ASB-A-243463593
See a problem?- Import Source
- https://storage.googleapis.com/android-osv/ASB-A-243463593.json
- JSON Data
- https://api.osv.dev/v1/vulns/ASB-A-243463593
- Aliases
-
- A-243463593
- CVE-2023-40110
- Published
- 2023-11-01T00:00:00Z
- Modified
- 2024-08-07T19:30:11.556627Z
- Summary
- [none]
- Details
-
In multiple functions of MtpPacket.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
- References
Affected packages
Android / platform/frameworks/av
Package
Ecosystem specific
{
"vanir_signatures": [
{
"digest": {
"length": 222.0,
"function_hash": "29132274659906287857202031673365486865"
},
"id": "ASB-A-243463593-131eb36e",
"source": "https://android.googlesource.com/platform/frameworks/av/+/1401a723899766632363129265b30d433ac69c44",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "media/mtp/MtpPacket.cpp",
"function": "MtpPacket::getUInt32"
},
"signature_type": "Function"
},
{
"digest": {
"length": 175.0,
"function_hash": "34154390763950867467417999733978382884"
},
"id": "ASB-A-243463593-19c95ffa",
"source": "https://android.googlesource.com/platform/frameworks/av/+/1401a723899766632363129265b30d433ac69c44",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "media/mtp/MtpPacket.cpp",
"function": "MtpPacket::putUInt16"
},
"signature_type": "Function"
},
{
"digest": {
"length": 299.0,
"function_hash": "298372404400044685788784117800346771880"
},
"id": "ASB-A-243463593-3ef074ae",
"source": "https://android.googlesource.com/platform/frameworks/av/+/1401a723899766632363129265b30d433ac69c44",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "media/mtp/MtpPacket.cpp",
"function": "MtpPacket::putUInt32"
},
"signature_type": "Function"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"10360648252606816404717437669470675893",
"227011160605173160719128045050766853883",
"208164841370806985723361759329080856329",
"71364014207097319227882820800460492904",
"156243055800073920013120214974781898386",
"215156572296132505262246123742587744241",
"7069884085968848656412683427367043296",
"235743035146536230866436624450904495228",
"35290295899257055203805651232869540931",
"207937354798362552360337160529413393744",
"78996111740133474014844433096763461624",
"334443121837729838277033742941280569682",
"68681804946192098603078887479391740954",
"294638057278564561348433337879369379523",
"297908863031311931518915486339596470465",
"110154676319333325261637695499784063818",
"34446191657970144545577341729483614203",
"314457986449180959672199800767823662525"
]
},
"id": "ASB-A-243463593-4e42e0e4",
"source": "https://android.googlesource.com/platform/frameworks/av/+/1401a723899766632363129265b30d433ac69c44",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "media/mtp/MtpPacket.cpp"
},
"signature_type": "Line"
},
{
"digest": {
"length": 134.0,
"function_hash": "315466067567656958854029971084270982926"
},
"id": "ASB-A-243463593-a36956be",
"source": "https://android.googlesource.com/platform/frameworks/av/+/1401a723899766632363129265b30d433ac69c44",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "media/mtp/MtpPacket.cpp",
"function": "MtpPacket::getUInt16"
},
"signature_type": "Function"
}
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/av/+/1401a723899766632363129265b30d433ac69c44"
],
"spl": "2023-11-01",
"severity": "High",
"types": [
"EoP"
]
}
Android / platform/frameworks/av
Package
Ecosystem specific
{
"vanir_signatures": [
{
"digest": {
"length": 222.0,
"function_hash": "29132274659906287857202031673365486865"
},
"id": "ASB-A-243463593-106c583f",
"source": "https://android.googlesource.com/platform/frameworks/av/+/38a83caefc4b5fd5aa1071bbabf0c71f49e6ac80",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "media/mtp/MtpPacket.cpp",
"function": "MtpPacket::getUInt32"
},
"signature_type": "Function"
},
{
"digest": {
"length": 299.0,
"function_hash": "298372404400044685788784117800346771880"
},
"id": "ASB-A-243463593-3e24f9e3",
"source": "https://android.googlesource.com/platform/frameworks/av/+/38a83caefc4b5fd5aa1071bbabf0c71f49e6ac80",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "media/mtp/MtpPacket.cpp",
"function": "MtpPacket::putUInt32"
},
"signature_type": "Function"
},
{
"digest": {
"length": 134.0,
"function_hash": "315466067567656958854029971084270982926"
},
"id": "ASB-A-243463593-8cc5857e",
"source": "https://android.googlesource.com/platform/frameworks/av/+/38a83caefc4b5fd5aa1071bbabf0c71f49e6ac80",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "media/mtp/MtpPacket.cpp",
"function": "MtpPacket::getUInt16"
},
"signature_type": "Function"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"10360648252606816404717437669470675893",
"227011160605173160719128045050766853883",
"208164841370806985723361759329080856329",
"71364014207097319227882820800460492904",
"156243055800073920013120214974781898386",
"215156572296132505262246123742587744241",
"7069884085968848656412683427367043296",
"235743035146536230866436624450904495228",
