ASB-A-240267890

See a problem?
Import Source
https://storage.googleapis.com/android-osv/ASB-A-240267890.json
JSON Data
https://api.osv.dev/v1/vulns/ASB-A-240267890
Aliases
Published
2023-02-01T00:00:00Z
Modified
2026-04-29T15:10:00.007170Z
Summary
[none]
Details

In clearApplicationUserData of ActivityManagerService.java, there is a possible way to remove system files due to a path traversal error. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.

References

Affected packages

Android
platform/frameworks/base

Package

Name
platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
10:0
Fixed
10:2023-02-01

Affected versions

Other
10

Ecosystem specific 

{
    "spl": "2023-02-01",
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/8b2e092146c7ab5c2952818dab6dcb6af9c417ce"
    ],
    "types": [
        "EoP"
    ],
    "vanir_signatures": [
        {
            "signature_type": "Function",
            "signature_version": "v1",
            "deprecated": false,
            "digest": {
                "length": 3389.0,
                "function_hash": "218789402610649146534279806213882698053"
            },
            "source": "https://android.googlesource.com/platform/frameworks/base/+/8b2e092146c7ab5c2952818dab6dcb6af9c417ce",
            "target": {
                "function": "clearApplicationUserData",
                "file": "services/core/java/com/android/server/am/ActivityManagerService.java"
            },
            "id": "ASB-A-240267890-4efa69e3"
        },
        {
            "signature_type": "Function",
            "signature_version": "v1",
            "deprecated": false,
            "digest": {
                "length": 982.0,
                "function_hash": "165433686559303516868918071578743107540"
            },
            "source": "https://android.googlesource.com/platform/frameworks/base/+/8b2e092146c7ab5c2952818dab6dcb6af9c417ce",
            "target": {
                "function": "onRemoveCompleted",
                "file": "services/core/java/com/android/server/am/ActivityManagerService.java"
            },
            "id": "ASB-A-240267890-af19b42b"
        },
        {
            "signature_type": "Line",
            "signature_version": "v1",
            "deprecated": false,
            "digest": {
                "line_hashes": [
                    "19023591753442047319068836492748830433",
                    "52651044639622897885630658727967251800",
                    "142835254940668524955337731002048445257",
                    "266462200045313874316840433279366081525",
                    "185110150976461916859425623723589893510",
                    "314669603338881841686559024183172733431",
                    "292921926393356967081892302753148509231",
                    "185633619305411967409319888823786493953",
                    "57537406593323258355711851392042148121",
                    "73544146165314567653419880584141548669",
                    "96268068996457097362106123178324082976",
                    "1000070865591566840256793781922070385",
                    "221836392391740426605061716026066846772",
                    "49503635218691360593758188510630321839",
                    "234322752101016168354101648054033901257",
                    "59341603582000900163595850960933790917",
                    "217578007770781325870538949999452319601"
                ],
                "threshold": 0.9
            },
            "source": "https://android.googlesource.com/platform/frameworks/base/+/8b2e092146c7ab5c2952818dab6dcb6af9c417ce",
            "target": {
                "file": "services/core/java/com/android/server/am/ActivityManagerService.java"
            },
            "id": "ASB-A-240267890-bd7aa7d0"
        }
    ],
    "severity": "High"
}

Database specific

source 
"https://storage.googleapis.com/android-osv/ASB-A-240267890.json"
platform/frameworks/base

Package

Name
platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
11:0
Fixed
11:2023-02-01

Affected versions

Other
11

Ecosystem specific 

{
    "spl": "2023-02-01",
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/0587cd294ae958af5ce7dd505fa919b4e3a13a6a"
    ],
    "types": [
        "EoP"
    ],
    "vanir_signatures": [
        {
            "signature_type": "Function",
            "signature_version": "v1",
            "deprecated": false,
            "digest": {
                "length": 996.0,
                "function_hash": "48304918318956533104010138608645094517"
            },
            "source": "https://android.googlesource.com/platform/frameworks/base/+/0587cd294ae958af5ce7dd505fa919b4e3a13a6a",
            "target": {
                "function": "onRemoveCompleted",
                "file": "services/core/java/com/android/server/am/ActivityManagerService.java"
            },
            "id": "ASB-A-240267890-4689ac68"
        },
        {
            "signature_type": "Function",
            "signature_version": "v1",
            "deprecated": false,
            "digest": {
                "length": 3403.0,
                "function_hash": "281721226776271417646888004390578358723"
            },
            "source": "https://android.googlesource.com/platform/frameworks/base/+/0587cd294ae958af5ce7dd505fa919b4e3a13a6a",
            "target": {
                "function": "clearApplicationUserData",
                "file": "services/core/java/com/android/server/am/ActivityManagerService.java"
            },
            "id": "ASB-A-240267890-a382a813"
        },
        {
            "signature_type": "Line",
            "signature_version": "v1",
            "deprecated": false,
            "digest": {
                "line_hashes": [
                    "19023591753442047319068836492748830433",
                    "52651044639622897885630658727967251800",
                    "142835254940668524955337731002048445257",
                    "266462200045313874316840433279366081525",
                    "185110150976461916859425623723589893510",
                    "314669603338881841686559024183172733431",
                    "292921926393356967081892302753148509231",
                    "26074335394516852620157714560660330299",
                    "131802145606347624638001126702220939140",
                    "29393240277710218126833544989533756035",
                    "93344404403566538279788203572755720164",
                    "25033023018105414771597828547721161450",
                    "107022013439612634245051802443808339606",
                    "113015113835492962517966053418959053756",
                    "162241249838221695089519972534284924145",
                    "81185955015349658169332765966774356464",
                    "217578007770781325870538949999452319601"
                ],
                "threshold": 0.9
            },
            "source": "https://android.googlesource.com/platform/frameworks/base/+/0587cd294ae958af5ce7dd505fa919b4e3a13a6a",
            "target": {
                "file": "services/core/java/com/android/server/am/ActivityManagerService.java"
            },
            "id": "ASB-A-240267890-d31c4108"
        }
    ],
    "severity": "High"
}

