{"id":"ASB-A-209446496","details":"In handleNfcStateChanged of SecureNfcEnabler.java, there is a possible way to enable NFC from the Guest account due to a missing permission check. This could lead to local escalation of privilege from the Guest account with no additional execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-209446496","CVE-2021-39807"],"modified":"2026-05-22T15:55:21.353668239Z","published":"2022-04-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2022-04-01"},{"type":"FIX","url":"https://android.googlesource.com/platform/packages/apps/Settings/+/c59ecb07f5b16d38f3976ce393cc5c29a241963a"}],"affected":[{"package":{"name":"platform/packages/apps/Settings","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"10:0"},{"fixed":"10:2022-04-05"}]}],"versions":["10"],"ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/packages/apps/Settings/+/4e543a38f6037cee6f6237c755d9fdc00270d6e2"],"vanir_signatures":[{"target":{"function":"getNonIndexableKeys","file":"src/com/android/settings/connecteddevice/AdvancedConnectedDeviceDashboardFragment.java"},"id":"ASB-A-209446496-14ed56f9","digest":{"length":262,"function_hash":"282752491468255757792423787937123980138"},"signature_version":"v1","match_only_versions":["10"],"signature_type":"Function","deprecated":false,"source":"https://android.googlesource.com/platform/packages/apps/Settings/+/4e543a38f6037cee6f6237c755d9fdc00270d6e2"},{"id":"ASB-A-209446496-155a3c4b","target":{"function":"handleNfcStateChanged","file":"src/com/android/settings/nfc/SecureNfcEnabler.java"},"digest":{"length":547,"function_hash":"44364368635206463946580718456940636632"},"signature_version":"v1","match_only_versions":["10"],"signature_type":"Function","deprecated":false,"source":"https://android.googlesource.com/platform/packages/apps/Settings/+/4e543a38f6037cee6f6237c755d9fdc00270d6e2"},{"id":"ASB-A-209446496-28d88cbd","digest":{"threshold":0.9,"line_hashes":["104640340823179530859982387541045009359","54077344772517366223645446965945596572","57316047783306358646712498073955376079"]},"target":{"file":"src/com/android/settings/nfc/SecureNfcPreferenceController.java"},"signature_version":"v1","match_only_versions":["10"],"signature_type":"Line","deprecated":false,"source":"https://android.googlesource.com/platform/packages/apps/Settings/+/4e543a38f6037cee6f6237c755d9fdc00270d6e2"},{"digest":{"threshold":0.9,"line_hashes":["24929154912866296258003856795052035698","102985994623774707472884171700885947163","28629836810280458568764820646968600580","157372545684039080746348332028554779667","248037606502086375276121672084761026974","244779512637814176098350952546511676167","91852767605856262281093661707503156980","179424779785096709195201883026574155013","167406583980043863501189067292388973488","226208579727948403648167630623307804907","206422986024070089075164415342025238466","120323037648485951366567017292489195608","222717576057888766947304829867241126022","176716013815801271371011895249285319184","340046370131221628976650780733953479947","24981409069758245919959226956839528696","255288383093687017670599869428382125856","75407180318704451699303769443305508093"]},"deprecated":false,"target":{"file":"src/com/android/settings/nfc/SecureNfcEnabler.java"},"signature_version":"v1","signature_type":"Line","id":"ASB-A-209446496-534a0194","source":"https://android.googlesource.com/platform/packages/apps/Settings/+/4e543a38f6037cee6f6237c755d9fdc00270d6e2"},{"target":{"function":"SecureNfcEnabler","file":"src/com/android/settings/nfc/SecureNfcEnabler.java"},"signature_type":"Function","id":"ASB-A-209446496-c091c940","signature_version":"v1","digest":{"length":82,"function_hash":"127039390748364425891178181785151239171"},"deprecated":false,"source":"https://android.googlesource.com/platform/packages/apps/Settings/+/4e543a38f6037cee6f6237c755d9fdc00270d6e2"},{"target":{"file":"src/com/android/settings/connecteddevice/AdvancedConnectedDeviceDashboardFragment.java"},"id":"ASB-A-209446496-cd1fe353","digest":{"threshold":0.9,"line_hashes":["78665594081758831960176424858478020825","171071211868076758317199496074877610806","93959810514345626888469960487788463701","89036061155262175367535221140820362232","39102001788302046623454440679496411262","191746087133540115132130798065738436759","156072748411938088002050525166400795974","150578447178704079897889964007817892065","79407049416702579768023041517668425937","45601423319242074519627616342741264430","142054889039160123904375712824533928056","250776634068925222533131529590206841548","135524