"35290295899257055203805651232869540931",
"207937354798362552360337160529413393744",
"78996111740133474014844433096763461624",
"334443121837729838277033742941280569682",
"68681804946192098603078887479391740954",
"294638057278564561348433337879369379523",
"297908863031311931518915486339596470465",
"110154676319333325261637695499784063818",
"34446191657970144545577341729483614203",
"314457986449180959672199800767823662525"
]
},
"id": "ASB-A-243463593-acd5f0a8",
"source": "https://android.googlesource.com/platform/frameworks/av/+/38a83caefc4b5fd5aa1071bbabf0c71f49e6ac80",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "media/mtp/MtpPacket.cpp"
},
"signature_type": "Line"
},
{
"digest": {
"length": 175.0,
"function_hash": "34154390763950867467417999733978382884"
},
"id": "ASB-A-243463593-be12766d",
"source": "https://android.googlesource.com/platform/frameworks/av/+/38a83caefc4b5fd5aa1071bbabf0c71f49e6ac80",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "media/mtp/MtpPacket.cpp",
"function": "MtpPacket::putUInt16"
},
"signature_type": "Function"
}
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/av/+/38a83caefc4b5fd5aa1071bbabf0c71f49e6ac80"
],
"spl": "2023-11-01",
"severity": "High",
"types": [
"EoP"
]
}
Android / platform/frameworks/av
Package
Ecosystem specific
{
"vanir_signatures": [
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"10360648252606816404717437669470675893",
"227011160605173160719128045050766853883",
"208164841370806985723361759329080856329",
"71364014207097319227882820800460492904",
"156243055800073920013120214974781898386",
"215156572296132505262246123742587744241",
"7069884085968848656412683427367043296",
"235743035146536230866436624450904495228",
"35290295899257055203805651232869540931",
"207937354798362552360337160529413393744",
"78996111740133474014844433096763461624",
"334443121837729838277033742941280569682",
"68681804946192098603078887479391740954",
"294638057278564561348433337879369379523",
"297908863031311931518915486339596470465",
"110154676319333325261637695499784063818",
"34446191657970144545577341729483614203",
"314457986449180959672199800767823662525"
]
},
"id": "ASB-A-243463593-636357b2",
"source": "https://android.googlesource.com/platform/frameworks/av/+/28dfceb42b04c86000146bcc8731d976028c247f",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "media/mtp/MtpPacket.cpp"
},
"signature_type": "Line"
},
{
"digest": {
"length": 134.0,
"function_hash": "315466067567656958854029971084270982926"
},
"id": "ASB-A-243463593-6e4e0021",
"source": "https://android.googlesource.com/platform/frameworks/av/+/28dfceb42b04c86000146bcc8731d976028c247f",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "media/mtp/MtpPacket.cpp",
"function": "MtpPacket::getUInt16"
},
"signature_type": "Function"
},
{
"digest": {
"length": 175.0,
"function_hash": "34154390763950867467417999733978382884"
},
"id": "ASB-A-243463593-733a088c",
"source": "https://android.googlesource.com/platform/frameworks/av/+/28dfceb42b04c86000146bcc8731d976028c247f",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "media/mtp/MtpPacket.cpp",
"function": "MtpPacket::putUInt16"
},
"signature_type": "Function"
},
{
"digest": {
"length": 222.0,
"function_hash": "29132274659906287857202031673365486865"
},
"id": "ASB-A-243463593-79a58389",
"source": "https://android.googlesource.com/platform/frameworks/av/+/28dfceb42b04c86000146bcc8731d976028c247f",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "media/mtp/MtpPacket.cpp",
"function": "MtpPacket::getUInt32"
},
"signature_type": "Function"
},
{
"digest": {
"length": 299.0,
"function_hash": "298372404400044685788784117800346771880"
},
"id": "ASB-A-243463593-ae4e69e4",
"source": "https://android.googlesource.com/platform/frameworks/av/+/28dfceb42b04c86000146bcc8731d976028c247f",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "media/mtp/MtpPacket.cpp",
"function": "MtpPacket::putUInt32"
},
"signature_type": "Function"
}
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/av/+/28dfceb42b04c86000146bcc8731d976028c247f"
],
"spl": "2023-11-01",
"severity": "High",
"types": [
"EoP"
]
}
Android / platform/frameworks/av
Package
Ecosystem specific
{
"vanir_signatures": [
{
"digest": {
"length": 299.0,
"function_hash": "298372404400044685788784117800346771880"
},
"id": "ASB-A-243463593-1856909b",
"source": "https://android.googlesource.com/platform/frameworks/av/+/0c26c2f4595b58bd7a11512227eacd480c4ddcd9",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "media/mtp/MtpPacket.cpp",
"function": "MtpPacket::putUInt32"
},
"signature_type": "Function"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"10360648252606816404717437669470675893",
"227011160605173160719128045050766853883",
"208164841370806985723361759329080856329",
"71364014207097319227882820800460492904",
"156243055800073920013120214974781898386",
"215156572296132505262246123742587744241",
"7069884085968848656412683427367043296",
