ASB-A-230492947
See a problem?- Import Source
- https://storage.googleapis.com/android-osv/ASB-A-230492947.json
- JSON Data
- https://api.osv.dev/v1/vulns/ASB-A-230492947
- Aliases
-
- A-230492947
- CVE-2024-0036
- Published
- 2024-02-01T00:00:00Z
- Modified
- 2025-07-14T14:59:53.514521Z
- Summary
- [none]
- Details
-
In startNextMatchingActivity of ActivityTaskManagerService.java, there is a possible way to bypass the restrictions on starting activities from the background due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
- References
Affected packages
Android / platform/frameworks/base
Package
Ecosystem specific
{
"types": [
"EoP"
],
"severity": "High",
"vanir_signatures": [
{
"digest": {
"function_hash": "19449996417798360393601174700087878694",
"length": 2840.0
},
"id": "ASB-A-230492947-3ad4ddf9",
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/e3c537ddea5ce8b28eeb89300ef602753cfe42a4",
"signature_version": "v1",
"signature_type": "Function",
"target": {
"file": "services/core/java/com/android/server/wm/ActivityTaskManagerService.java",
"function": "startNextMatchingActivity"
}
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"120415229720468996380690857990573363595",
"327094437813866272250379025753693221449",
"339779152981538331835857088783300759202",
"177809087579538070238245537243034007378",
"269362116107589722058194574776708902081",
"53221371259381438459360905865126339575",
"155046736446939757154999034983477504036",
"64531953434324119995642499705604382882",
"333516042649489253463512250328517668790",
"311103090027810912653217446501431600245",
"311545419293262592779433611898598004330",
"64422315487152615121553626652131733082",
"233392774852901342234222876334376782423",
"143294482730940875398179024393826938036",
"266500950927352471030922760289034248797",
"252846042200044892050975798432609940730",
"90207434361406056614086818647479925625",
"185862110004074570606214595902031691087",
"178893089860124311825482289135588465674",
"83319913446240958768843604548327352688",
"218699958079514764527020125622997144089",
"306813342855486788261924650826877786723",
"105135349804760838859480469610730392589",
"102715412356406950219770955940244365114",
"254559775657009495532498420085276850740"
]
},
"id": "ASB-A-230492947-942d555f",
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/e3c537ddea5ce8b28eeb89300ef602753cfe42a4",
"signature_version": "v1",
"signature_type": "Line",
"target": {
"file": "services/core/java/com/android/server/wm/ActivityTaskManagerService.java"
}
}
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/e3c537ddea5ce8b28eeb89300ef602753cfe42a4"
],
"spl": "2024-02-01"
}
Android / platform/frameworks/base
Package
Ecosystem specific
{
"types": [
"EoP"
],
"severity": "High",
"vanir_signatures": [
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"120415229720468996380690857990573363595",
"327094437813866272250379025753693221449",
"339779152981538331835857088783300759202",
"177809087579538070238245537243034007378",
"269362116107589722058194574776708902081",
"211120903689026081872699511213836936458",
"177518341316800841019033746497660654053",
"90441556475865503974638013575629514139",
"274750268841000127607454789105091675295",
"311103090027810912653217446501431600245",
"311545419293262592779433611898598004330",
"64422315487152615121553626652131733082",
"233392774852901342234222876334376782423",
"143294482730940875398179024393826938036",
"266500950927352471030922760289034248797",
"252846042200044892050975798432609940730",
"90207434361406056614086818647479925625",
"185862110004074570606214595902031691087",
"178893089860124311825482289135588465674",
"83319913446240958768843604548327352688",
"218699958079514764527020125622997144089",
"306813342855486788261924650826877786723",
"105135349804760838859480469610730392589",
"102715412356406950219770955940244365114",
"187592578516121496378792813621002668412"
]
},
"id": "ASB-A-230492947-5244fe62",
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/d8368be4f8fb7019ea24b4798f029301c704092c",
"signature_version": "v1",
"signature_type": "Line",
"target": {
"file": "services/core/java/com/android/server/wm/ActivityTaskManagerService.java"
