ASB-A-223376078
See a problem?- Import Source
- https://storage.googleapis.com/android-osv/ASB-A-223376078.json
- JSON Data
- https://api.osv.dev/v1/vulns/ASB-A-223376078
- Aliases
-
- A-223376078
- CVE-2023-21266
- Published
- 2024-06-01T00:00:00Z
- Modified
- 2024-08-07T19:29:42.084167Z
- Summary
- [There are two problems with killBackgroundProcesses in ActivityManager]
- Details
-
In multiple functions of ActivityManagerService.java, there is a possible way to escape Google Play protection due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
- References
Affected packages
Android / platform/frameworks/base
Package
Ecosystem specific
{
"vanir_signatures": [
{
"digest": {
"length": 859.0,
"function_hash": "227576980877758049592084209990393096484"
},
"id": "ASB-A-223376078-5041856d",
"source": "https://android.googlesource.com/platform/frameworks/base/+/e8979d4c43221eeb46fa8ac6b17ebc438a08b880",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/am/ActivityManagerService.java",
"function": "killAllBackgroundProcesses"
},
"signature_type": "Function"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"180222447302147093724038833723420185000",
"138046527053100698162924536007233141369",
"215895439822122040064588537648521246962",
"179015822781338252125439961998627563287",
"287846519602658457317977500044285736205",
"261022993825299625157089475944244509102",
"5838536357105049900293533743382067165",
"240831342653999003049528293531445422017",
"225547972021709016540301283842116613957",
"165083348173052798410310444957254517582",
"56958771891902759258755927561806682256",
"236046396006761952158550640172646453712",
"134400372078527239559131197916806385432",
"129853143300071063628701197427677866794",
"258805955643870629354867108097123259164",
"190164849816369518547281438040537794615",
"180222447302147093724038833723420185000",
"331711399178763147665840574343858152646",
"39007338264056108594814851468233819624",
"195858136514158781062160817048378385712",
"215721608436137209038713237486249944603",
"62612605819244149739453447100260688044",
"181665550520368652483927299499097480964",
"190164849816369518547281438040537794615",
"180222447302147093724038833723420185000"
]
},
"id": "ASB-A-223376078-685849f9",
"source": "https://android.googlesource.com/platform/frameworks/base/+/e8979d4c43221eeb46fa8ac6b17ebc438a08b880",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/am/ActivityManagerService.java"
},
"signature_type": "Line"
},
{
"digest": {
"length": 1441.0,
"function_hash": "21987596807156432803035613757090721243"
},
"id": "ASB-A-223376078-d6fce354",
"source": "https://android.googlesource.com/platform/frameworks/base/+/e8979d4c43221eeb46fa8ac6b17ebc438a08b880",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/am/ActivityManagerService.java",
"function": "killBackgroundProcesses"
},
"signature_type": "Function"
},
{
"match_only_versions": [
"14-next"
],
"digest": {
"length": 645.0,
"function_hash": "10245987990758585743201090390617945599"
},
"id": "ASB-A-223376078-e48dfbcc",
"source": "https://android.googlesource.com/platform/frameworks/base/+/e8979d4c43221eeb46fa8ac6b17ebc438a08b880",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/am/ActivityManagerService.java",
"function": "killAllBackgroundProcessesExcept"
},
"signature_type": "Function"
}
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/e8979d4c43221eeb46fa8ac6b17ebc438a08b880"
],
"spl": "2024-06-01",
"severity": "High",
"types": [
"EoP"
]
}
Android / platform/frameworks/base
Package
Ecosystem specific
{
"vanir_signatures": [
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"180222447302147093724038833723420185000",
"138046527053100698162924536007233141369",
"215895439822122040064588537648521246962",
"179015822781338252125439961998627563287",
"287846519602658457317977500044285736205",
"261022993825299625157089475944244509102",
"5838536357105049900293533743382067165",
"240831342653999003049528293531445422017",
"225547972021709016540301283842116613957",
"264193851851443235165197199486177635902",
"143141742288951330891334119853284700593",
"307463701147309285898723655593408776347"
]
},
"id": "ASB-A-223376078-6989749a",
"source": "https://android.googlesource.com/platform/frameworks/base/+/d1c95670b248df945784b0f2830acf83b5682de3",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/am/ActivityManagerService.java"
},
"signature_type": "Line"
},
{
"digest": {
"length": 1433.0,
"function_hash": "281643721677604954946173905312083874751"
},
"id": "ASB-A-223376078-9fdf80a8",
"source": "https://android.googlesource.com/platform/frameworks/base/+/d1c95670b248df945784b0f2830acf83b5682de3",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/am/ActivityManagerService.java",
"function": "killBackgroundProcesses"
},
"signature_type": "Function"
},
{
"digest": {
"length": 851.0,
"function_hash": "236997851916088985121596277814146299074"
},
"id": "ASB-A-223376078-d34951bf",
"source": "https://android.googlesource.com/platform/frameworks/base/+/140fce861944419a375c669010c6c47cd7ff5b37",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/am/ActivityManagerService.java",
