ASB-A-243463593
See a problem?- Import Source
- https://storage.googleapis.com/android-osv/ASB-A-243463593.json
- JSON Data
- https://api.osv.dev/v1/vulns/ASB-A-243463593
- Aliases
-
- A-243463593
- CVE-2023-40110
- Published
- 2023-11-01T00:00:00Z
- Modified
- 2025-12-05T17:11:19.026530Z
- Summary
- [none]
- Details
-
In multiple functions of MtpPacket.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
- References
Affected packages
Android
platform/frameworks/av
Package
- Name
- platform/frameworks/av
Ecosystem specific
{
"spl": "2023-11-01",
"severity": "High",
"types": [
"EoP"
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/av/+/1401a723899766632363129265b30d433ac69c44"
],
"vanir_signatures": [
{
"target": {
"function": "MtpPacket::getUInt32",
"file": "media/mtp/MtpPacket.cpp"
},
"digest": {
"length": 222.0,
"function_hash": "29132274659906287857202031673365486865"
},
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/av/+/1401a723899766632363129265b30d433ac69c44",
"deprecated": false,
"signature_type": "Function",
"id": "ASB-A-243463593-131eb36e"
},
{
"target": {
"function": "MtpPacket::putUInt16",
"file": "media/mtp/MtpPacket.cpp"
},
"digest": {
"length": 175.0,
"function_hash": "34154390763950867467417999733978382884"
},
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/av/+/1401a723899766632363129265b30d433ac69c44",
"deprecated": false,
"signature_type": "Function",
"id": "ASB-A-243463593-19c95ffa"
},
{
"target": {
"function": "MtpPacket::putUInt32",
"file": "media/mtp/MtpPacket.cpp"
},
"digest": {
"length": 299.0,
"function_hash": "298372404400044685788784117800346771880"
},
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/av/+/1401a723899766632363129265b30d433ac69c44",
"deprecated": false,
"signature_type": "Function",
"id": "ASB-A-243463593-3ef074ae"
},
{
"target": {
"file": "media/mtp/MtpPacket.cpp"
},
"digest": {
"line_hashes": [
"10360648252606816404717437669470675893",
"227011160605173160719128045050766853883",
"208164841370806985723361759329080856329",
"71364014207097319227882820800460492904",
"156243055800073920013120214974781898386",
"215156572296132505262246123742587744241",
"7069884085968848656412683427367043296",
"235743035146536230866436624450904495228",
"35290295899257055203805651232869540931",
"207937354798362552360337160529413393744",
"78996111740133474014844433096763461624",
"334443121837729838277033742941280569682",
"68681804946192098603078887479391740954",
"294638057278564561348433337879369379523",
"297908863031311931518915486339596470465",
"110154676319333325261637695499784063818",
"34446191657970144545577341729483614203",
"314457986449180959672199800767823662525"
],
"threshold": 0.9
},
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/av/+/1401a723899766632363129265b30d433ac69c44",
"deprecated": false,
"signature_type": "Line",
"id": "ASB-A-243463593-4e42e0e4"
},
{
"target": {
"function": "MtpPacket::getUInt16",
"file": "media/mtp/MtpPacket.cpp"
},
"digest": {
"length": 134.0,
"function_hash": "315466067567656958854029971084270982926"
},
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/av/+/1401a723899766632363129265b30d433ac69c44",
"deprecated": false,
"signature_type": "Function",
"id": "ASB-A-243463593-a36956be"
}
]
}platform/frameworks/av
Package
- Name
- platform/frameworks/av
Ecosystem specific
{
"spl": "2023-11-01",
"severity": "High",
"types": [
"EoP"
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/av/+/38a83caefc4b5fd5aa1071bbabf0c71f49e6ac80"
],
"vanir_signatures": [
{
"target": {
"function": "MtpPacket::getUInt32",
"file": "media/mtp/MtpPacket.cpp"
},
