ASB-A-276729064

See a problem?
Import Source
https://storage.googleapis.com/android-osv/ASB-A-276729064.json
JSON Data
https://api.osv.dev/v1/vulns/ASB-A-276729064
Aliases
Published
2023-10-01T00:00:00Z
Modified
2026-05-01T15:24:27.653932Z
Summary
[none]
Details

In visitUris of Notification.java, there is a possible bypass of user profile boundaries due to a missing permission check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.

References

Affected packages

Android
platform/frameworks/base

Package

Name
platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
14-next:0
Fixed
14-next:2023-10-01

Affected versions

Other
14-next

Ecosystem specific 

{
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/43b1711332763788c7abf05c3baa931296c45bbb"
    ],
    "severity": "High",
    "spl": "2023-10-01",
    "vanir_signatures": [
        {
            "deprecated": false,
            "signature_version": "v1",
            "id": "ASB-A-276729064-628798b5",
            "digest": {
                "length": 2344.0,
                "function_hash": "206080643568669631124953396971239018720"
            },
            "source": "https://android.googlesource.com/platform/frameworks/base/+/43b1711332763788c7abf05c3baa931296c45bbb",
            "signature_type": "Function",
            "target": {
                "file": "core/java/android/app/Notification.java",
                "function": "visitUris"
            }
        },
        {
            "deprecated": false,
            "signature_version": "v1",
            "id": "ASB-A-276729064-822599ed",
            "digest": {
                "line_hashes": [
                    "293871498699140096628809383344655540256",
                    "230570210740888002440340466972946828022",
                    "39809601059937207692447550842248064792",
                    "247274710125108089918752834510465687719"
                ],
                "threshold": 0.9
            },
            "source": "https://android.googlesource.com/platform/frameworks/base/+/43b1711332763788c7abf05c3baa931296c45bbb",
            "signature_type": "Line",
            "target": {
                "file": "core/java/android/app/Notification.java"
            }
        }
    ],
    "types": [
        "EoP"
    ]
}

Database specific

source 
"https://storage.googleapis.com/android-osv/ASB-A-276729064.json"
platform/frameworks/base

Package

Name
platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
11:0
Fixed
11:2023-10-01

