081431170123515244966929876425018","293354864219505538563937347222591001955"],"threshold":0.9},"signature_version":"v1","target":{"file":"services/surfaceflinger/SurfaceFlinger.h"}},{"id":"ASB-A-204316511-d2cdefa9","deprecated":false,"source":"https://android.googlesource.com/platform/frameworks/native/+/9c9c19134593655c36fe70aaa45a91ad4f75e36f","signature_type":"Function","digest":{"function_hash":"73337789091569781885641322594455116534","length":101},"signature_version":"v1","target":{"function":"SurfaceFlinger::getMaxTextureSize","file":"services/surfaceflinger/SurfaceFlinger.cpp"}}]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-204316511.json"}}],"schema_version":"1.7.5"}