}
},
{
"digest": {
"function_hash": "37162690762240711687969860934366843072",
"length": 2843.0
},
"id": "ASB-A-230492947-8fad7864",
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/d8368be4f8fb7019ea24b4798f029301c704092c",
"signature_version": "v1",
"signature_type": "Function",
"target": {
"file": "services/core/java/com/android/server/wm/ActivityTaskManagerService.java",
"function": "startNextMatchingActivity"
}
}
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/d8368be4f8fb7019ea24b4798f029301c704092c"
],
"spl": "2024-02-01"
}
Android / platform/frameworks/base
Package
Ecosystem specific
{
"types": [
"EoP"
],
"severity": "High",
"vanir_signatures": [
{
"digest": {
"function_hash": "37162690762240711687969860934366843072",
"length": 2843.0
},
"id": "ASB-A-230492947-8f085166",
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/d54a64bdf71d1c91542b6885149fd176622ad0b4",
"signature_version": "v1",
"signature_type": "Function",
"target": {
"file": "services/core/java/com/android/server/wm/ActivityTaskManagerService.java",
"function": "startNextMatchingActivity"
}
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"120415229720468996380690857990573363595",
"327094437813866272250379025753693221449",
"339779152981538331835857088783300759202",
"177809087579538070238245537243034007378",
"269362116107589722058194574776708902081",
"211120903689026081872699511213836936458",
"177518341316800841019033746497660654053",
"90441556475865503974638013575629514139",
"274750268841000127607454789105091675295",
"311103090027810912653217446501431600245",
"311545419293262592779433611898598004330",
"64422315487152615121553626652131733082",
"233392774852901342234222876334376782423",
"143294482730940875398179024393826938036",
"266500950927352471030922760289034248797",
"252846042200044892050975798432609940730",
"90207434361406056614086818647479925625",
"185862110004074570606214595902031691087",
"178893089860124311825482289135588465674",
"83319913446240958768843604548327352688",
"218699958079514764527020125622997144089",
"306813342855486788261924650826877786723",
"105135349804760838859480469610730392589",
"102715412356406950219770955940244365114",
"187592578516121496378792813621002668412"
]
},
"id": "ASB-A-230492947-aa032262",
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/d54a64bdf71d1c91542b6885149fd176622ad0b4",
"signature_version": "v1",
"signature_type": "Line",
"target": {
"file": "services/core/java/com/android/server/wm/ActivityTaskManagerService.java"
}
}
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/d54a64bdf71d1c91542b6885149fd176622ad0b4"
],
"spl": "2024-02-01"
}
Android / platform/frameworks/base
Package
Ecosystem specific
{
"types": [
"EoP"
],
"severity": "High",
"vanir_signatures": [
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"120415229720468996380690857990573363595",
"327094437813866272250379025753693221449",
"339779152981538331835857088783300759202",
"177809087579538070238245537243034007378",
"269362116107589722058194574776708902081",
"211120903689026081872699511213836936458",
"177518341316800841019033746497660654053",
"90441556475865503974638013575629514139",
"274750268841000127607454789105091675295",
"311103090027810912653217446501431600245",
"311545419293262592779433611898598004330",
"64422315487152615121553626652131733082",
"233392774852901342234222876334376782423",
"143294482730940875398179024393826938036",
"266500950927352471030922760289034248797",
"252846042200044892050975798432609940730",
"90207434361406056614086818647479925625",
"185862110004074570606214595902031691087",
"178893089860124311825482289135588465674",
"83319913446240958768843604548327352688",
"218699958079514764527020125622997144089",
"306813342855486788261924650826877786723",
"105135349804760838859480469610730392589",
"102715412356406950219770955940244365114",
"187592578516121496378792813621002668412"
]
},
"id": "ASB-A-230492947-274cd1e9",
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/d54a64bdf71d1c91542b6885149fd176622ad0b4",
"signature_version": "v1",
"signature_type": "Line",
"target": {
"file": "services/core/java/com/android/server/wm/ActivityTaskManagerService.java"
}
},
{
"digest": {