"digest": {
"length": 222.0,
"function_hash": "29132274659906287857202031673365486865"
},
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/av/+/38a83caefc4b5fd5aa1071bbabf0c71f49e6ac80",
"deprecated": false,
"signature_type": "Function",
"id": "ASB-A-243463593-106c583f"
},
{
"target": {
"function": "MtpPacket::putUInt32",
"file": "media/mtp/MtpPacket.cpp"
},
"digest": {
"length": 299.0,
"function_hash": "298372404400044685788784117800346771880"
},
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/av/+/38a83caefc4b5fd5aa1071bbabf0c71f49e6ac80",
"deprecated": false,
"signature_type": "Function",
"id": "ASB-A-243463593-3e24f9e3"
},
{
"target": {
"function": "MtpPacket::getUInt16",
"file": "media/mtp/MtpPacket.cpp"
},
"digest": {
"length": 134.0,
"function_hash": "315466067567656958854029971084270982926"
},
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/av/+/38a83caefc4b5fd5aa1071bbabf0c71f49e6ac80",
"deprecated": false,
"signature_type": "Function",
"id": "ASB-A-243463593-8cc5857e"
},
{
"target": {
"file": "media/mtp/MtpPacket.cpp"
},
"digest": {
"line_hashes": [
"10360648252606816404717437669470675893",
"227011160605173160719128045050766853883",
"208164841370806985723361759329080856329",
"71364014207097319227882820800460492904",
"156243055800073920013120214974781898386",
"215156572296132505262246123742587744241",
"7069884085968848656412683427367043296",
"235743035146536230866436624450904495228",
"35290295899257055203805651232869540931",
"207937354798362552360337160529413393744",
"78996111740133474014844433096763461624",
"334443121837729838277033742941280569682",
"68681804946192098603078887479391740954",
"294638057278564561348433337879369379523",
"297908863031311931518915486339596470465",
"110154676319333325261637695499784063818",
"34446191657970144545577341729483614203",
"314457986449180959672199800767823662525"
],
"threshold": 0.9
},
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/av/+/38a83caefc4b5fd5aa1071bbabf0c71f49e6ac80",
"deprecated": false,
"signature_type": "Line",
"id": "ASB-A-243463593-acd5f0a8"
},
{
"target": {
"function": "MtpPacket::putUInt16",
"file": "media/mtp/MtpPacket.cpp"
},
"digest": {
"length": 175.0,
"function_hash": "34154390763950867467417999733978382884"
},
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/av/+/38a83caefc4b5fd5aa1071bbabf0c71f49e6ac80",
"deprecated": false,
"signature_type": "Function",
"id": "ASB-A-243463593-be12766d"
}
]
}platform/frameworks/av
Package
- Name
- platform/frameworks/av
Ecosystem specific
{
"spl": "2023-11-01",
"severity": "High",
"types": [
"EoP"
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/av/+/28dfceb42b04c86000146bcc8731d976028c247f"
],
"vanir_signatures": [
{
"target": {
"file": "media/mtp/MtpPacket.cpp"
},
"digest": {
"line_hashes": [
"10360648252606816404717437669470675893",
"227011160605173160719128045050766853883",
"208164841370806985723361759329080856329",
"71364014207097319227882820800460492904",
"156243055800073920013120214974781898386",
"215156572296132505262246123742587744241",
"7069884085968848656412683427367043296",
"235743035146536230866436624450904495228",
"35290295899257055203805651232869540931",
"207937354798362552360337160529413393744",
"78996111740133474014844433096763461624",
"334443121837729838277033742941280569682",
"68681804946192098603078887479391740954",
"294638057278564561348433337879369379523",
"297908863031311931518915486339596470465",
"110154676319333325261637695499784063818",
"34446191657970144545577341729483614203",
"314457986449180959672199800767823662525"
],
"threshold": 0.9
},
