ASB-A-270368476
See a problem?- Import Source
- https://storage.googleapis.com/android-osv/ASB-A-270368476.json
- JSON Data
- https://api.osv.dev/v1/vulns/ASB-A-270368476
- Aliases
-
- A-270368476
- CVE-2023-40116
- Published
- 2023-10-01T00:00:00Z
- Modified
- 2026-04-27T15:40:08.012512Z
- Summary
- [none]
- Details
-
In onTaskAppeared of PipTaskOrganizer.java, there is a possible way to bypass background activity launch restrictions due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
- References
Affected packages
Android / platform/frameworks/base
Package
Ecosystem specific
{
"vanir_signatures": [
{
"deprecated": false,
"digest": {
"line_hashes": [
"66409941875196780203679071720485759320",
"249825501416818358814829213642476147194",
"118699811272894210661265234708291264000",
"314904124287885909992861234525384513709",
"16119790279244530535461322802107562818",
"246494807188314216618621120050554696607",
"140513676057509253661067554560652494122",
"295050921507719318349337065064110109731",
"105045769641888133769977750158259718043",
"261734575546930252780250644523880121497",
"242913691792290724166339716119192646636",
"246781055635329598112787772846097277756",
"99438466694255604288644571851072757610"
],
"threshold": 0.9
},
"signature_type": "Line",
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/base/+/a54d763886ffd69aa14360dc999c76cd2af263f2",
"id": "ASB-A-270368476-6163c3d5",
"target": {
"file": "packages/SystemUI/src/com/android/systemui/pip/PipTaskOrganizer.java"
}
},
{
"deprecated": false,
"digest": {
"length": 1410.0,
"function_hash": "181491400177493555429237816646891076314"
},
"signature_type": "Function",
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/base/+/a54d763886ffd69aa14360dc999c76cd2af263f2",
"id": "ASB-A-270368476-62230532",
"target": {
"function": "onTaskAppeared",
"file": "packages/SystemUI/src/com/android/systemui/pip/PipTaskOrganizer.java"
}
},
{
"deprecated": false,
"digest": {
"length": 289.0,
"function_hash": "39469595170827841739636224664203121629"
},
"signature_type": "Function",
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/base/+/a54d763886ffd69aa14360dc999c76cd2af263f2",
"id": "ASB-A-270368476-63f5e53e",
"target": {
"function": "getValidSourceHintRect",
"file": "packages/SystemUI/src/com/android/systemui/pip/PipTaskOrganizer.java"
}
}
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/a54d763886ffd69aa14360dc999c76cd2af263f2"
],
"spl": "2023-10-01",
"severity": "High",
"types": [
"EoP"
]
}
Android / platform/frameworks/base
Package
Ecosystem specific
{
"vanir_signatures": [
{
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"id": "ASB-A-270368476-34add312",
"match_only_versions": [
"12"
],
"source": "https://android.googlesource.com/platform/frameworks/base/+/4fda9095ba9bdecb8250336d4f0ca328ed7c2aea",
"digest": {
"line_hashes": [
"209429025854056159767914066393032300010",
"220444712238162245414505967688722991297",
"178767500888007998083315743702464392481",
"299257603002189761949365254086058776383",
"20542107226573851640259004201327613496",
"263103364633141960488986345083847579584",
"241829706067599882521182732383981463301",
"222059183804709081811937293704782343215",
"32839148087363786103231288248690155168",
"338689995397819220111778241252026700835"
],
"threshold": 0.9
},
"target": {
"file": "libs/WindowManager/Shell/src/com/android/wm/shell/pip/PipTaskOrganizer.java"
}
},
{
"deprecated": false,
"digest": {
"length": 1088.0,
"function_hash": "38289670632256435549636737135832254850"
},
"signature_type": "Function",
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/base/+/4fda9095ba9bdecb8250336d4f0ca328ed7c2aea",
"id": "ASB-A-270368476-3c8148fd",
"target": {
"function": "startEnterAnimation",
"file": "libs/WindowManager/Shell/src/com/android/wm/shell/pip/PipTransition.java"
}
},
{
"deprecated": false,
"digest": {
"length": 2119.0,
"function_hash": "160389746768882259763309770676722951051"
},
"signature_type": "Function",
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/base/+/4fda9095ba9bdecb8250336d4f0ca328ed7c2aea",
"id": "ASB-A-270368476-491f2d73",
