ASB-A-225880325
See a problem?- Import Source
- https://storage.googleapis.com/android-osv/ASB-A-225880325.json
- JSON Data
- https://api.osv.dev/v1/vulns/ASB-A-225880325
- Aliases
-
- A-225880325
- CVE-2023-20971
- PUB-A-225880325
- Published
- 2024-08-01T00:00:00Z
- Modified
- 2024-11-06T12:16:03.231308Z
- Summary
- [none]
- Details
-
In removePermission of PermissionManagerServiceImpl.java, there is a possible way to obtain dangerous permissions without user consent due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
- References
Affected packages
Android / platform/frameworks/base
Package
Ecosystem specific
{
"vanir_signatures": [
{
"digest": {
"length": 552.0,
"function_hash": "175097904346831881255429111086632473640"
},
"id": "ASB-A-225880325-4639037c",
"source": "https://android.googlesource.com/platform/frameworks/base/+/528a87e90ff9354581d54fd37fbe9f95cccbcdb1",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/pm/permission/PermissionManagerServiceImpl.java",
"function": "removePermission"
},
"signature_type": "Function"
},
{
"match_only_versions": [
"14-next"
],
"digest": {
"length": 561.0,
"function_hash": "32121542012993099560012439381062572158"
},
"id": "ASB-A-225880325-6eff2fcd",
"source": "https://android.googlesource.com/platform/frameworks/base/+/0ead58f69f5de82b00406316b333366d556239f1",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/pm/permission/PermissionManagerServiceImpl.java",
"function": "removePermission"
},
"signature_type": "Function"
},
{
"match_only_versions": [
"14-next"
],
"digest": {
"threshold": 0.9,
"line_hashes": [
"249589022416497462940867915054438733893",
"232722225026488737429026988457105817530",
"205992449486788654372145536191581528691",
"181461015334851422260102675675321030541"
]
},
"id": "ASB-A-225880325-701b5968",
"source": "https://android.googlesource.com/platform/frameworks/base/+/0ead58f69f5de82b00406316b333366d556239f1",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/pm/permission/PermissionManagerServiceImpl.java"
},
"signature_type": "Line"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"205992449486788654372145536191581528691",
"84920920381514802046653589203483262959",
"39433141656619788838867682029677786107",
"28484308096576128347231381074450762061"
]
},
"id": "ASB-A-225880325-898a1814",
"source": "https://android.googlesource.com/platform/frameworks/base/+/528a87e90ff9354581d54fd37fbe9f95cccbcdb1",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/pm/permission/PermissionManagerServiceImpl.java"
},
"signature_type": "Line"
}
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/528a87e90ff9354581d54fd37fbe9f95cccbcdb1",
"https://android.googlesource.com/platform/frameworks/base/+/0ead58f69f5de82b00406316b333366d556239f1"
],
"spl": "2024-08-01",
"severity": "High",
"types": [
"EoP"
]
}
Android / platform/frameworks/base
Package
Ecosystem specific
{
"vanir_signatures": [
{
"digest": {
"length": 543.0,
"function_hash": "30142222829527302351893261236084033085"
},
"id": "ASB-A-225880325-819faea4",
"source": "https://android.googlesource.com/platform/frameworks/base/+/2b5d63b64b2b8208ccc4f62eac3d8962f981dbf8",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/pm/permission/PermissionManagerService.java",
"function": "removePermission"
},
"signature_type": "Function"
},
{
"digest": {
"length": 552.0,
"function_hash": "225976818360182043641623251115356041903"
},
"id": "ASB-A-225880325-b599a43c",
"source": "https://android.googlesource.com/platform/frameworks/base/+/35d77a77feef62dc108f6478cb9228cc6044f70d",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/pm/permission/PermissionManagerService.java",
"function": "removePermission"
},
"signature_type": "Function"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"205992449486788654372145536191581528691",
"84920920381514802046653589203483262959",
"39433141656619788838867682029677786107",
"28484308096576128347231381074450762061"
]
},
"id": "ASB-A-225880325-b74ec24b",
"source": "https://android.googlesource.com/platform/frameworks/base/+/2b5d63b64b2b8208ccc4f62eac3d8962f981dbf8",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/pm/permission/PermissionManagerService.java"
},
"signature_type": "Line"
},
{
"match_only_versions": [
"12"
],
"digest": {
"threshold": 0.9,
"line_hashes": [
"249589022416497462940867915054438733893",
"232722225026488737429026988457105817530",
"205992449486788654372145536191581528691",
"181461015334851422260102675675321030541"
]
},
"id": "ASB-A-225880325-fe23d68c",
"source": "https://android.googlesource.com/platform/frameworks/base/+/35d77a77feef62dc108f6478cb9228cc6044f70d",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/pm/permission/PermissionManagerService.java"
},
"signature_type": "Line"
}
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/2b5d63b64b2b8208ccc4f62eac3d8962f981dbf8",
"https://android.googlesource.com/platform/frameworks/base/+/35d77a77feef62dc108f6478cb9228cc6044f70d"
],
"spl": "2024-08-01",
"severity": "High",
"types": [
"EoP"
]
}
Android / platform/frameworks/base
Package
Ecosystem specific
{
"vanir_signatures": [
{
"digest": {
"length": 552.0,
"function_hash": "225976818360182043641623251115356041903"
},
"id": "ASB-A-225880325-05827c8e",
