{"id":"ASB-A-209966086","details":"In createNotificationChannelGroup of PreferencesHelper.java, there is a possible way for a service to run in foreground without user notification due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-209966086","CVE-2021-39808"],"modified":"2026-05-26T15:46:26.044149249Z","published":"2022-04-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2022-04-01"},{"type":"FIX","url":"https://android.googlesource.com/platform/frameworks/base/+/45b4a71f5cc366c338c1ceb217a602960fd31401"}],"affected":[{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"10:0"},{"fixed":"10:2022-04-01"}]}],"versions":["10"],"ecosystem_specific":{"spl":"2022-04-01","vanir_signatures":[{"id":"ASB-A-209966086-1d10ebfb","signature_type":"Line","target":{"file":"services/core/java/com/android/server/notification/PreferencesHelper.java"},"signature_version":"v1","deprecated":false,"digest":{"line_hashes":["8034113556860625068291420687499382141","239666131919380600346909992204352177892","72580951798790837860818645827444303746","315998510452549566250257768656486569262"],"threshold":0.9},"source":"https://android.googlesource.com/platform/frameworks/base/+/b993531c0da0b2f2076bc83af7591c7df8bfb2cb"},{"target":{"function":"createNotificationChannelGroup","file":"services/core/java/com/android/server/notification/PreferencesHelper.java"},"signature_type":"Function","id":"ASB-A-209966086-60cd024a","signature_version":"v1","deprecated":false,"digest":{"function_hash":"31639584228568034920351185014605141412","length":1037},"source":"https://android.googlesource.com/platform/frameworks/base/+/b993531c0da0b2f2076bc83af7591c7df8bfb2cb"}],"fixes":["https://android.googlesource.com/platform/frameworks/base/+/b993531c0da0b2f2076bc83af7591c7df8bfb2cb"],"types":["EoP"],"severity":"High"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-209966086.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"11:0"},{"fixed":"11:2022-04-01"}]}],"versions":["11"],"ecosystem_specific":{"spl":"2022-04-01","vanir_signatures":[{"id":"ASB-A-209966086-2abbc688","signature_type":"Function","target":{"function":"createNotificationChannelGroup","file":"services/core/java/com/android/server/notification/PreferencesHelper.java"},"signature_version":"v1","source":"https://android.googlesource.com/platform/frameworks/base/+/c5b545329fad3da10a6640995f6110013ad8ff5a","digest":{"function_hash":"176254787725988691653872241621671528991","length":1133},"deprecated":false},{"target":{"file":"services/core/java/com/android/server/notification/PreferencesHelper.java"},"signature_type":"Line","id":"ASB-A-209966086-c21af7b9","signature_version":"v1","deprecated":false,"digest":{"line_hashes":["8034113556860625068291420687499382141","239666131919380600346909992204352177892","21565954296713538785385233326448754542","128689527619691914233002559843408420120"],"threshold":0.9},"source":"https://android.googlesource.com/platform/frameworks/base/+/c5b545329fad3da10a6640995f6110013ad8ff5a"}],"types":["EoP"],"fixes":["https://android.googlesource.com/platform/frameworks/base/+/c5b545329fad3da10a6640995f6110013ad8ff5a"],"severity":"High"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-209966086.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12:0"},{"fixed":"12:2022-04-01"}]}],"versions":["12"],"ecosystem_specific":{"spl":"2022-04-01","vanir_signatures":[{"id":"ASB-A-209966086-83929a37","signature_type":"Function","target":{"function":"createNotificationChannelGroup","file":"services/core/java/com/android/server/notification/PreferencesHelper.java"},"signature_version":"v1","deprecated":false,"digest":{"function_hash":"233863245938784713369862393652011606556","length":1109},"source":"https://android.googlesource.com/platform/frameworks/base/+/119d8e1b284964e9934c073dcf4d750daed78b1a"},{"id":"ASB-A-209966086-be771c85","signature_type":"Line","target":{"file":"services/core/java/com/android/server/notification/PreferencesHelper.java"},"signature_version":"v1","source":"https://android.googlesource.com/platform/frameworks/base/+/119d8e1b284964e9934c073dcf4d750daed78b1a","digest":{"line_hashes":["8034113556860625068291420687499382141","239666131919380600346909992204352177892","21565954296713538785385233326448754542","128689527619691914233002559843408420120"],"threshold":0.9},"deprecated":false}],"fixes":["https://android.googlesource.com/platform/frameworks/base/+/119d8e1b284964e9934c073dcf4d750daed78b1a"],"types":["EoP"],"severity":"High"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-209966086.json"}}],"schema_version":"1.7.5"}