ASB-A-278246904
See a problem?- Import Source
- https://storage.googleapis.com/android-osv/ASB-A-278246904.json
- JSON Data
- https://api.osv.dev/v1/vulns/ASB-A-278246904
- Aliases
-
- A-278246904
- CVE-2023-40123
- Published
- 2023-10-01T00:00:00Z
- Modified
- 2026-04-24T15:37:38.793646Z
- Summary
- [none]
- Details
-
In updateActionViews of PipMenuView.java, there is a possible bypass of a multi user security boundary due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
- References
Affected packages
Android / platform/frameworks/base
Package
Ecosystem specific
{
"vanir_signatures": [
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"166063239365407036358423908267271788855",
"238261694075635380651321613102455567842",
"18813654971782633136813057209079119774",
"298693978369705219306289472481635126836",
"228970914487273209765683008343858037409",
"308669220408222224656611470876126545861",
"197699114853082409449149109728014222192",
"209364448544501372143279473777566494659",
"216188453882021631452971651028580263799",
"94850097018368390728166738070588962869",
"72445180047628070739800573023735531549"
]
},
"id": "ASB-A-278246904-d36d1569",
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/frameworks/base/+/5f5a87d8a0dc9190327ba0e6113d5b80ee96abae",
"deprecated": false,
"target": {
"file": "packages/SystemUI/src/com/android/systemui/pip/phone/PipMenuActivity.java"
},
"signature_version": "v1"
},
{
"digest": {
"function_hash": "181592472918948688828376767510805820774",
"length": 1929.0
},
"id": "ASB-A-278246904-dcfb2aed",
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/frameworks/base/+/5f5a87d8a0dc9190327ba0e6113d5b80ee96abae",
"deprecated": false,
"target": {
"function": "updateActionViews",
"file": "packages/SystemUI/src/com/android/systemui/pip/phone/PipMenuActivity.java"
},
"signature_version": "v1"
}
],
"types": [
"ID"
],
"spl": "2023-10-01",
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/5f5a87d8a0dc9190327ba0e6113d5b80ee96abae"
],
"severity": "High"
}
Android / platform/frameworks/base
Package
Ecosystem specific
{
"vanir_signatures": [
{
"digest": {
"function_hash": "324042343437714289491964702341013391365",
"length": 2091.0
},
"id": "ASB-A-278246904-06f64a8c",
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/frameworks/base/+/4bf71d74fc21cd9389dbe00fb750e2f9802eb789",
"deprecated": false,
"target": {
"function": "updateActionViews",
"file": "libs/WindowManager/Shell/src/com/android/wm/shell/pip/phone/PipMenuView.java"
},
"signature_version": "v1"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"324847060176059378097650583737936443359",
"201914426576427113616282003798828523163",
"263506418221562484969851597863881285854",
"298693978369705219306289472481635126836",
"65028353250387951711319638958353438447",
"136790229638996451871466097405478164680",
"68170465010301158246315630610819079368",
"263352302776715897128641062905730961951",
"69457260422413678554051326443035127416",
"265017678738522029119583092157254262428",
"300353328676222188497957249077867958648",
"132265614032465781347840663960889966374",
"279619902974470852553413032210963791541"
]
},
"id": "ASB-A-278246904-e2044529",
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/frameworks/base/+/4bf71d74fc21cd9389dbe00fb750e2f9802eb789",
"deprecated": false,
"target": {
"file": "libs/WindowManager/Shell/src/com/android/wm/shell/pip/phone/PipMenuView.java"
},
"signature_version": "v1"
}
],
"types": [
"ID"
],
"spl": "2023-10-01",
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/4bf71d74fc21cd9389dbe00fb750e2f9802eb789"
],
"severity": "High"
}
Android / platform/frameworks/base
Package
Ecosystem specific
{
"vanir_signatures": [
{
"digest": {
"function_hash": "324042343437714289491964702341013391365",
"length": 2091.0
},
"id": "ASB-A-278246904-2aac263b",
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/frameworks/base/+/4bf71d74fc21cd9389dbe00fb750e2f9802eb789",
"deprecated": false,
"target": {
"function": "updateActionViews",
"file": "libs/WindowManager/Shell/src/com/android/wm/shell/pip/phone/PipMenuView.java"
},
"signature_version": "v1"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"324847060176059378097650583737936443359",
"201914426576427113616282003798828523163",
"263506418221562484969851597863881285854",
"298693978369705219306289472481635126836",
"65028353250387951711319638958353438447",
"136790229638996451871466097405478164680",
"68170465010301158246315630610819079368",
"263352302776715897128641062905730961951",
"69457260422413678554051326443035127416",
"265017678738522029119583092157254262428",
"300353328676222188497957249077867958648",
"132265614032465781347840663960889966374",
"279619902974470852553413032210963791541"
]
},
"id": "ASB-A-278246904-974cac41",
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/frameworks/base/+/4bf71d74fc21cd9389dbe00fb750e2f9802eb789",
"deprecated": false,
"target": {
"file": "libs/WindowManager/Shell/src/com/android/wm/shell/pip/phone/PipMenuView.java"
},
"signature_version": "v1"
}
],
"types": [
"ID"
],
"spl": "2023-10-01",
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/4bf71d74fc21cd9389dbe00fb750e2f9802eb789"
],
"severity": "High"
}
Android / platform/frameworks/base
Package
Ecosystem specific
{
"vanir_signatures": [
{
"digest": {
"function_hash": "91021012843999924637578713214436470282",
"length": 2135.0
},
"id": "ASB-A-278246904-883a9b56",
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/frameworks/base/+/1aee65603e262affd815fa53dcc5416c605e4037",
"deprecated": false,
"target": {
"function": "updateActionViews",
"file": "libs/WindowManager/Shell/src/com/android/wm/shell/pip/phone/PipMenuView.java"
},
"signature_version": "v1"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"324847060176059378097650583737936443359",
"201914426576427113616282003798828523163",
"263506418221562484969851597863881285854",
"298693978369705219306289472481635126836",
"93521960409155512391593538908610140054",
"191814625989978002119845273457027502519",
"149886920230859110625589295097639483924",
"263352302776715897128641062905730961951",
"69457260422413678554051326443035127416",
"265017678738522029119583092157254262428",
"250766418081665288800895074477766066642",
"71790000626337845181233356163845532353",
"13483996012871084488115841999795360436"
]
},
"id": "ASB-A-278246904-b10517f1",
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/frameworks/base/+/1aee65603e262affd815fa53dcc5416c605e4037",
"deprecated": false,
"target": {
"file": "libs/WindowManager/Shell/src/com/android/wm/shell/pip/phone/PipMenuView.java"
},
"signature_version": "v1"
}
],
"types": [
"ID"
],
"spl": "2023-10-01",
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/1aee65603e262affd815fa53dcc5416c605e4037"
],
"severity": "High"
}