816208115480152044850452397667319"]},"signature_version":"v1","match_only_versions":["10"],"signature_type":"Line","deprecated":false,"source":"https://android.googlesource.com/platform/packages/apps/Settings/+/4e543a38f6037cee6f6237c755d9fdc00270d6e2"}],"severity":"High","types":["EoP"],"spl":"2022-04-05"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-209446496.json"}},{"package":{"name":"platform/packages/apps/Settings","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"11:0"},{"fixed":"11:2022-04-05"}]}],"versions":["11"],"ecosystem_specific":{"vanir_signatures":[{"signature_type":"Function","id":"ASB-A-209446496-13ed9dfc","digest":{"length":82,"function_hash":"127039390748364425891178181785151239171"},"signature_version":"v1","deprecated":false,"target":{"function":"SecureNfcEnabler","file":"src/com/android/settings/nfc/SecureNfcEnabler.java"},"source":"https://android.googlesource.com/platform/packages/apps/Settings/+/a579ca7554dcbfd3fce1c90451fb54cb676cfdda"},{"digest":{"threshold":0.9,"line_hashes":["41316701183679083181387877749634756102","41790578179167789807707609587394117715","164918464923637698435955425395342737892","325290779790417954361537207831400346090"]},"deprecated":false,"target":{"file":"src/com/android/settings/connecteddevice/NfcAndPaymentFragment.java"},"signature_version":"v1","signature_type":"Line","id":"ASB-A-209446496-7509c555","source":"https://android.googlesource.com/platform/packages/apps/Settings/+/a579ca7554dcbfd3fce1c90451fb54cb676cfdda"},{"digest":{"length":547,"function_hash":"44364368635206463946580718456940636632"},"target":{"function":"handleNfcStateChanged","file":"src/com/android/settings/nfc/SecureNfcEnabler.java"},"id":"ASB-A-209446496-a9725a5a","signature_version":"v1","match_only_versions":["11"],"signature_type":"Function","deprecated":false,"source":"https://android.googlesource.com/platform/packages/apps/Settings/+/a579ca7554dcbfd3fce1c90451fb54cb676cfdda"},{"digest":{"threshold":0.9,"line_hashes":["24929154912866296258003856795052035698","102985994623774707472884171700885947163","28629836810280458568764820646968600580","157372545684039080746348332028554779667","248037606502086375276121672084761026974","244779512637814176098350952546511676167","91852767605856262281093661707503156980","179424779785096709195201883026574155013","167406583980043863501189067292388973488","226208579727948403648167630623307804907","206422986024070089075164415342025238466","120323037648485951366567017292489195608","222717576057888766947304829867241126022","176716013815801271371011895249285319184","340046370131221628976650780733953479947","24981409069758245919959226956839528696","255288383093687017670599869428382125856","75407180318704451699303769443305508093"]},"deprecated":false,"target":{"file":"src/com/android/settings/nfc/SecureNfcEnabler.java"},"signature_version":"v1","signature_type":"Line","id":"ASB-A-209446496-af069f0a","source":"https://android.googlesource.com/platform/packages/apps/Settings/+/a579ca7554dcbfd3fce1c90451fb54cb676cfdda"}],"fixes":["https://android.googlesource.com/platform/packages/apps/Settings/+/a579ca7554dcbfd3fce1c90451fb54cb676cfdda"],"severity":"High","types":["EoP"],"spl":"2022-04-05"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-209446496.json"}},{"package":{"name":"platform/packages/apps/Settings","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12:0"},{"fixed":"12:2022-04-05"}]}],"versions":["12"],"ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/packages/apps/Settings/+/a579ca7554dcbfd3fce1c90451fb54cb676cfdda"],"vanir_signatures":[{"id":"ASB-A-209446496-3711e05f","digest":{"threshold":0.9,"line_hashes":["24929154912866296258003856795052035698","102985994623774707472884171700885947163","28629836810280458568764820646968600580","157372545684039080746348332028554779667","248037606502086375276121672084761026974","244779512637814176098350952546511676167","91852767605856262281093661707503156980","179424779785096709195201883026574155013","167406583980043863501189067292388973488","226208579727948403648167630623307804907","206422986024070089075164415342025238466","120323037648485951366567017292489195608","222717576057888766947304829867241126022","176716013815801271371011895249285319184","340046370131221628976650780733953479947","24981409069758245919959226956839528696","255288383093687017670599869428382125856","75407180318704451699303769443305508093"]},"target":{"file":"src/com/android/settings/nfc/SecureNfcEnabler.java"},"deprecated":false,"signature_version":"v1","signature