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/av/+/28dfceb42b04c86000146bcc8731d976028c247f",
"deprecated": false,
"signature_type": "Line",
"id": "ASB-A-243463593-636357b2"
},
{
"target": {
"function": "MtpPacket::getUInt16",
"file": "media/mtp/MtpPacket.cpp"
},
"digest": {
"length": 134.0,
"function_hash": "315466067567656958854029971084270982926"
},
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/av/+/28dfceb42b04c86000146bcc8731d976028c247f",
"deprecated": false,
"signature_type": "Function",
"id": "ASB-A-243463593-6e4e0021"
},
{
"target": {
"function": "MtpPacket::putUInt16",
"file": "media/mtp/MtpPacket.cpp"
},
"digest": {
"length": 175.0,
"function_hash": "34154390763950867467417999733978382884"
},
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/av/+/28dfceb42b04c86000146bcc8731d976028c247f",
"deprecated": false,
"signature_type": "Function",
"id": "ASB-A-243463593-733a088c"
},
{
"target": {
"function": "MtpPacket::getUInt32",
"file": "media/mtp/MtpPacket.cpp"
},
"digest": {
"length": 222.0,
"function_hash": "29132274659906287857202031673365486865"
},
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/av/+/28dfceb42b04c86000146bcc8731d976028c247f",
"deprecated": false,
"signature_type": "Function",
"id": "ASB-A-243463593-79a58389"
},
{
"target": {
"function": "MtpPacket::putUInt32",
"file": "media/mtp/MtpPacket.cpp"
},
"digest": {
"length": 299.0,
"function_hash": "298372404400044685788784117800346771880"
},
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/av/+/28dfceb42b04c86000146bcc8731d976028c247f",
"deprecated": false,
"signature_type": "Function",
"id": "ASB-A-243463593-ae4e69e4"
}
]
}platform/frameworks/av
Package
- Name
- platform/frameworks/av
Ecosystem specific
{
"spl": "2023-11-01",
"severity": "High",
"types": [
"EoP"
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/av/+/0c26c2f4595b58bd7a11512227eacd480c4ddcd9"
],
"vanir_signatures": [
{
"target": {
"function": "MtpPacket::putUInt32",
"file": "media/mtp/MtpPacket.cpp"
},
"digest": {
"length": 299.0,
"function_hash": "298372404400044685788784117800346771880"
},
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/av/+/0c26c2f4595b58bd7a11512227eacd480c4ddcd9",
"deprecated": false,
"signature_type": "Function",
"id": "ASB-A-243463593-1856909b"
},
{
"target": {
"file": "media/mtp/MtpPacket.cpp"
},
"digest": {
"line_hashes": [
"10360648252606816404717437669470675893",
"227011160605173160719128045050766853883",
"208164841370806985723361759329080856329",
"71364014207097319227882820800460492904",
"156243055800073920013120214974781898386",
"215156572296132505262246123742587744241",
"7069884085968848656412683427367043296",
"235743035146536230866436624450904495228",
"35290295899257055203805651232869540931",
"207937354798362552360337160529413393744",
"78996111740133474014844433096763461624",
"334443121837729838277033742941280569682",
"68681804946192098603078887479391740954",
"294638057278564561348433337879369379523",
"297908863031311931518915486339596470465",
"110154676319333325261637695499784063818",
"34446191657970144545577341729483614203",
"314457986449180959672199800767823662525"
],
"threshold": 0.9
},
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/av/+/0c26c2f4595b58bd7a11512227eacd480c4ddcd9",
"deprecated": false,
"signature_type": "Line",
"id": "ASB-A-243463593-1bc6929f"
},
{
"target": {
"function": "MtpPacket::getUInt16",
"file": "media/mtp/MtpPacket.cpp"
},
"digest": {
"length": 134.0,
"function_hash": "315466067567656958854029971084270982926"
},
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/av/+/0c26c2f4595b58bd7a11512227eacd480c4ddcd9",
"deprecated": false,