"function_hash": "37162690762240711687969860934366843072",
"length": 2843.0
},
"id": "ASB-A-230492947-dccbf8c3",
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/d54a64bdf71d1c91542b6885149fd176622ad0b4",
"signature_version": "v1",
"signature_type": "Function",
"target": {
"file": "services/core/java/com/android/server/wm/ActivityTaskManagerService.java",
"function": "startNextMatchingActivity"
}
}
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/d54a64bdf71d1c91542b6885149fd176622ad0b4"
],
"spl": "2024-02-01"
}
Android / platform/frameworks/base
Package
Ecosystem specific
{
"types": [
"EoP"
],
"severity": "High",
"vanir_signatures": [
{
"digest": {
"function_hash": "19449996417798360393601174700087878694",
"length": 2840.0
},
"id": "ASB-A-230492947-32408ac1",
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/3e9da3ec4705b072dbe8a10e8ffc841f4928381c",
"signature_version": "v1",
"signature_type": "Function",
"target": {
"file": "services/core/java/com/android/server/wm/ActivityTaskManagerService.java",
"function": "startNextMatchingActivity"
}
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"120415229720468996380690857990573363595",
"327094437813866272250379025753693221449",
"339779152981538331835857088783300759202",
"177809087579538070238245537243034007378",
"269362116107589722058194574776708902081",
"53221371259381438459360905865126339575",
"155046736446939757154999034983477504036",
"64531953434324119995642499705604382882",
"333516042649489253463512250328517668790",
"311103090027810912653217446501431600245",
"311545419293262592779433611898598004330",
"64422315487152615121553626652131733082",
"233392774852901342234222876334376782423",
"143294482730940875398179024393826938036",
"266500950927352471030922760289034248797",
"252846042200044892050975798432609940730",
"90207434361406056614086818647479925625",
"185862110004074570606214595902031691087",
"178893089860124311825482289135588465674",
"83319913446240958768843604548327352688",
"218699958079514764527020125622997144089",
"306813342855486788261924650826877786723",
"105135349804760838859480469610730392589",
"102715412356406950219770955940244365114",
"254559775657009495532498420085276850740"
]
},
"id": "ASB-A-230492947-9fe62e07",
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/3e9da3ec4705b072dbe8a10e8ffc841f4928381c",
"signature_version": "v1",
"signature_type": "Line",
"target": {
"file": "services/core/java/com/android/server/wm/ActivityTaskManagerService.java"
}
}
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/3e9da3ec4705b072dbe8a10e8ffc841f4928381c"
],
"spl": "2024-02-01"
}
Android / platform/frameworks/base
Package
Ecosystem specific
{
"types": [
"EoP"
],
"severity": "High",
"vanir_signatures": [
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"120415229720468996380690857990573363595",
"327094437813866272250379025753693221449",
"339779152981538331835857088783300759202",
"177809087579538070238245537243034007378",
"90207434361406056614086818647479925625",
"185862110004074570606214595902031691087",
"178893089860124311825482289135588465674",
"83319913446240958768843604548327352688",
"218699958079514764527020125622997144089",
"306813342855486788261924650826877786723",
"105135349804760838859480469610730392589",
"102715412356406950219770955940244365114",
"254559775657009495532498420085276850740"
]
},
"id": "ASB-A-230492947-d2a3431f",
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/e1edaa27ea2f6911977556c5bba876a2319d5e2d",
"signature_version": "v1",
"signature_type": "Line",
"target": {
"file": "services/core/java/com/android/server/wm/ActivityTaskManagerService.java"
}
},
{
"digest": {
"function_hash": "19449996417798360393601174700087878694",
"length": 2840.0
},
"id": "ASB-A-230492947-e4ce0a98",
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/e1edaa27ea2f6911977556c5bba876a2319d5e2d",
"signature_version": "v1",
"signature_type": "Function",
"target": {
"file": "services/core/java/com/android/server/wm/ActivityTaskManagerService.java",
"function": "startNextMatchingActivity"
}
}
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/e1edaa27ea2f6911977556c5bba876a2319d5e2d"
],
"spl": "2024-02-01"
}