{"id":"ASB-A-208662370","details":"In onUidStateChanged of AppOpsService.java, there is a possible way to access location without a visible indicator due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-208662370","CVE-2021-39693"],"modified":"2026-05-22T15:55:21.353668239Z","published":"2022-03-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2022-03-01"},{"type":"FIX","url":"https://android.googlesource.com/platform/frameworks/base/+/f14e212d82b32053d151eedf97ac59a4b5b18369"}],"affected":[{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12:0"},{"fixed":"12:2022-03-01"}]}],"versions":["12"],"ecosystem_specific":{"spl":"2022-03-01","types":["EoP"],"severity":"High","fixes":["https://android.googlesource.com/platform/frameworks/base/+/f14e212d82b32053d151eedf97ac59a4b5b18369"],"vanir_signatures":[{"source":"https://android.googlesource.com/platform/frameworks/base/+/f14e212d82b32053d151eedf97ac59a4b5b18369","digest":{"function_hash":"315538145376716360253371471486438683231","length":1235},"signature_type":"Function","deprecated":false,"id":"ASB-A-208662370-acba7904","signature_version":"v1","target":{"file":"services/core/java/com/android/server/appop/AppOpsService.java","function":"onUidStateChanged"}},{"signature_type":"Line","digest":{"line_hashes":["37134809959087956661517944958170528644","328764706330746749091075703301307103179","6457097028563598592615406195549245715"],"threshold":0.9},"source":"https://android.googlesource.com/platform/frameworks/base/+/f14e212d82b32053d151eedf97ac59a4b5b18369","id":"ASB-A-208662370-ae70cc6f","deprecated":false,"signature_version":"v1","target":{"file":"services/core/java/com/android/server/appop/AppOpsService.java"}}]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-208662370.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12L:0"},{"fixed":"12L:2022-03-01"}]}],"versions":["12L"],"ecosystem_specific":{"spl":"2022-03-01","types":["EoP"],"severity":"High","fixes":["https://android.googlesource.com/platform/frameworks/base/+/2623d2792bb56bd81cfeec0430cb0c024ddaf684"],"vanir_signatures":[{"signature_version":"v1","digest":{"function_hash":"315538145376716360253371471486438683231","length":1235},"signature_type":"Function","id":"ASB-A-208662370-0602e1fe","deprecated":false,"source":"https://android.googlesource.com/platform/frameworks/base/+/2623d2792bb56bd81cfeec0430cb0c024ddaf684","target":{"file":"services/core/java/com/android/server/appop/AppOpsService.java","function":"onUidStateChanged"}},{"source":"https://android.googlesource.com/platform/frameworks/base/+/2623d2792bb56bd81cfeec0430cb0c024ddaf684","digest":{"line_hashes":["37134809959087956661517944958170528644","328764706330746749091075703301307103179","6457097028563598592615406195549245715"],"threshold":0.9},"signature_type":"Line","id":"ASB-A-208662370-73172252","deprecated":false,"signature_version":"v1","target":{"file":"services/core/java/com/android/server/appop/AppOpsService.java"}}]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-208662370.json"}}],"schema_version":"1.7.5"}