ASB-A-243381410
See a problem?- Import Source
- https://storage.googleapis.com/android-osv/ASB-A-243381410.json
- JSON Data
- https://api.osv.dev/v1/vulns/ASB-A-243381410
- Aliases
-
- A-243381410
- CVE-2023-40114
- Published
- 2023-11-01T00:00:00Z
- Modified
- 2025-11-21T16:23:56.435667Z
- Summary
- [none]
- Details
-
In multiple functions of MtpFfsHandle.cpp , there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
- References
Affected packages
Android
platform/frameworks/av
Package
- Name
- platform/frameworks/av
Ecosystem specific
{
"fixes": [
"https://android.googlesource.com/platform/frameworks/av/+/50bf46a3f62136386548a9187a749936bda3ee8f",
"https://android.googlesource.com/platform/frameworks/av/+/24b80a252815efec8fe9ee09d27ff592ff85caf6"
],
"types": [
"EoP"
],
"vanir_signatures": [
{
"match_only_versions": [
"14-next"
],
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/av/+/24b80a252815efec8fe9ee09d27ff592ff85caf6",
"signature_type": "Function",
"digest": {
"length": 391.0,
"function_hash": "206423838537077778683672397681181193153"
},
"target": {
"file": "media/mtp/MtpFfsHandle.cpp",
"function": "MtpFfsHandle::doSendEvent"
},
"signature_version": "v1",
"id": "ASB-A-243381410-2f32c52c"
},
{
"signature_type": "Function",
"deprecated": true,
"digest": {
"length": 85.0,
"function_hash": "187296678320389610812168504060705140071"
},
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/av/+/50bf46a3f62136386548a9187a749936bda3ee8f",
"target": {
"file": "media/mtp/MtpFfsHandle.cpp",
"function": "MtpFfsHandle::close"
},
"id": "ASB-A-243381410-43c10ea1"
},
{
"signature_type": "Function",
"deprecated": true,
"digest": {
"length": 282.0,
"function_hash": "276487615277169573715096579113361679539"
},
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/av/+/50bf46a3f62136386548a9187a749936bda3ee8f",
"target": {
"file": "media/mtp/MtpFfsHandle.cpp",
"function": "MtpFfsHandle::sendEvent"
},
"id": "ASB-A-243381410-48363c69"
},
{
"signature_type": "Line",
"deprecated": true,
"digest": {
"line_hashes": [
"257946880689431607607846921277362628984",
"214813738760782162275727667657187336111",
"311949162191875777493563203535787409328"
],
"threshold": 0.9
},
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/av/+/50bf46a3f62136386548a9187a749936bda3ee8f",
"target": {
"file": "media/mtp/MtpFfsHandle.h"
},
"id": "ASB-A-243381410-71daa25e"
},
{
"match_only_versions": [
"14-next"
],
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/av/+/24b80a252815efec8fe9ee09d27ff592ff85caf6",
"signature_type": "Line",
"digest": {
"line_hashes": [
"249905657129750199156804045841388941371",
"129944308696489498706075798586674994455",
"234890760846408323056785030771212952384",
"134081666041439078632207748534875507413",
"216512857860840639893639376538607433979",
"46630529847610189699613104430422721829",
"249078942686925292647122114907574201434",
"133086749823307041251926957468676873004",
"324773778986203074548926276370670423793",
"3218371153343959678584258994735145426",
"83595945529144457290875089835432754386",
"306231000139423576494531936526756222315",
"211420202275080712744550988006981160177",
"134173040292944580260729058122719658293",
"75010337608386829421480620726219757103",
"38375681278452947314662935039389038682",
"202687650483980621914080471630274682406",
"318938683827732062174721510769767011106",
"275207533668640178719217003156540494481",
"130923682915988071978495404433715529474"
],
"threshold": 0.9
},
"target": {
"file": "media/mtp/MtpFfsHandle.cpp"
},
"signature_version": "v1",
"id": "ASB-A-243381410-83b8948e"
},
{
"match_only_versions": [
"14-next"
],
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/av/+/24b80a252815efec8fe9ee09d27ff592ff85caf6",
"signature_type": "Function",
"digest": {
"length": 338.0,
"function_hash": "246874845117935513973283340014045140640"
