{"id":"PUB-A-189858128","details":"In setApplicationCategoryHint of PackageManagerService.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-189858128","CVE-2021-1009"],"modified":"2026-05-29T15:55:33.750044621Z","published":"2021-12-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2021-12-01"},{"type":"FIX","url":"https://android.googlesource.com/platform/frameworks/base/+/3d79d7e4e40c779b83a9c8b610e8232226c05c2c"}],"affected":[{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12:0"},{"fixed":"12:2021-12-01"}]}],"versions":["12"],"ecosystem_specific":{"vanir_signatures":[{"digest":{"length":472,"function_hash":"176921896306934069615062367523586273886"},"target":{"function":"enforceOwnerRights","file":"services/core/java/com/android/server/pm/PackageManagerService.java"},"signature_version":"v1","signature_type":"Function","id":"PUB-A-189858128-250b3ebb","deprecated":false,"source":"https://android.googlesource.com/platform/frameworks/base/+/3d79d7e4e40c779b83a9c8b610e8232226c05c2c"},{"digest":{"line_hashes":["56690733406156770103558641024776011421","50765988801835248604431004618949486510","168612600982841018000740806217268744386","211390870315450772947803373664276922764","262257363236931130244546111038144816400","8235105133399694151163489370133499119","276342484624574436368480538422176075917","7106495456416142877221349011313845131","29058257612774792469559714736430289533","90010113456944015877831085561067831081","155807318559137295414018054200975069660","280429238330737788793702719727180417444","196682325295961452675839829913992517914","310591669657915724847005733591445671326","265959774021551676513783564144112177436","29906584385586696915634874469217379858","146709867825320318322157342616420703735","303757265181070451336852511131863662064","140715371038663018313008428582863582352","211381962111348284439631806052542016057","196176731609111560153103609021437582648","77240265927187974209292242298819486036","213129095339004811630794553552057813710","11740028234786729871383605510795462323","172978189410694208788984948556600239876","13474650814656849543671331730109254414","21200261099584008308714144740643365442"],"threshold":0.9},"id":"PUB-A-189858128-46d66de4","signature_type":"Line","signature_version":"v1","deprecated":false,"target":{"file":"services/core/java/com/android/server/pm/PackageManagerService.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/3d79d7e4e40c779b83a9c8b610e8232226c05c2c"},{"digest":{"length":180,"function_hash":"313152028859633380311040497320361020316"},"target":{"function":"setMimeGroup","file":"services/core/java/com/android/server/pm/PackageManagerService.java"},"deprecated":false,"signature_version":"v1","signature_type":"Function","id":"PUB-A-189858128-546920be","source":"https://android.googlesource.com/platform/frameworks/base/+/3d79d7e4e40c779b83a9c8b610e8232226c05c2c"},{"digest":{"length":109,"function_hash":"228856937219168462937424260969375800742"},"target":{"function":"getMimeGroup","file":"services/core/java/com/android/server/pm/PackageManagerService.java"},"signature_version":"v1","signature_type":"Function","id":"PUB-A-189858128-f1be9613","deprecated":false,"source":"https://android.googlesource.com/platform/frameworks/base/+/3d79d7e4e40c779b83a9c8b610e8232226c05c2c"}],"spl":"2021-12-01","fixes":["https://android.googlesource.com/platform/frameworks/base/+/3d79d7e4e40c779b83a9c8b610e8232226c05c2c"],"types":["ID"],"severity":"Moderate"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/PUB-A-189858128.json"}}],"schema_version":"1.7.5"}