Database specific

source 
"https://storage.googleapis.com/android-osv/ASB-A-240267890.json"
platform/frameworks/base

Package

Name
platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
12:0
Fixed
12:2023-02-01

Affected versions

Other
12

Ecosystem specific 

{
    "spl": "2023-02-01",
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/1748c4e3569c960b3cc7af6fe76dc56b7929fc74"
    ],
    "types": [
        "EoP"
    ],
    "vanir_signatures": [
        {
            "signature_type": "Function",
            "signature_version": "v1",
            "deprecated": false,
            "digest": {
                "length": 1010.0,
                "function_hash": "25704709540683270839982671053682562928"
            },
            "source": "https://android.googlesource.com/platform/frameworks/base/+/1748c4e3569c960b3cc7af6fe76dc56b7929fc74",
            "target": {
                "function": "onRemoveCompleted",
                "file": "services/core/java/com/android/server/am/ActivityManagerService.java"
            },
            "id": "ASB-A-240267890-5a262931"
        },
        {
            "signature_type": "Function",
            "signature_version": "v1",
            "deprecated": false,
            "digest": {
                "length": 3510.0,
                "function_hash": "197022625998803206946365332501314725815"
            },
            "source": "https://android.googlesource.com/platform/frameworks/base/+/1748c4e3569c960b3cc7af6fe76dc56b7929fc74",
            "target": {
                "function": "clearApplicationUserData",
                "file": "services/core/java/com/android/server/am/ActivityManagerService.java"
            },
            "id": "ASB-A-240267890-dceeb151"
        },
        {
            "signature_type": "Line",
            "signature_version": "v1",
            "deprecated": false,
            "digest": {
                "line_hashes": [
                    "19023591753442047319068836492748830433",
                    "52651044639622897885630658727967251800",
                    "142835254940668524955337731002048445257",
                    "266462200045313874316840433279366081525",
                    "185110150976461916859425623723589893510",
                    "314669603338881841686559024183172733431",
                    "292921926393356967081892302753148509231",
                    "26074335394516852620157714560660330299",
                    "131802145606347624638001126702220939140",
                    "5193485262852018112013593148456881020",
                    "205835234934375033032846118326177404503",
                    "50955005989019553957825154716998917532",
                    "44723180485155276700501233611679072449",
                    "296766035507375254846626169660850206327",
                    "289627521686869940425266439884906353258",
                    "77846570521540527583456841352965119288",
                    "69007524958661669647209266690471934903"
                ],
                "threshold": 0.9
            },
            "source": "https://android.googlesource.com/platform/frameworks/base/+/1748c4e3569c960b3cc7af6fe76dc56b7929fc74",
            "target": {
                "file": "services/core/java/com/android/server/am/ActivityManagerService.java"
            },
            "id": "ASB-A-240267890-fe15deb0"
        }
    ],
    "severity": "High"
}

Database specific

source 
"https://storage.googleapis.com/android-osv/ASB-A-240267890.json"
platform/frameworks/base

Package

Name
platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
12L:0
Fixed
12L:2023-02-01

