In visitUris of Notification.java, there is a possible way to reveal images across users due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.
{
"types": [
"ID"
],
"spl": "2023-08-01",
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/13bfb2282f1aa51f2cc3feab865dd95fe2099740"
],
"severity": "High",
"vanir_signatures": [
{
"target": {
"file": "core/java/android/app/Notification.java"
},
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"324233427981781607540306433621735949661",
"264942182053378596134081566774471213955",
"247322044271246743110306386928965046179",
"50405876539861166732624558246520248555"
]
},
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/frameworks/base/+/13bfb2282f1aa51f2cc3feab865dd95fe2099740",
"deprecated": false,
"id": "ASB-A-276294099-8675f3e5"
},
{
"target": {
"function": "visitUris",
"file": "core/java/android/app/Notification.java"
},
"signature_version": "v1",
"digest": {
"function_hash": "102290230980165670159391216524883580302",
"length": 2848.0
},
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/frameworks/base/+/13bfb2282f1aa51f2cc3feab865dd95fe2099740",
"deprecated": false,
"id": "ASB-A-276294099-93acf9dd"
}
]
}{
"types": [
"ID"
],
"spl": "2023-08-01",
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/9663d493142b59c65311bc09d48427d3bdde0222"
],
"severity": "High",
"vanir_signatures": [
{
"target": {
"function": "visitUris",
"file": "core/java/android/app/Notification.java"
},
"signature_version": "v1",
"digest": {
"function_hash": "111248229135962808590699590406878258901",
"length": 2375.0
},
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/frameworks/base/+/9663d493142b59c65311bc09d48427d3bdde0222",
"deprecated": false,
"id": "ASB-A-276294099-4bd76cb2"
},
{
"id": "ASB-A-276294099-f0b9d2ff",
"digest": {
"line_hashes": [
"324233427981781607540306433621735949661",
"264942182053378596134081566774471213955",
"247322044271246743110306386928965046179",
"50405876539861166732624558246520248555"
],
"threshold": 0.9
},
"signature_version": "v1",
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/frameworks/base/+/9663d493142b59c65311bc09d48427d3bdde0222",
"deprecated": false,
"target": {
"file": "core/java/android/app/Notification.java"
}
}
]
}{
"types": [
"ID"
],
"spl": "2023-08-01",
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/67cd169d073486c7c047b80ab83843cdee69bf53"
],
"severity": "High",
"vanir_signatures": [
{
"id": "ASB-A-276294099-8529d90c",
"digest": {
"function_hash": "143390102946370275124655086785671619060",
"length": 2698.0
},
"signature_version": "v1",
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/frameworks/base/+/67cd169d073486c7c047b80ab83843cdee69bf53",
"deprecated": false,
"target": {
"function": "visitUris",
"file": "core/java/android/app/Notification.java"
}
},
{
"id": "ASB-A-276294099-fe18d1d4",
"signature_version": "v1",
"target": {
"file": "core/java/android/app/Notification.java"
},
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/frameworks/base/+/67cd169d073486c7c047b80ab83843cdee69bf53",
"deprecated": false,
"digest": {
"line_hashes": [
"324233427981781607540306433621735949661",
"264942182053378596134081566774471213955",
"247322044271246743110306386928965046179",
"50405876539861166732624558246520248555"
],
"threshold": 0.9
}
}
]
}{
"types": [
"ID"
],
"spl": "2023-08-01",
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/67cd169d073486c7c047b80ab83843cdee69bf53"
],
"severity": "High",
"vanir_signatures": [
{
"id": "ASB-A-276294099-30613b06",
"digest": {
"line_hashes": [
"324233427981781607540306433621735949661",
"264942182053378596134081566774471213955",
"247322044271246743110306386928965046179",
"50405876539861166732624558246520248555"
],
"threshold": 0.9
},
"signature_version": "v1",
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/frameworks/base/+/67cd169d073486c7c047b80ab83843cdee69bf53",
"deprecated": false,
"target": {
"file": "core/java/android/app/Notification.java"
}
},
{
"id": "ASB-A-276294099-7e152e04",
"digest": {
"function_hash": "143390102946370275124655086785671619060",
"length": 2698.0
},
"signature_version": "v1",
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/frameworks/base/+/67cd169d073486c7c047b80ab83843cdee69bf53",
"deprecated": false,
"target": {
"function": "visitUris",
"file": "core/java/android/app/Notification.java"
}
}
]
}{
"types": [
"ID"
],
"spl": "2023-08-01",
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/67cd169d073486c7c047b80ab83843cdee69bf53"
],
"severity": "High",
"vanir_signatures": [
{
"id": "ASB-A-276294099-3be54603",
"digest": {
"function_hash": "143390102946370275124655086785671619060",
"length": 2698.0
},
"signature_version": "v1",
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/frameworks/base/+/67cd169d073486c7c047b80ab83843cdee69bf53",
"deprecated": false,
"target": {
"function": "visitUris",
"file": "core/java/android/app/Notification.java"
}
},
{
"target": {
"file": "core/java/android/app/Notification.java"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"324233427981781607540306433621735949661",
"264942182053378596134081566774471213955",
"247322044271246743110306386928965046179",
"50405876539861166732624558246520248555"
]
},
"id": "ASB-A-276294099-d293a69b",
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/frameworks/base/+/67cd169d073486c7c047b80ab83843cdee69bf53",
"deprecated": false,
"signature_version": "v1"
}
]
}