"235743035146536230866436624450904495228",
"35290295899257055203805651232869540931",
"207937354798362552360337160529413393744",
"78996111740133474014844433096763461624",
"334443121837729838277033742941280569682",
"68681804946192098603078887479391740954",
"294638057278564561348433337879369379523",
"297908863031311931518915486339596470465",
"110154676319333325261637695499784063818",
"34446191657970144545577341729483614203",
"314457986449180959672199800767823662525"
]
},
"id": "ASB-A-243463593-1bc6929f",
"source": "https://android.googlesource.com/platform/frameworks/av/+/0c26c2f4595b58bd7a11512227eacd480c4ddcd9",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "media/mtp/MtpPacket.cpp"
},
"signature_type": "Line"
},
{
"digest": {
"length": 134.0,
"function_hash": "315466067567656958854029971084270982926"
},
"id": "ASB-A-243463593-8fcfb983",
"source": "https://android.googlesource.com/platform/frameworks/av/+/0c26c2f4595b58bd7a11512227eacd480c4ddcd9",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "media/mtp/MtpPacket.cpp",
"function": "MtpPacket::getUInt16"
},
"signature_type": "Function"
},
{
"digest": {
"length": 175.0,
"function_hash": "34154390763950867467417999733978382884"
},
"id": "ASB-A-243463593-912c9eb8",
"source": "https://android.googlesource.com/platform/frameworks/av/+/0c26c2f4595b58bd7a11512227eacd480c4ddcd9",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "media/mtp/MtpPacket.cpp",
"function": "MtpPacket::putUInt16"
},
"signature_type": "Function"
},
{
"digest": {
"length": 222.0,
"function_hash": "29132274659906287857202031673365486865"
},
"id": "ASB-A-243463593-a5584b6f",
"source": "https://android.googlesource.com/platform/frameworks/av/+/0c26c2f4595b58bd7a11512227eacd480c4ddcd9",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "media/mtp/MtpPacket.cpp",
"function": "MtpPacket::getUInt32"
},
"signature_type": "Function"
}
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/av/+/0c26c2f4595b58bd7a11512227eacd480c4ddcd9"
],
"spl": "2023-11-01",
"severity": "High",
"types": [
"EoP"
]
}
Android / platform/frameworks/av
Package
Ecosystem specific
{
"vanir_signatures": [
{
"digest": {
"length": 222.0,
"function_hash": "29132274659906287857202031673365486865"
},
"id": "ASB-A-243463593-567ee785",
"source": "https://android.googlesource.com/platform/frameworks/av/+/56ae070c55debb8b2c691e296bded3d6e9f63518",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "media/mtp/MtpPacket.cpp",
"function": "MtpPacket::getUInt32"
},
"signature_type": "Function"
},
{
"digest": {
"length": 299.0,
"function_hash": "298372404400044685788784117800346771880"
},
"id": "ASB-A-243463593-6901ad47",
"source": "https://android.googlesource.com/platform/frameworks/av/+/56ae070c55debb8b2c691e296bded3d6e9f63518",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "media/mtp/MtpPacket.cpp",
"function": "MtpPacket::putUInt32"
},
"signature_type": "Function"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"10360648252606816404717437669470675893",
"227011160605173160719128045050766853883",
"208164841370806985723361759329080856329",
"71364014207097319227882820800460492904",
"156243055800073920013120214974781898386",
"215156572296132505262246123742587744241",
"7069884085968848656412683427367043296",
"235743035146536230866436624450904495228",
"35290295899257055203805651232869540931",
"207937354798362552360337160529413393744",
"78996111740133474014844433096763461624",
"334443121837729838277033742941280569682",
"68681804946192098603078887479391740954",
"294638057278564561348433337879369379523",
"297908863031311931518915486339596470465",
"110154676319333325261637695499784063818",
"34446191657970144545577341729483614203",
"314457986449180959672199800767823662525"
]
},
"id": "ASB-A-243463593-708f4159",
"source": "https://android.googlesource.com/platform/frameworks/av/+/56ae070c55debb8b2c691e296bded3d6e9f63518",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "media/mtp/MtpPacket.cpp"
},
"signature_type": "Line"
},
{
"digest": {
"length": 134.0,
"function_hash": "315466067567656958854029971084270982926"
},
"id": "ASB-A-243463593-969690c3",
"source": "https://android.googlesource.com/platform/frameworks/av/+/56ae070c55debb8b2c691e296bded3d6e9f63518",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "media/mtp/MtpPacket.cpp",
"function": "MtpPacket::getUInt16"
},
"signature_type": "Function"
},
{
"digest": {
"length": 175.0,
"function_hash": "34154390763950867467417999733978382884"
},
"id": "ASB-A-243463593-e1ceb256",
"source": "https://android.googlesource.com/platform/frameworks/av/+/56ae070c55debb8b2c691e296bded3d6e9f63518",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "media/mtp/MtpPacket.cpp",
"function": "MtpPacket::putUInt16"
},
"signature_type": "Function"
}
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/av/+/56ae070c55debb8b2c691e296bded3d6e9f63518"
],
"spl": "2023-11-01",
"severity": "High",
"types": [
"EoP"
]
}