Affected versions

Other
11

Ecosystem specific 

{
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/63f8ce3efd9a564ae83f1de38791a6d67c5a8ddb",
        "https://android.googlesource.com/platform/frameworks/base/+/f9d8830e3264c66d0f39b1d45eadd4039695a112",
        "https://android.googlesource.com/platform/frameworks/base/+/88e597d2b31d054ab5286b3a666accb08a8db5d5"
    ],
    "severity": "High",
    "spl": "2023-10-01",
    "vanir_signatures": [
        {
            "deprecated": false,
            "signature_version": "v1",
            "id": "ASB-A-276729064-290b3ace",
            "digest": {
                "length": 2160.0,
                "function_hash": "45946678691237749534323708555600184252"
            },
            "source": "https://android.googlesource.com/platform/frameworks/base/+/88e597d2b31d054ab5286b3a666accb08a8db5d5",
            "signature_type": "Function",
            "target": {
                "file": "core/java/android/app/Notification.java",
                "function": "visitUris"
            }
        },
        {
            "deprecated": false,
            "signature_version": "v1",
            "id": "ASB-A-276729064-4513277a",
            "digest": {
                "length": 2445.0,
                "function_hash": "88690414053046570452154742374956197705"
            },
            "source": "https://android.googlesource.com/platform/frameworks/base/+/f9d8830e3264c66d0f39b1d45eadd4039695a112",
            "signature_type": "Function",
            "target": {
                "file": "core/java/android/app/Notification.java",
                "function": "visitUris"
            }
        },
        {
            "deprecated": false,
            "signature_version": "v1",
            "id": "ASB-A-276729064-4f1dbb1c",
            "digest": {
                "line_hashes": [
                    "220635192558347618428557710966537549630",
                    "253334370248267018892539242638085805436",
                    "176838862555710248654229688049677396583",
                    "336609230544111782529988548778564228079"
                ],
                "threshold": 0.9
            },
            "source": "https://android.googlesource.com/platform/frameworks/base/+/63f8ce3efd9a564ae83f1de38791a6d67c5a8ddb",
            "signature_type": "Line",
            "target": {
                "file": "core/java/android/app/Notification.java"
            }
        },
        {
            "deprecated": false,
            "signature_version": "v1",
            "id": "ASB-A-276729064-667ac546",
            "digest": {
                "length": 1962.0,
                "function_hash": "293252752328763131305245326835911220509"
            },
            "source": "https://android.googlesource.com/platform/frameworks/base/+/63f8ce3efd9a564ae83f1de38791a6d67c5a8ddb",
            "signature_type": "Function",
            "target": {
                "file": "core/java/android/app/Notification.java",
                "function": "visitUris"
            }
        },
        {
            "deprecated": false,
            "signature_version": "v1",
            "id": "ASB-A-276729064-683002b8",
            "digest": {
                "line_hashes": [
                    "220635192558347618428557710966537549630",
                    "253334370248267018892539242638085805436",
                    "176838862555710248654229688049677396583",
                    "336609230544111782529988548778564228079"
                ],
                "threshold": 0.9
            },
            "source": "https://android.googlesource.com/platform/frameworks/base/+/88e597d2b31d054ab5286b3a666accb08a8db5d5",
            "signature_type": "Line",
            "target": {
                "file": "core/java/android/app/Notification.java"
            }
        },
        {
            "deprecated": false,
            "signature_version": "v1",
            "id": "ASB-A-276729064-a2b0774c",
            "digest": {
                "line_hashes": [
                    "284329220841021444102925843668787196027",
                    "334607245087039204157752518052222270092",
                    "192320463376510956991726854410949333725",
                    "12001060641025117291543897072481618492",
                    "280321219625922107598767162843685911426",
                    "91752997814129602926830114776134072092",
                    "282535532950185268076359292992678730011",
                    "92878655030594803546377182083274181073",
                    "138889379725379236404616749524878705537",
                    "69832214355760839001124167003115298049",
                    "108587633537507210242609878158511307392",
                    "238482942521325421166953426418539953961",
                    "336609230544111782529988548778564228079"
                ],
                "threshold": 0.9
            },
            "source": "https://android.googlesource.com/platform/frameworks/base/+/f9d8830e3264c66d0f39b1d45eadd4039695a112",
            "signature_type": "Line",
            "target": {
                "file": "core/java/android/app/Notification.java"
            }
        }
    ],
    "types": [
        "EoP"
    ]
}

Database specific

source 
"https://storage.googleapis.com/android-osv/ASB-A-276729064.json"
platform/frameworks/base

Package

Name
platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
12:0
Fixed
12:2023-10-01