},
"target": {
"file": "media/mtp/MtpFfsHandle.cpp",
"function": "MtpFfsHandle::sendEvent"
},
"signature_version": "v1",
"id": "ASB-A-243381410-c1163542"
},
{
"match_only_versions": [
"14-next"
],
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/av/+/24b80a252815efec8fe9ee09d27ff592ff85caf6",
"signature_type": "Line",
"digest": {
"line_hashes": [
"287665720593271876949601279852261242653",
"123877190094603676257621209182778795715",
"304262815724805461350446928805530664552",
"16996758083761316092469516705013594099",
"9295919541600902406113267227066390217",
"248751862827529912028883904204990656887"
],
"threshold": 0.9
},
"target": {
"file": "media/mtp/MtpFfsHandle.h"
},
"signature_version": "v1",
"id": "ASB-A-243381410-d38f158b"
},
{
"match_only_versions": [
"14-next"
],
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/av/+/24b80a252815efec8fe9ee09d27ff592ff85caf6",
"signature_type": "Function",
"digest": {
"length": 221.0,
"function_hash": "69570275881886170927266215477087188399"
},
"target": {
"file": "media/mtp/MtpFfsHandle.cpp",
"function": "MtpFfsHandle::close"
},
"signature_version": "v1",
"id": "ASB-A-243381410-f1a30a43"
},
{
"signature_type": "Line",
"deprecated": true,
"digest": {
"line_hashes": [
"104378138219268779814330118595398296666",
"204458413345149048668434331184071604602",
"274746092296857967025830671311052618919",
"118046279412932046354249876989352904934",
"69565515035292456810716684427000415482",
"299347034252007468155409632366504270155",
"153406248780684167603897372426184570892",
"21845633233846915759719832940100001890",
"113618895588595597258975882515016568485",
"151515614438489737464926123216152085661",
"221010358112329924353436072492745962727"
],
"threshold": 0.9
},
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/av/+/50bf46a3f62136386548a9187a749936bda3ee8f",
"target": {
"file": "media/mtp/MtpFfsHandle.cpp"
},
"id": "ASB-A-243381410-fee18d90"
}
],
"spl": "2023-11-01",
"severity": "High"
}platform/frameworks/av
Package
- Name
- platform/frameworks/av
Ecosystem specific
{
"fixes": [
"https://android.googlesource.com/platform/frameworks/av/+/73d89318a658ece5f337c5f9c1ec1149c52eb722"
],
"types": [
"EoP"
],
"vanir_signatures": [
{
"signature_type": "Function",
"deprecated": true,
"digest": {
"length": 282.0,
"function_hash": "276487615277169573715096579113361679539"
},
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/av/+/73d89318a658ece5f337c5f9c1ec1149c52eb722",
"target": {
"file": "media/mtp/MtpFfsHandle.cpp",
"function": "MtpFfsHandle::sendEvent"
},
"id": "ASB-A-243381410-0401a714"
},
{
"signature_type": "Line",
"deprecated": true,
"digest": {
"line_hashes": [
"104378138219268779814330118595398296666",
"204458413345149048668434331184071604602",
"274746092296857967025830671311052618919",
"118046279412932046354249876989352904934",
"69565515035292456810716684427000415482",
"299347034252007468155409632366504270155",
"153406248780684167603897372426184570892",
"21845633233846915759719832940100001890",
"113618895588595597258975882515016568485",
"151515614438489737464926123216152085661",
"221010358112329924353436072492745962727"
],
"threshold": 0.9
},
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/av/+/73d89318a658ece5f337c5f9c1ec1149c52eb722",
"target": {
"file": "media/mtp/MtpFfsHandle.cpp"
},
"id": "ASB-A-243381410-3dc0dc8e"
},
{
"signature_type": "Line",
"deprecated": true,
"digest": {
"line_hashes": [
"239159632960374640597334580885051590784",
"171934229187705278507507383778159506808",
"194610243098660717648630058873393564582"
],
"threshold": 0.9
},
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/av/+/73d89318a658ece5f337c5f9c1ec1149c52eb722",
"target": {
"file": "media/mtp/MtpFfsHandle.h"
},
"id": "ASB-A-243381410-808e0237"
},
{
"match_only_versions": [