"source": "https://android.googlesource.com/platform/frameworks/base/+/35d77a77feef62dc108f6478cb9228cc6044f70d",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/pm/permission/PermissionManagerService.java",
"function": "removePermission"
},
"signature_type": "Function"
},
{
"digest": {
"length": 543.0,
"function_hash": "30142222829527302351893261236084033085"
},
"id": "ASB-A-225880325-06711be9",
"source": "https://android.googlesource.com/platform/frameworks/base/+/2b5d63b64b2b8208ccc4f62eac3d8962f981dbf8",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/pm/permission/PermissionManagerService.java",
"function": "removePermission"
},
"signature_type": "Function"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"205992449486788654372145536191581528691",
"84920920381514802046653589203483262959",
"39433141656619788838867682029677786107",
"28484308096576128347231381074450762061"
]
},
"id": "ASB-A-225880325-4605766e",
"source": "https://android.googlesource.com/platform/frameworks/base/+/2b5d63b64b2b8208ccc4f62eac3d8962f981dbf8",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/pm/permission/PermissionManagerService.java"
},
"signature_type": "Line"
},
{
"match_only_versions": [
"12L"
],
"digest": {
"threshold": 0.9,
"line_hashes": [
"249589022416497462940867915054438733893",
"232722225026488737429026988457105817530",
"205992449486788654372145536191581528691",
"181461015334851422260102675675321030541"
]
},
"id": "ASB-A-225880325-77a6cbcb",
"source": "https://android.googlesource.com/platform/frameworks/base/+/35d77a77feef62dc108f6478cb9228cc6044f70d",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/pm/permission/PermissionManagerService.java"
},
"signature_type": "Line"
}
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/2b5d63b64b2b8208ccc4f62eac3d8962f981dbf8",
"https://android.googlesource.com/platform/frameworks/base/+/35d77a77feef62dc108f6478cb9228cc6044f70d"
],
"spl": "2024-08-01",
"severity": "High",
"types": [
"EoP"
]
}
Android / platform/frameworks/base
Package
Ecosystem specific
{
"vanir_signatures": [
{
"match_only_versions": [
"13"
],
"digest": {
"length": 561.0,
"function_hash": "32121542012993099560012439381062572158"
},
"id": "ASB-A-225880325-1e667bbf",
"source": "https://android.googlesource.com/platform/frameworks/base/+/0ead58f69f5de82b00406316b333366d556239f1",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/pm/permission/PermissionManagerServiceImpl.java",
"function": "removePermission"
},
"signature_type": "Function"
},
{
"match_only_versions": [
"13"
],
"digest": {
"threshold": 0.9,
"line_hashes": [
"249589022416497462940867915054438733893",
"232722225026488737429026988457105817530",
"205992449486788654372145536191581528691",
"181461015334851422260102675675321030541"
]
},
"id": "ASB-A-225880325-dbb47310",
"source": "https://android.googlesource.com/platform/frameworks/base/+/0ead58f69f5de82b00406316b333366d556239f1",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/pm/permission/PermissionManagerServiceImpl.java"
},
"signature_type": "Line"
},
{
"digest": {
"length": 552.0,
"function_hash": "175097904346831881255429111086632473640"
},
"id": "ASB-A-225880325-eb6e1d86",
"source": "https://android.googlesource.com/platform/frameworks/base/+/528a87e90ff9354581d54fd37fbe9f95cccbcdb1",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/pm/permission/PermissionManagerServiceImpl.java",
"function": "removePermission"
},
"signature_type": "Function"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"205992449486788654372145536191581528691",
"84920920381514802046653589203483262959",
"39433141656619788838867682029677786107",
"28484308096576128347231381074450762061"
]
},
"id": "ASB-A-225880325-fc9eae5d",
"source": "https://android.googlesource.com/platform/frameworks/base/+/528a87e90ff9354581d54fd37fbe9f95cccbcdb1",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/pm/permission/PermissionManagerServiceImpl.java"
},
"signature_type": "Line"
}
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/528a87e90ff9354581d54fd37fbe9f95cccbcdb1",
"https://android.googlesource.com/platform/frameworks/base/+/0ead58f69f5de82b00406316b333366d556239f1"
],
"spl": "2024-08-01",
"severity": "High",
"types": [
"EoP"
]
}
Android / platform/frameworks/base
Package
Ecosystem specific
{
"vanir_signatures": [
{
"digest": {
"length": 552.0,
"function_hash": "175097904346831881255429111086632473640"
},
"id": "ASB-A-225880325-65b6269d",
"source": "https://android.googlesource.com/platform/frameworks/base/+/528a87e90ff9354581d54fd37fbe9f95cccbcdb1",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/pm/permission/PermissionManagerServiceImpl.java",
"function": "removePermission"
},
"signature_type": "Function"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"205992449486788654372145536191581528691",
"84920920381514802046653589203483262959",
"39433141656619788838867682029677786107",
"28484308096576128347231381074450762061"
]
},
"id": "ASB-A-225880325-975db5e5",
"source": "https://android.googlesource.com/platform/frameworks/base/+/528a87e90ff9354581d54fd37fbe9f95cccbcdb1",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/pm/permission/PermissionManagerServiceImpl.java"
},
"signature_type": "Line"
}
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/528a87e90ff9354581d54fd37fbe9f95cccbcdb1"
],
"spl": "2024-08-01",
"severity": "High",
"types": [
"EoP"
]
}