Affected versions

Other
12

Ecosystem specific 

{
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/43b1711332763788c7abf05c3baa931296c45bbb",
        "https://android.googlesource.com/platform/frameworks/base/+/28428b737903c9b82d7ce3682336d15d8ad00762",
        "https://android.googlesource.com/platform/frameworks/base/+/88e597d2b31d054ab5286b3a666accb08a8db5d5"
    ],
    "severity": "High",
    "spl": "2023-10-01",
    "vanir_signatures": [
        {
            "deprecated": false,
            "signature_version": "v1",
            "id": "ASB-A-276729064-03b5ca52",
            "digest": {
                "length": 2344.0,
                "function_hash": "206080643568669631124953396971239018720"
            },
            "source": "https://android.googlesource.com/platform/frameworks/base/+/43b1711332763788c7abf05c3baa931296c45bbb",
            "signature_type": "Function",
            "target": {
                "file": "core/java/android/app/Notification.java",
                "function": "visitUris"
            }
        },
        {
            "deprecated": false,
            "signature_version": "v1",
            "id": "ASB-A-276729064-4242f22a",
            "digest": {
                "line_hashes": [
                    "293871498699140096628809383344655540256",
                    "230570210740888002440340466972946828022",
                    "39809601059937207692447550842248064792",
                    "247274710125108089918752834510465687719"
                ],
                "threshold": 0.9
            },
            "source": "https://android.googlesource.com/platform/frameworks/base/+/43b1711332763788c7abf05c3baa931296c45bbb",
            "signature_type": "Line",
            "target": {
                "file": "core/java/android/app/Notification.java"
            }
        },
        {
            "deprecated": false,
            "signature_version": "v1",
            "id": "ASB-A-276729064-63f6e12f",
            "digest": {
                "length": 2160.0,
                "function_hash": "45946678691237749534323708555600184252"
            },
            "source": "https://android.googlesource.com/platform/frameworks/base/+/88e597d2b31d054ab5286b3a666accb08a8db5d5",
            "signature_type": "Function",
            "target": {
                "file": "core/java/android/app/Notification.java",
                "function": "visitUris"
            }
        },
        {
            "deprecated": false,
            "match_only_versions": [
                "12"
            ],
            "signature_version": "v1",
            "digest": {
                "line_hashes": [
                    "30674339052424001950516864286665931655",
                    "334607245087039204157752518052222270092",
                    "192320463376510956991726854410949333725",
                    "12001060641025117291543897072481618492",
                    "280321219625922107598767162843685911426",
                    "91752997814129602926830114776134072092",
                    "282535532950185268076359292992678730011",
                    "92878655030594803546377182083274181073",
                    "138889379725379236404616749524878705537",
                    "69832214355760839001124167003115298049",
                    "108587633537507210242609878158511307392",
                    "209214712958229127365277677898883133842",
                    "247274710125108089918752834510465687719"
                ],
                "threshold": 0.9
            },
            "id": "ASB-A-276729064-71d63a4a",
            "signature_type": "Line",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/28428b737903c9b82d7ce3682336d15d8ad00762",
            "target": {
                "file": "core/java/android/app/Notification.java"
            }
        },
        {
            "deprecated": false,
            "signature_version": "v1",
            "id": "ASB-A-276729064-81b5eefb",
            "digest": {
                "line_hashes": [
                    "220635192558347618428557710966537549630",
                    "253334370248267018892539242638085805436",
                    "176838862555710248654229688049677396583",
                    "336609230544111782529988548778564228079"
                ],
                "threshold": 0.9
            },
            "source": "https://android.googlesource.com/platform/frameworks/base/+/88e597d2b31d054ab5286b3a666accb08a8db5d5",
            "signature_type": "Line",
            "target": {
                "file": "core/java/android/app/Notification.java"
            }
        },
        {
            "deprecated": false,
            "signature_version": "v1",
            "id": "ASB-A-276729064-c5aa945a",
            "digest": {
                "length": 2768.0,
                "function_hash": "328630913936997539884917677266248587884"
            },
            "source": "https://android.googlesource.com/platform/frameworks/base/+/28428b737903c9b82d7ce3682336d15d8ad00762",
            "signature_type": "Function",
            "target": {
                "file": "core/java/android/app/Notification.java",
                "function": "visitUris"
            }
        }
    ],
    "types": [
        "EoP"
    ]
}

Database specific

source 
"https://storage.googleapis.com/android-osv/ASB-A-276729064.json"
platform/frameworks/base

Package

Name
platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
12L:0
Fixed
12L:2023-10-01