_type":"Line","source":"https://android.googlesource.com/platform/packages/apps/Settings/+/a579ca7554dcbfd3fce1c90451fb54cb676cfdda"},{"deprecated":false,"target":{"file":"src/com/android/settings/connecteddevice/NfcAndPaymentFragment.java"},"signature_type":"Line","signature_version":"v1","id":"ASB-A-209446496-37e5e0b6","digest":{"threshold":0.9,"line_hashes":["41316701183679083181387877749634756102","41790578179167789807707609587394117715","164918464923637698435955425395342737892","325290779790417954361537207831400346090"]},"source":"https://android.googlesource.com/platform/packages/apps/Settings/+/a579ca7554dcbfd3fce1c90451fb54cb676cfdda"},{"signature_type":"Function","id":"ASB-A-209446496-98528833","digest":{"length":82,"function_hash":"127039390748364425891178181785151239171"},"deprecated":false,"target":{"function":"SecureNfcEnabler","file":"src/com/android/settings/nfc/SecureNfcEnabler.java"},"signature_version":"v1","source":"https://android.googlesource.com/platform/packages/apps/Settings/+/a579ca7554dcbfd3fce1c90451fb54cb676cfdda"},{"id":"ASB-A-209446496-d1bcc919","digest":{"length":547,"function_hash":"44364368635206463946580718456940636632"},"target":{"function":"handleNfcStateChanged","file":"src/com/android/settings/nfc/SecureNfcEnabler.java"},"signature_version":"v1","match_only_versions":["12"],"signature_type":"Function","deprecated":false,"source":"https://android.googlesource.com/platform/packages/apps/Settings/+/a579ca7554dcbfd3fce1c90451fb54cb676cfdda"}],"severity":"High","types":["EoP"],"spl":"2022-04-05"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-209446496.json"}},{"package":{"name":"platform/packages/apps/Settings","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12L:0"},{"fixed":"12L:2022-04-05"}]}],"versions":["12L"],"ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/packages/apps/Settings/+/a579ca7554dcbfd3fce1c90451fb54cb676cfdda"],"vanir_signatures":[{"id":"ASB-A-209446496-149b0a37","target":{"function":"handleNfcStateChanged","file":"src/com/android/settings/nfc/SecureNfcEnabler.java"},"digest":{"length":547,"function_hash":"44364368635206463946580718456940636632"},"signature_version":"v1","match_only_versions":["12L"],"signature_type":"Function","deprecated":false,"source":"https://android.googlesource.com/platform/packages/apps/Settings/+/a579ca7554dcbfd3fce1c90451fb54cb676cfdda"},{"signature_type":"Line","id":"ASB-A-209446496-1ae95b82","digest":{"threshold":0.9,"line_hashes":["24929154912866296258003856795052035698","102985994623774707472884171700885947163","28629836810280458568764820646968600580","157372545684039080746348332028554779667","248037606502086375276121672084761026974","244779512637814176098350952546511676167","91852767605856262281093661707503156980","179424779785096709195201883026574155013","167406583980043863501189067292388973488","226208579727948403648167630623307804907","206422986024070089075164415342025238466","120323037648485951366567017292489195608","222717576057888766947304829867241126022","176716013815801271371011895249285319184","340046370131221628976650780733953479947","24981409069758245919959226956839528696","255288383093687017670599869428382125856","75407180318704451699303769443305508093"]},"deprecated":false,"target":{"file":"src/com/android/settings/nfc/SecureNfcEnabler.java"},"signature_version":"v1","source":"https://android.googlesource.com/platform/packages/apps/Settings/+/a579ca7554dcbfd3fce1c90451fb54cb676cfdda"},{"deprecated":false,"target":{"file":"src/com/android/settings/connecteddevice/NfcAndPaymentFragment.java"},"signature_type":"Line","signature_version":"v1","id":"ASB-A-209446496-ce9d5563","digest":{"threshold":0.9,"line_hashes":["41316701183679083181387877749634756102","41790578179167789807707609587394117715","164918464923637698435955425395342737892","325290779790417954361537207831400346090"]},"source":"https://android.googlesource.com/platform/packages/apps/Settings/+/a579ca7554dcbfd3fce1c90451fb54cb676cfdda"},{"id":"ASB-A-209446496-fd5fd5b4","digest":{"length":82,"function_hash":"127039390748364425891178181785151239171"},"target":{"function":"SecureNfcEnabler","file":"src/com/android/settings/nfc/SecureNfcEnabler.java"},"deprecated":false,"signature_version":"v1","signature_type":"Function","source":"https://android.googlesource.com/platform/packages/apps/Settings/+/a579ca7554dcbfd3fce1c90451fb54cb676cfdda"}],"severity":"High","types":["EoP"],"spl":"2022-04-05"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-209446496.json"}}],"schema_version":"1.7.5"}