"target": {
"function": "onTaskAppeared",
"file": "libs/WindowManager/Shell/src/com/android/wm/shell/pip/PipTaskOrganizer.java"
}
},
{
"deprecated": false,
"digest": {
"length": 713.0,
"function_hash": "316511690904435827584297228092807432492"
},
"signature_type": "Function",
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/base/+/4fda9095ba9bdecb8250336d4f0ca328ed7c2aea",
"id": "ASB-A-270368476-7450e521",
"target": {
"function": "onTaskAppearedWithFixedRotation",
"file": "libs/WindowManager/Shell/src/com/android/wm/shell/pip/PipTaskOrganizer.java"
}
},
{
"deprecated": false,
"digest": {
"line_hashes": [
"63782221699039313840523007087291989928",
"45004624479083865885120527292616715238",
"97263869434801543928923037464445227885",
"71726101960436302332167399892895922560"
],
"threshold": 0.9
},
"signature_type": "Line",
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/base/+/4fda9095ba9bdecb8250336d4f0ca328ed7c2aea",
"id": "ASB-A-270368476-f3bea353",
"target": {
"file": "libs/WindowManager/Shell/src/com/android/wm/shell/pip/PipTransition.java"
}
}
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/4fda9095ba9bdecb8250336d4f0ca328ed7c2aea"
],
"spl": "2023-10-01",
"severity": "High",
"types": [
"EoP"
]
}
Android / platform/frameworks/base
Package
Ecosystem specific
{
"vanir_signatures": [
{
"deprecated": false,
"digest": {
"length": 752.0,
"function_hash": "338005715330227342067705909101533423797"
},
"signature_type": "Function",
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/base/+/59ef2c19e559bfc3f29974d63735758185975074",
"id": "ASB-A-270368476-5f896475",
"target": {
"function": "onTaskAppearedWithFixedRotation",
"file": "libs/WindowManager/Shell/src/com/android/wm/shell/pip/PipTaskOrganizer.java"
}
},
{
"deprecated": false,
"digest": {
"line_hashes": [
"63782221699039313840523007087291989928",
"45004624479083865885120527292616715238",
"97263869434801543928923037464445227885",
"236889982355939381297150488357076962895"
],
"threshold": 0.9
},
"signature_type": "Line",
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/base/+/59ef2c19e559bfc3f29974d63735758185975074",
"id": "ASB-A-270368476-73710627",
"target": {
"file": "libs/WindowManager/Shell/src/com/android/wm/shell/pip/PipTransition.java"
}
},
{
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"id": "ASB-A-270368476-913a7f5b",
"match_only_versions": [
"12L"
],
"source": "https://android.googlesource.com/platform/frameworks/base/+/59ef2c19e559bfc3f29974d63735758185975074",
"digest": {
"line_hashes": [
"209429025854056159767914066393032300010",
"220444712238162245414505967688722991297",
"178767500888007998083315743702464392481",
"299257603002189761949365254086058776383",
"20542107226573851640259004201327613496",
"263103364633141960488986345083847579584",
"241829706067599882521182732383981463301",
"222059183804709081811937293704782343215",
"32839148087363786103231288248690155168",
"67825956692415463057629696979124117501"
],
"threshold": 0.9
},
"target": {
"file": "libs/WindowManager/Shell/src/com/android/wm/shell/pip/PipTaskOrganizer.java"
}
},
{
"deprecated": false,
"digest": {
"length": 2174.0,
"function_hash": "110587108648452807324641174991334861851"
},
"signature_type": "Function",
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/base/+/59ef2c19e559bfc3f29974d63735758185975074",
"id": "ASB-A-270368476-91a09449",
"target": {
"function": "startEnterAnimation",
"file": "libs/WindowManager/Shell/src/com/android/wm/shell/pip/PipTransition.java"
}
},
{
"deprecated": false,
"digest": {
"length": 2304.0,
"function_hash": "56007200615144024626055728707502052307"
},
"signature_type": "Function",
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/base/+/59ef2c19e559bfc3f29974d63735758185975074",
"id": "ASB-A-270368476-c5832c66",
"target": {
"function": "onTaskAppeared",
"file": "libs/WindowManager/Shell/src/com/android/wm/shell/pip/PipTaskOrganizer.java"
}
}
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/59ef2c19e559bfc3f29974d63735758185975074"
],
"spl": "2023-10-01",
"severity": "High",
"types": [
"EoP"
]
}