Affected versions

Other
12L

Ecosystem specific 

{
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/43b1711332763788c7abf05c3baa931296c45bbb",
        "https://android.googlesource.com/platform/frameworks/base/+/bdc9b977e376fb3b6047530a179d00fd77f2aec1",
        "https://android.googlesource.com/platform/frameworks/base/+/88e597d2b31d054ab5286b3a666accb08a8db5d5"
    ],
    "severity": "High",
    "spl": "2023-10-01",
    "vanir_signatures": [
        {
            "deprecated": false,
            "signature_version": "v1",
            "id": "ASB-A-276729064-05cf81c8",
            "digest": {
                "line_hashes": [
                    "220635192558347618428557710966537549630",
                    "253334370248267018892539242638085805436",
                    "176838862555710248654229688049677396583",
                    "336609230544111782529988548778564228079"
                ],
                "threshold": 0.9
            },
            "source": "https://android.googlesource.com/platform/frameworks/base/+/88e597d2b31d054ab5286b3a666accb08a8db5d5",
            "signature_type": "Line",
            "target": {
                "file": "core/java/android/app/Notification.java"
            }
        },
        {
            "deprecated": false,
            "signature_version": "v1",
            "id": "ASB-A-276729064-52ddc4f9",
            "digest": {
                "line_hashes": [
                    "293871498699140096628809383344655540256",
                    "230570210740888002440340466972946828022",
                    "39809601059937207692447550842248064792",
                    "247274710125108089918752834510465687719"
                ],
                "threshold": 0.9
            },
            "source": "https://android.googlesource.com/platform/frameworks/base/+/43b1711332763788c7abf05c3baa931296c45bbb",
            "signature_type": "Line",
            "target": {
                "file": "core/java/android/app/Notification.java"
            }
        },
        {
            "deprecated": false,
            "signature_version": "v1",
            "id": "ASB-A-276729064-88f0fc61",
            "digest": {
                "length": 2768.0,
                "function_hash": "328630913936997539884917677266248587884"
            },
            "source": "https://android.googlesource.com/platform/frameworks/base/+/bdc9b977e376fb3b6047530a179d00fd77f2aec1",
            "signature_type": "Function",
            "target": {
                "file": "core/java/android/app/Notification.java",
                "function": "visitUris"
            }
        },
        {
            "deprecated": false,
            "signature_version": "v1",
            "id": "ASB-A-276729064-b260ca8e",
            "digest": {
                "length": 2160.0,
                "function_hash": "45946678691237749534323708555600184252"
            },
            "source": "https://android.googlesource.com/platform/frameworks/base/+/88e597d2b31d054ab5286b3a666accb08a8db5d5",
            "signature_type": "Function",
            "target": {
                "file": "core/java/android/app/Notification.java",
                "function": "visitUris"
            }
        },
        {
            "deprecated": false,
            "signature_version": "v1",
            "id": "ASB-A-276729064-bfd28233",
            "digest": {
                "length": 2344.0,
                "function_hash": "206080643568669631124953396971239018720"
            },
            "source": "https://android.googlesource.com/platform/frameworks/base/+/43b1711332763788c7abf05c3baa931296c45bbb",
            "signature_type": "Function",
            "target": {
                "file": "core/java/android/app/Notification.java",
                "function": "visitUris"
            }
        },
        {
            "deprecated": false,
            "match_only_versions": [
                "12L"
            ],
            "signature_version": "v1",
            "digest": {
                "line_hashes": [
                    "30674339052424001950516864286665931655",
                    "334607245087039204157752518052222270092",
                    "192320463376510956991726854410949333725",
                    "12001060641025117291543897072481618492",
                    "280321219625922107598767162843685911426",
                    "91752997814129602926830114776134072092",
                    "282535532950185268076359292992678730011",
                    "92878655030594803546377182083274181073",
                    "138889379725379236404616749524878705537",
                    "69832214355760839001124167003115298049",
                    "108587633537507210242609878158511307392",
                    "209214712958229127365277677898883133842",
                    "247274710125108089918752834510465687719"
                ],
                "threshold": 0.9
            },
            "id": "ASB-A-276729064-d5100e7e",
            "signature_type": "Line",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/bdc9b977e376fb3b6047530a179d00fd77f2aec1",
            "target": {
                "file": "core/java/android/app/Notification.java"
            }
        }
    ],
    "types": [
        "EoP"
    ]
}

Database specific

source 
"https://storage.googleapis.com/android-osv/ASB-A-276729064.json"
platform/frameworks/base

Package

Name
platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
13:0
Fixed
13:2023-10-01