"function": "killAllBackgroundProcesses"
},
"signature_type": "Function"
},
{
"digest": {
"length": 1075.0,
"function_hash": "116224517810085530998490965234543771027"
},
"id": "ASB-A-223376078-f7c337d9",
"source": "https://android.googlesource.com/platform/frameworks/base/+/140fce861944419a375c669010c6c47cd7ff5b37",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/am/ActivityManagerService.java",
"function": "killAllBackgroundProcessesExcept"
},
"signature_type": "Function"
}
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/d1c95670b248df945784b0f2830acf83b5682de3",
"https://android.googlesource.com/platform/frameworks/base/+/140fce861944419a375c669010c6c47cd7ff5b37"
],
"spl": "2024-06-01",
"severity": "High",
"types": [
"EoP"
]
}
Android / platform/frameworks/base
Package
Ecosystem specific
{
"vanir_signatures": [
{
"digest": {
"length": 1075.0,
"function_hash": "116224517810085530998490965234543771027"
},
"id": "ASB-A-223376078-17c2381b",
"source": "https://android.googlesource.com/platform/frameworks/base/+/9a14267036edef6224a7418f92b9d3f88f2ac5b7",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/am/ActivityManagerService.java",
"function": "killAllBackgroundProcessesExcept"
},
"signature_type": "Function"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"180222447302147093724038833723420185000",
"138046527053100698162924536007233141369",
"215895439822122040064588537648521246962",
"179015822781338252125439961998627563287",
"287846519602658457317977500044285736205",
"261022993825299625157089475944244509102",
"5838536357105049900293533743382067165",
"240831342653999003049528293531445422017",
"225547972021709016540301283842116613957",
"264193851851443235165197199486177635902",
"143141742288951330891334119853284700593",
"307463701147309285898723655593408776347"
]
},
"id": "ASB-A-223376078-73a49e66",
"source": "https://android.googlesource.com/platform/frameworks/base/+/f5943a364164f5d88cac42df7a7749a205932e7c",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/am/ActivityManagerService.java"
},
"signature_type": "Line"
},
{
"digest": {
"length": 851.0,
"function_hash": "236997851916088985121596277814146299074"
},
"id": "ASB-A-223376078-80cede86",
"source": "https://android.googlesource.com/platform/frameworks/base/+/9a14267036edef6224a7418f92b9d3f88f2ac5b7",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/am/ActivityManagerService.java",
"function": "killAllBackgroundProcesses"
},
"signature_type": "Function"
},
{
"digest": {
"length": 1433.0,
"function_hash": "281643721677604954946173905312083874751"
},
"id": "ASB-A-223376078-a5508528",
"source": "https://android.googlesource.com/platform/frameworks/base/+/f5943a364164f5d88cac42df7a7749a205932e7c",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/am/ActivityManagerService.java",
"function": "killBackgroundProcesses"
},
"signature_type": "Function"
}
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/f5943a364164f5d88cac42df7a7749a205932e7c",
"https://android.googlesource.com/platform/frameworks/base/+/9a14267036edef6224a7418f92b9d3f88f2ac5b7"
],
"spl": "2024-06-01",
"severity": "High",
"types": [
"EoP"
]
}
Android / platform/frameworks/base
Package
Ecosystem specific
{
"vanir_signatures": [
{
"digest": {
"length": 1441.0,
"function_hash": "21987596807156432803035613757090721243"
},
"id": "ASB-A-223376078-7b2409c4",
"source": "https://android.googlesource.com/platform/frameworks/base/+/fa94ce5c7738e449cb6bd68c77af4858018e49e0",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/am/ActivityManagerService.java",
"function": "killBackgroundProcesses"
},
"signature_type": "Function"
},
{
"digest": {
"length": 859.0,
"function_hash": "227576980877758049592084209990393096484"
},
"id": "ASB-A-223376078-9dfe0b37",
"source": "https://android.googlesource.com/platform/frameworks/base/+/fa94ce5c7738e449cb6bd68c77af4858018e49e0",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/am/ActivityManagerService.java",
"function": "killAllBackgroundProcesses"
},
"signature_type": "Function"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"180222447302147093724038833723420185000",
"138046527053100698162924536007233141369",
"215895439822122040064588537648521246962",
"179015822781338252125439961998627563287",
"287846519602658457317977500044285736205",
"261022993825299625157089475944244509102",
"5838536357105049900293533743382067165",
"240831342653999003049528293531445422017",
"225547972021709016540301283842116613957",
"264193851851443235165197199486177635902",
"143141742288951330891334119853284700593",
"307463701147309285898723655593408776347"
]
},
"id": "ASB-A-223376078-a50e0a08",
"source": "https://android.googlesource.com/platform/frameworks/base/+/fa94ce5c7738e449cb6bd68c77af4858018e49e0",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/am/ActivityManagerService.java"
},
"signature_type": "Line"
}
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/fa94ce5c7738e449cb6bd68c77af4858018e49e0"
],
"spl": "2024-06-01",
"severity": "High",
"types": [
"EoP"
]
}