{"id":"ASB-A-205150380","details":"In onCreate of RequestManageCredentials.java, there is a possible way for a third party app to install certificates without user approval due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.","aliases":["A-205150380","CVE-2021-39702"],"modified":"2026-05-29T15:55:33.750044621Z","published":"2022-03-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2022-03-01"},{"type":"FIX","url":"https://android.googlesource.com/platform/packages/apps/Settings/+/db9333baac7c609a32536a2f8d66233132306aab"}],"affected":[{"package":{"name":"platform/packages/apps/Settings","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12:0"},{"fixed":"12:2022-03-01"}]}],"versions":["12"],"ecosystem_specific":{"types":["EoP"],"vanir_signatures":[{"signature_type":"Function","target":{"file":"src/com/android/settings/security/RequestManageCredentials.java","function":"onCreate"},"signature_version":"v1","digest":{"function_hash":"277867023790668579004413473741191748586","length":1766},"id":"ASB-A-205150380-07b4118c","source":"https://android.googlesource.com/platform/packages/apps/Settings/+/db9333baac7c609a32536a2f8d66233132306aab","deprecated":false},{"signature_version":"v1","target":{"file":"src/com/android/settings/security/RequestManageCredentials.java"},"signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["267343853785936738964853057775813326856","261060228391238222735109636872968360464","222610515129640799286212911521463389127","176675007157304542194811197816439150968","338278486223187615581482700010268539844","309232157662803240359090951246495139407","221031157593952149896326517025400321224","21250626263649833577876446440916785752","119038241698840622044607644332160950733","63759581288218213990998457882821900364"]},"id":"ASB-A-205150380-abf39b84","source":"https://android.googlesource.com/platform/packages/apps/Settings/+/db9333baac7c609a32536a2f8d66233132306aab","deprecated":false},{"signature_type":"Function","target":{"file":"src/com/android/settings/security/RequestManageCredentials.java","function":"loadButtons"},"id":"ASB-A-205150380-b6a43f3f","digest":{"function_hash":"309050128351288305746507645676509705831","length":378},"signature_version":"v1","source":"https://android.googlesource.com/platform/packages/apps/Settings/+/db9333baac7c609a32536a2f8d66233132306aab","deprecated":false}],"severity":"High","spl":"2022-03-01","fixes":["https://android.googlesource.com/platform/packages/apps/Settings/+/db9333baac7c609a32536a2f8d66233132306aab"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-205150380.json"}},{"package":{"name":"platform/packages/apps/Settings","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12L:0"},{"fixed":"12L:2022-03-01"}]}],"versions":["12L"],"ecosystem_specific":{"types":["EoP"],"vanir_signatures":[{"signature_version":"v1","target":{"file":"src/com/android/settings/security/RequestManageCredentials.java","function":"onCreate"},"signature_type":"Function","digest":{"function_hash":"277867023790668579004413473741191748586","length":1766},"id":"ASB-A-205150380-487d253f","source":"https://android.googlesource.com/platform/packages/apps/Settings/+/04c66a0a3cc157aa48a013dde47f0c9485c008ee","deprecated":false},{"signature_version":"v1","target":{"file":"src/com/android/settings/security/RequestManageCredentials.java"},"signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["267343853785936738964853057775813326856","261060228391238222735109636872968360464","222610515129640799286212911521463389127","176675007157304542194811197816439150968","338278486223187615581482700010268539844","309232157662803240359090951246495139407","221031157593952149896326517025400321224","21250626263649833577876446440916785752","119038241698840622044607644332160950733","63759581288218213990998457882821900364"]},"id":"ASB-A-205150380-a28c2f46","source":"https://android.googlesource.com/platform/packages/apps/Settings/+/04c66a0a3cc157aa48a013dde47f0c9485c008ee","deprecated":false},{"signature_version":"v1","target":{"file":"src/com/android/settings/security/RequestManageCredentials.java","function":"loadButtons"},"signature_type":"Function","digest":{"length":378,"function_hash":"309050128351288305746507645676509705831"},"id":"ASB-A-205150380-acff26cd","source":"https://android.googlesource.com/platform/packages/apps/Settings/+/04c66a0a3cc157aa48a013dde47f0c9485c008ee","deprecated":false}],"severity":"High","spl":"2022-03-01","fixes":["https://android.googlesource.com/platform/packages/apps/Settings/+/04c66a0a3cc157aa48a013dde47f0c9485c008ee"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-205150380.json"}}],"schema_version":"1.7.5"}