Affected versions

Other
13

Ecosystem specific 

{
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/43b1711332763788c7abf05c3baa931296c45bbb",
        "https://android.googlesource.com/platform/frameworks/base/+/f69ded9ec319f753d1464586ee28248b84a2bacd",
        "https://android.googlesource.com/platform/frameworks/base/+/4e19431a60300c6ea6c7f7dd64299916e4eb09bc"
    ],
    "severity": "High",
    "spl": "2023-10-01",
    "vanir_signatures": [
        {
            "deprecated": false,
            "signature_version": "v1",
            "id": "ASB-A-276729064-1efbcc25",
            "digest": {
                "line_hashes": [
                    "250638055627944970047384174701610575040",
                    "230570210740888002440340466972946828022",
                    "39809601059937207692447550842248064792",
                    "247274710125108089918752834510465687719"
                ],
                "threshold": 0.9
            },
            "source": "https://android.googlesource.com/platform/frameworks/base/+/4e19431a60300c6ea6c7f7dd64299916e4eb09bc",
            "signature_type": "Line",
            "target": {
                "file": "core/java/android/app/Notification.java"
            }
        },
        {
            "deprecated": false,
            "signature_version": "v1",
            "id": "ASB-A-276729064-270eb8a4",
            "digest": {
                "line_hashes": [
                    "293871498699140096628809383344655540256",
                    "230570210740888002440340466972946828022",
                    "39809601059937207692447550842248064792",
                    "247274710125108089918752834510465687719"
                ],
                "threshold": 0.9
            },
            "source": "https://android.googlesource.com/platform/frameworks/base/+/43b1711332763788c7abf05c3baa931296c45bbb",
            "signature_type": "Line",
            "target": {
                "file": "core/java/android/app/Notification.java"
            }
        },
        {
            "deprecated": false,
            "signature_version": "v1",
            "id": "ASB-A-276729064-517b3a06",
            "digest": {
                "length": 2816.0,
                "function_hash": "26819728346843679430745099701471672379"
            },
            "source": "https://android.googlesource.com/platform/frameworks/base/+/f69ded9ec319f753d1464586ee28248b84a2bacd",
            "signature_type": "Function",
            "target": {
                "file": "core/java/android/app/Notification.java",
                "function": "visitUris"
            }
        },
        {
            "deprecated": false,
            "match_only_versions": [
                "13"
            ],
            "signature_version": "v1",
            "digest": {
                "line_hashes": [
                    "30674339052424001950516864286665931655",
                    "334607245087039204157752518052222270092",
                    "192320463376510956991726854410949333725",
                    "12001060641025117291543897072481618492",
                    "280321219625922107598767162843685911426",
                    "91752997814129602926830114776134072092",
                    "282535532950185268076359292992678730011",
                    "92878655030594803546377182083274181073",
                    "138889379725379236404616749524878705537",
                    "69832214355760839001124167003115298049",
                    "108587633537507210242609878158511307392",
                    "209214712958229127365277677898883133842",
                    "247274710125108089918752834510465687719"
                ],
                "threshold": 0.9
            },
            "id": "ASB-A-276729064-9ad50160",
            "signature_type": "Line",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/f69ded9ec319f753d1464586ee28248b84a2bacd",
            "target": {
                "file": "core/java/android/app/Notification.java"
            }
        },
        {
            "deprecated": false,
            "signature_version": "v1",
            "id": "ASB-A-276729064-be677faf",
            "digest": {
                "length": 2344.0,
                "function_hash": "206080643568669631124953396971239018720"
            },
            "source": "https://android.googlesource.com/platform/frameworks/base/+/43b1711332763788c7abf05c3baa931296c45bbb",
            "signature_type": "Function",
            "target": {
                "file": "core/java/android/app/Notification.java",
                "function": "visitUris"
            }
        },
        {
            "deprecated": false,
            "signature_version": "v1",
            "id": "ASB-A-276729064-e6092937",
            "digest": {
                "length": 2531.0,
                "function_hash": "101329898979370720004053874639125298630"
            },
            "source": "https://android.googlesource.com/platform/frameworks/base/+/4e19431a60300c6ea6c7f7dd64299916e4eb09bc",
            "signature_type": "Function",
            "target": {
                "file": "core/java/android/app/Notification.java",
                "function": "visitUris"
            }
        }
    ],
    "types": [
        "EoP"
    ]
}

Database specific

source 
"https://storage.googleapis.com/android-osv/ASB-A-276729064.json"