"11"
],
"deprecated": true,
"source": "https://android.googlesource.com/platform/frameworks/av/+/73d89318a658ece5f337c5f9c1ec1149c52eb722",
"signature_type": "Function",
"digest": {
"length": 313.0,
"function_hash": "156322528856444147556699193616146441238"
},
"target": {
"file": "media/mtp/MtpFfsHandle.cpp",
"function": "MtpFfsHandle::doSendEvent"
},
"signature_version": "v1",
"id": "ASB-A-243381410-82e1fbec"
},
{
"signature_type": "Function",
"deprecated": true,
"digest": {
"length": 85.0,
"function_hash": "187296678320389610812168504060705140071"
},
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/av/+/73d89318a658ece5f337c5f9c1ec1149c52eb722",
"target": {
"file": "media/mtp/MtpFfsHandle.cpp",
"function": "MtpFfsHandle::close"
},
"id": "ASB-A-243381410-ebf12d6f"
}
],
"spl": "2023-11-01",
"severity": "High"
}platform/frameworks/av
Package
- Name
- platform/frameworks/av
Ecosystem specific
{
"fixes": [
"https://android.googlesource.com/platform/frameworks/av/+/e376b3dd401339cf736b1f76948b2f2338a647c9"
],
"types": [
"EoP"
],
"vanir_signatures": [
{
"signature_type": "Function",
"deprecated": true,
"digest": {
"length": 282.0,
"function_hash": "276487615277169573715096579113361679539"
},
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/av/+/e376b3dd401339cf736b1f76948b2f2338a647c9",
"target": {
"file": "media/mtp/MtpFfsHandle.cpp",
"function": "MtpFfsHandle::sendEvent"
},
"id": "ASB-A-243381410-1a1c308b"
},
{
"match_only_versions": [
"12"
],
"deprecated": true,
"source": "https://android.googlesource.com/platform/frameworks/av/+/e376b3dd401339cf736b1f76948b2f2338a647c9",
"signature_type": "Function",
"digest": {
"length": 313.0,
"function_hash": "156322528856444147556699193616146441238"
},
"target": {
"file": "media/mtp/MtpFfsHandle.cpp",
"function": "MtpFfsHandle::doSendEvent"
},
"signature_version": "v1",
"id": "ASB-A-243381410-26ad8f39"
},
{
"signature_type": "Function",
"deprecated": true,
"digest": {
"length": 85.0,
"function_hash": "187296678320389610812168504060705140071"
},
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/av/+/e376b3dd401339cf736b1f76948b2f2338a647c9",
"target": {
"file": "media/mtp/MtpFfsHandle.cpp",
"function": "MtpFfsHandle::close"
},
"id": "ASB-A-243381410-328e0f99"
},
{
"signature_type": "Line",
"deprecated": true,
"digest": {
"line_hashes": [
"257946880689431607607846921277362628984",
"214813738760782162275727667657187336111",
"311949162191875777493563203535787409328"
],
"threshold": 0.9
},
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/av/+/e376b3dd401339cf736b1f76948b2f2338a647c9",
"target": {
"file": "media/mtp/MtpFfsHandle.h"
},
"id": "ASB-A-243381410-5678c55a"
},
{
"signature_type": "Line",
"deprecated": true,
"digest": {
"line_hashes": [
"104378138219268779814330118595398296666",
"204458413345149048668434331184071604602",
"274746092296857967025830671311052618919",
"118046279412932046354249876989352904934",
"69565515035292456810716684427000415482",
"299347034252007468155409632366504270155",
"153406248780684167603897372426184570892",
"21845633233846915759719832940100001890",
"113618895588595597258975882515016568485",
"151515614438489737464926123216152085661",
"221010358112329924353436072492745962727"
],
"threshold": 0.9
},
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/av/+/e376b3dd401339cf736b1f76948b2f2338a647c9",
"target": {
"file": "media/mtp/MtpFfsHandle.cpp"
},
"id": "ASB-A-243381410-826b75af"
}
],
"spl": "2023-11-01",
"severity": "High"
}platform/frameworks/av
Package
- Name
- platform/frameworks/av
Ecosystem specific
{
"fixes": [
"https://android.googlesource.com/platform/frameworks/av/+/d0645e1ca9d985acbf679ba29cc886bdd217ec55"
],
"types": [
"EoP"
],
"vanir_signatures": [
{
"match_only_versions": [
"12L"
],
"deprecated": true,