"signature_type": "Function",
"id": "ASB-A-243463593-8fcfb983"
},
{
"target": {
"function": "MtpPacket::putUInt16",
"file": "media/mtp/MtpPacket.cpp"
},
"digest": {
"length": 175.0,
"function_hash": "34154390763950867467417999733978382884"
},
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/av/+/0c26c2f4595b58bd7a11512227eacd480c4ddcd9",
"deprecated": false,
"signature_type": "Function",
"id": "ASB-A-243463593-912c9eb8"
},
{
"target": {
"function": "MtpPacket::getUInt32",
"file": "media/mtp/MtpPacket.cpp"
},
"digest": {
"length": 222.0,
"function_hash": "29132274659906287857202031673365486865"
},
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/av/+/0c26c2f4595b58bd7a11512227eacd480c4ddcd9",
"deprecated": false,
"signature_type": "Function",
"id": "ASB-A-243463593-a5584b6f"
}
]
}platform/frameworks/av
Package
- Name
- platform/frameworks/av
Ecosystem specific
{
"spl": "2023-11-01",
"severity": "High",
"types": [
"EoP"
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/av/+/56ae070c55debb8b2c691e296bded3d6e9f63518"
],
"vanir_signatures": [
{
"target": {
"function": "MtpPacket::getUInt32",
"file": "media/mtp/MtpPacket.cpp"
},
"digest": {
"length": 222.0,
"function_hash": "29132274659906287857202031673365486865"
},
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/av/+/56ae070c55debb8b2c691e296bded3d6e9f63518",
"deprecated": false,
"signature_type": "Function",
"id": "ASB-A-243463593-567ee785"
},
{
"target": {
"function": "MtpPacket::putUInt32",
"file": "media/mtp/MtpPacket.cpp"
},
"digest": {
"length": 299.0,
"function_hash": "298372404400044685788784117800346771880"
},
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/av/+/56ae070c55debb8b2c691e296bded3d6e9f63518",
"deprecated": false,
"signature_type": "Function",
"id": "ASB-A-243463593-6901ad47"
},
{
"target": {
"file": "media/mtp/MtpPacket.cpp"
},
"digest": {
"line_hashes": [
"10360648252606816404717437669470675893",
"227011160605173160719128045050766853883",
"208164841370806985723361759329080856329",
"71364014207097319227882820800460492904",
"156243055800073920013120214974781898386",
"215156572296132505262246123742587744241",
"7069884085968848656412683427367043296",
"235743035146536230866436624450904495228",
"35290295899257055203805651232869540931",
"207937354798362552360337160529413393744",
"78996111740133474014844433096763461624",
"334443121837729838277033742941280569682",
"68681804946192098603078887479391740954",
"294638057278564561348433337879369379523",
"297908863031311931518915486339596470465",
"110154676319333325261637695499784063818",
"34446191657970144545577341729483614203",
"314457986449180959672199800767823662525"
],
"threshold": 0.9
},
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/av/+/56ae070c55debb8b2c691e296bded3d6e9f63518",
"deprecated": false,
"signature_type": "Line",
"id": "ASB-A-243463593-708f4159"
},
{
"target": {
"function": "MtpPacket::getUInt16",
"file": "media/mtp/MtpPacket.cpp"
},
"digest": {
"length": 134.0,
"function_hash": "315466067567656958854029971084270982926"
},
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/av/+/56ae070c55debb8b2c691e296bded3d6e9f63518",
"deprecated": false,
"signature_type": "Function",
"id": "ASB-A-243463593-969690c3"
},
{
"target": {
"function": "MtpPacket::putUInt16",
"file": "media/mtp/MtpPacket.cpp"
},
"digest": {
"length": 175.0,
"function_hash": "34154390763950867467417999733978382884"
},
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/av/+/56ae070c55debb8b2c691e296bded3d6e9f63518",
"deprecated": false,
"signature_type": "Function",
"id": "ASB-A-243463593-e1ceb256"
}
]
}