Affected versions

Other
12L

Ecosystem specific 

{
    "spl": "2023-02-01",
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/9baf03004b9152ac5a3018154465854ba4b4aa8e"
    ],
    "types": [
        "EoP"
    ],
    "vanir_signatures": [
        {
            "signature_type": "Function",
            "signature_version": "v1",
            "deprecated": false,
            "digest": {
                "length": 3510.0,
                "function_hash": "197022625998803206946365332501314725815"
            },
            "source": "https://android.googlesource.com/platform/frameworks/base/+/9baf03004b9152ac5a3018154465854ba4b4aa8e",
            "target": {
                "function": "clearApplicationUserData",
                "file": "services/core/java/com/android/server/am/ActivityManagerService.java"
            },
            "id": "ASB-A-240267890-85c0f00a"
        },
        {
            "signature_type": "Function",
            "signature_version": "v1",
            "deprecated": false,
            "digest": {
                "length": 1010.0,
                "function_hash": "25704709540683270839982671053682562928"
            },
            "source": "https://android.googlesource.com/platform/frameworks/base/+/9baf03004b9152ac5a3018154465854ba4b4aa8e",
            "target": {
                "function": "onRemoveCompleted",
                "file": "services/core/java/com/android/server/am/ActivityManagerService.java"
            },
            "id": "ASB-A-240267890-d5102df1"
        },
        {
            "signature_type": "Line",
            "signature_version": "v1",
            "deprecated": false,
            "digest": {
                "line_hashes": [
                    "19023591753442047319068836492748830433",
                    "52651044639622897885630658727967251800",
                    "142835254940668524955337731002048445257",
                    "266462200045313874316840433279366081525",
                    "185110150976461916859425623723589893510",
                    "314669603338881841686559024183172733431",
                    "292921926393356967081892302753148509231",
                    "26074335394516852620157714560660330299",
                    "131802145606347624638001126702220939140",
                    "5193485262852018112013593148456881020",
                    "205835234934375033032846118326177404503",
                    "50955005989019553957825154716998917532",
                    "44723180485155276700501233611679072449",
                    "296766035507375254846626169660850206327",
                    "289627521686869940425266439884906353258",
                    "77846570521540527583456841352965119288",
                    "69007524958661669647209266690471934903"
                ],
                "threshold": 0.9
            },
            "source": "https://android.googlesource.com/platform/frameworks/base/+/9baf03004b9152ac5a3018154465854ba4b4aa8e",
            "target": {
                "file": "services/core/java/com/android/server/am/ActivityManagerService.java"
            },
            "id": "ASB-A-240267890-daa2de92"
        }
    ],
    "severity": "High"
}

Database specific

source 
"https://storage.googleapis.com/android-osv/ASB-A-240267890.json"
platform/frameworks/base

Package

Name
platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
13:0
Fixed
13:2023-02-01

Affected versions

Other
13

Ecosystem specific 

{
    "spl": "2023-02-01",
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/94b10bba20f8d96964c80a8157fd8e02286eff68"
    ],
    "types": [
        "EoP"
    ],
    "vanir_signatures": [
        {
            "signature_type": "Function",
            "signature_version": "v1",
            "deprecated": false,
            "digest": {
                "length": 1099.0,
                "function_hash": "306266303474995512994204301567941670120"
            },
            "source": "https://android.googlesource.com/platform/frameworks/base/+/94b10bba20f8d96964c80a8157fd8e02286eff68",
            "target": {
                "function": "onRemoveCompleted",
                "file": "services/core/java/com/android/server/am/ActivityManagerService.java"
            },
            "id": "ASB-A-240267890-18bde628"
        },
        {
            "signature_type": "Line",
            "signature_version": "v1",
            "deprecated": false,
            "digest": {
                "line_hashes": [
                    "19023591753442047319068836492748830433",
                    "52651044639622897885630658727967251800",
                    "142835254940668524955337731002048445257",
                    "266462200045313874316840433279366081525",
                    "185110150976461916859425623723589893510",
                    "243354013767680916156176542676350888809",
                    "282141756453166813397134019577865741769",
                    "242360205959223563793524277019121002165",
                    "272704362624956598487888867396206099590",
                    "116358791319072628048265242690146315044",
                    "131802145606347624638001126702220939140",
                    "260689335989539307525992592168793184068",
                    "30221961543927210908696824065619077193",
                    "41966273680758090319055084234524876018",
                    "216043695530903462632178712485053959841",
                    "291529813944039398967917160182739371228",
                    "259729072714311958273811571778911528203",
                    "305602406385059455886982921729876113658",
                    "94473953833050829154906721596955409962"
                ],
                "threshold": 0.9
            },
            "source": "https://android.googlesource.com/platform/frameworks/base/+/94b10bba20f8d96964c80a8157fd8e02286eff68",
            "target": {
                "file": "services/core/java/com/android/server/am/ActivityManagerService.java"
            },
            "id": "ASB-A-240267890-38b21dad"
        },
        {
            "signature_type": "Function",
            "signature_version": "v1",
            "deprecated": false,
            "digest": {
                "length": 3824.0,
                "function_hash": "274978653062025418454947224085038003010"
            },
            "source": "https://android.googlesource.com/platform/frameworks/base/+/94b10bba20f8d96964c80a8157fd8e02286eff68",
            "target": {
                "function": "clearApplicationUserData",
                "file": "services/core/java/com/android/server/am/ActivityManagerService.java"
            },
            "id": "ASB-A-240267890-e3dc8a86"
        }
    ],
    "severity": "High"
}

Database specific

source 
"https://storage.googleapis.com/android-osv/ASB-A-240267890.json"