"source": "https://android.googlesource.com/platform/frameworks/av/+/d0645e1ca9d985acbf679ba29cc886bdd217ec55",
"signature_type": "Function",
"digest": {
"length": 313.0,
"function_hash": "156322528856444147556699193616146441238"
},
"target": {
"file": "media/mtp/MtpFfsHandle.cpp",
"function": "MtpFfsHandle::doSendEvent"
},
"signature_version": "v1",
"id": "ASB-A-243381410-15013ffe"
},
{
"signature_type": "Function",
"deprecated": true,
"digest": {
"length": 85.0,
"function_hash": "187296678320389610812168504060705140071"
},
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/av/+/d0645e1ca9d985acbf679ba29cc886bdd217ec55",
"target": {
"file": "media/mtp/MtpFfsHandle.cpp",
"function": "MtpFfsHandle::close"
},
"id": "ASB-A-243381410-b01d102a"
},
{
"signature_type": "Function",
"deprecated": true,
"digest": {
"length": 282.0,
"function_hash": "276487615277169573715096579113361679539"
},
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/av/+/d0645e1ca9d985acbf679ba29cc886bdd217ec55",
"target": {
"file": "media/mtp/MtpFfsHandle.cpp",
"function": "MtpFfsHandle::sendEvent"
},
"id": "ASB-A-243381410-caa75c9e"
},
{
"signature_type": "Line",
"deprecated": true,
"digest": {
"line_hashes": [
"257946880689431607607846921277362628984",
"214813738760782162275727667657187336111",
"311949162191875777493563203535787409328"
],
"threshold": 0.9
},
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/av/+/d0645e1ca9d985acbf679ba29cc886bdd217ec55",
"target": {
"file": "media/mtp/MtpFfsHandle.h"
},
"id": "ASB-A-243381410-d459851d"
},
{
"signature_type": "Line",
"deprecated": true,
"digest": {
"line_hashes": [
"104378138219268779814330118595398296666",
"204458413345149048668434331184071604602",
"274746092296857967025830671311052618919",
"118046279412932046354249876989352904934",
"69565515035292456810716684427000415482",
"299347034252007468155409632366504270155",
"153406248780684167603897372426184570892",
"21845633233846915759719832940100001890",
"113618895588595597258975882515016568485",
"151515614438489737464926123216152085661",
"221010358112329924353436072492745962727"
],
"threshold": 0.9
},
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/av/+/d0645e1ca9d985acbf679ba29cc886bdd217ec55",
"target": {
"file": "media/mtp/MtpFfsHandle.cpp"
},
"id": "ASB-A-243381410-ef64f868"
}
],
"spl": "2023-11-01",
"severity": "High"
}platform/frameworks/av
Package
- Name
- platform/frameworks/av
Ecosystem specific
{
"fixes": [
"https://android.googlesource.com/platform/frameworks/av/+/05dc1c083095ebee0faa20498153eb466082ace0"
],
"types": [
"EoP"
],
"vanir_signatures": [
{
"signature_type": "Function",
"deprecated": true,
"digest": {
"length": 85.0,
"function_hash": "187296678320389610812168504060705140071"
},
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/av/+/05dc1c083095ebee0faa20498153eb466082ace0",
"target": {
"file": "media/mtp/MtpFfsHandle.cpp",
"function": "MtpFfsHandle::close"
},
"id": "ASB-A-243381410-3dfba4ff"
},
{
"signature_type": "Line",
"deprecated": true,
"digest": {
"line_hashes": [
"104378138219268779814330118595398296666",
"204458413345149048668434331184071604602",
"274746092296857967025830671311052618919",
"118046279412932046354249876989352904934",
"69565515035292456810716684427000415482",
"299347034252007468155409632366504270155",
"153406248780684167603897372426184570892",
"21845633233846915759719832940100001890",
"113618895588595597258975882515016568485",
"151515614438489737464926123216152085661",
"221010358112329924353436072492745962727"
],
"threshold": 0.9
},
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/av/+/05dc1c083095ebee0faa20498153eb466082ace0",
"target": {
"file": "media/mtp/MtpFfsHandle.cpp"
},
"id": "ASB-A-243381410-5ef6fb3a"
},
{
"signature_type": "Function",
"deprecated": true,
"digest": {
"length": 282.0,
"function_hash": "276487615277169573715096579113361679539"
},
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/av/+/05dc1c083095ebee0faa20498153eb466082ace0",
"target": {
"file": "media/mtp/MtpFfsHandle.cpp",
"function": "MtpFfsHandle::sendEvent"
},
"id": "ASB-A-243381410-6607fff4"
},
{
"signature_type": "Line",
"deprecated": true,
"digest": {
"line_hashes": [
"257946880689431607607846921277362628984",
"214813738760782162275727667657187336111",
"311949162191875777493563203535787409328"
],
"threshold": 0.9
},
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/av/+/05dc1c083095ebee0faa20498153eb466082ace0",
"target": {
"file": "media/mtp/MtpFfsHandle.h"
},
"id": "ASB-A-243381410-72c2f4c6"
},
{
"match_only_versions": [
"13"
],
"deprecated": true,
"source": "https://android.googlesource.com/platform/frameworks/av/+/05dc1c083095ebee0faa20498153eb466082ace0",
"signature_type": "Function",
"digest": {
"length": 313.0,
"function_hash": "156322528856444147556699193616146441238"
},
"target": {
"file": "media/mtp/MtpFfsHandle.cpp",
"function": "MtpFfsHandle::doSendEvent"
},
"signature_version": "v1",
"id": "ASB-A-243381410-bba9b650"
}
],
"spl": "2023-11-01",
"severity": "High"
}platform/frameworks/av
Package
- Name
- platform/frameworks/av
Ecosystem specific
{
"fixes": [
"https://android.googlesource.com/platform/frameworks/av/+/e2c99e1e3a87368477f888f56944ec11c8d11a6e"
],
"types": [
"EoP"
],
"vanir_signatures": [
{
"signature_type": "Function",
"deprecated": true,
"digest": {
"length": 85.0,
"function_hash": "187296678320389610812168504060705140071"
},
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/av/+/e2c99e1e3a87368477f888f56944ec11c8d11a6e",
"target": {
"file": "media/mtp/MtpFfsHandle.cpp",
"function": "MtpFfsHandle::close"
},
"id": "ASB-A-243381410-4ef287e3"
},
{
"signature_type": "Line",
"deprecated": true,
"digest": {
"line_hashes": [
"257946880689431607607846921277362628984",
"214813738760782162275727667657187336111",
"311949162191875777493563203535787409328"
],
"threshold": 0.9
},
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/av/+/e2c99e1e3a87368477f888f56944ec11c8d11a6e",
"target": {
"file": "media/mtp/MtpFfsHandle.h"
},
"id": "ASB-A-243381410-8c10c6e5"
},
{
"match_only_versions": [
"14"
],
"deprecated": true,
"source": "https://android.googlesource.com/platform/frameworks/av/+/e2c99e1e3a87368477f888f56944ec11c8d11a6e",
"signature_type": "Function",
"digest": {
"length": 313.0,
"function_hash": "156322528856444147556699193616146441238"
},
"target": {
"file": "media/mtp/MtpFfsHandle.cpp",
"function": "MtpFfsHandle::doSendEvent"
},
"signature_version": "v1",
"id": "ASB-A-243381410-8e6b531a"
},
{
"signature_type": "Line",
"deprecated": true,
"digest": {
"line_hashes": [
"104378138219268779814330118595398296666",
"204458413345149048668434331184071604602",
"274746092296857967025830671311052618919",
"118046279412932046354249876989352904934",
"69565515035292456810716684427000415482",
"299347034252007468155409632366504270155",
"153406248780684167603897372426184570892",
"21845633233846915759719832940100001890",
"113618895588595597258975882515016568485",
"151515614438489737464926123216152085661",
"221010358112329924353436072492745962727"
],
"threshold": 0.9
},
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/av/+/e2c99e1e3a87368477f888f56944ec11c8d11a6e",
"target": {
"file": "media/mtp/MtpFfsHandle.cpp"
},
"id": "ASB-A-243381410-9fdeae0c"
},
{
"signature_type": "Function",
"deprecated": true,
"digest": {
"length": 282.0,
"function_hash": "276487615277169573715096579113361679539"
},
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/av/+/e2c99e1e3a87368477f888f56944ec11c8d11a6e",
"target": {
"file": "media/mtp/MtpFfsHandle.cpp",
"function": "MtpFfsHandle::sendEvent"
},
"id": "ASB-A-243381410-cdc5fd5f"
}
],
"spl": "2023-11-01",
"severity": "High"
}