ASB-A-278558814
See a problem?- Import Source
- https://storage.googleapis.com/android-osv/ASB-A-278558814.json
- JSON Data
- https://api.osv.dev/v1/vulns/ASB-A-278558814
- Aliases
-
- A-278558814
- CVE-2023-40106
- Published
- 2023-11-01T00:00:00Z
- Modified
- 2024-08-07T19:30:14.071794Z
- Summary
- [none]
- Details
-
In sanitizeSbn of NotificationManagerService.java, there is a possible way to launch an activity from the background due to BAL Bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
- References
Affected packages
Android / platform/frameworks/base
Package
Ecosystem specific
{
"vanir_signatures": [
{
"match_only_versions": [
"11"
],
"digest": {
"length": 525.0,
"function_hash": "299885229804771728740092935875043806001"
},
"id": "ASB-A-278558814-39eea5ef",
"source": "https://android.googlesource.com/platform/frameworks/base/+/75fcbb37617246c43c2af34b12c9ae4b4043f9ac",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/notification/NotificationManagerService.java",
"function": "sanitizeSbn"
},
"signature_type": "Function"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"19328514911481988449621301501520510512",
"128180843045622298964632623511621361173",
"74689441452148401004442135179706795859",
"77537239920818797693030053119675326142",
"60413899272237561873938372037301081054"
]
},
"id": "ASB-A-278558814-4b542da9",
"source": "https://android.googlesource.com/platform/frameworks/base/+/75fcbb37617246c43c2af34b12c9ae4b4043f9ac",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "core/java/android/app/Notification.java"
},
"signature_type": "Line"
},
{
"digest": {
"length": 71.0,
"function_hash": "252082531642471137095806740854698228715"
},
"id": "ASB-A-278558814-95b67700",
"source": "https://android.googlesource.com/platform/frameworks/base/+/75fcbb37617246c43c2af34b12c9ae4b4043f9ac",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "core/java/android/app/Notification.java",
"function": "setAllowlistToken"
},
"signature_type": "Function"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"171548852846172734744435483104381182718",
"222376968769515075791879262325112236898",
"15274997982046198563146298409434740710",
"294096154273122677522205917725905343301"
]
},
"id": "ASB-A-278558814-f5fa0cbc",
"source": "https://android.googlesource.com/platform/frameworks/base/+/75fcbb37617246c43c2af34b12c9ae4b4043f9ac",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/notification/NotificationManagerService.java"
},
"signature_type": "Line"
}
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/75fcbb37617246c43c2af34b12c9ae4b4043f9ac"
],
"spl": "2023-11-01",
"severity": "High",
"types": [
"EoP"
]
}
Android / platform/frameworks/base
Package
Ecosystem specific
{
"vanir_signatures": [
{
"digest": {
"length": 71.0,
"function_hash": "275372314725821542637644716462634945986"
},
"id": "ASB-A-278558814-0138cc1a",
"source": "https://android.googlesource.com/platform/frameworks/base/+/8d839e4985d0acc662e1019390c88fab20bacbd6",
"deprecated": true,
"signature_version": "v1",
"target": {
"file": "core/java/android/app/Notification.java",
"function": "setAllowlistToken"
},
"signature_type": "Function"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"171548852846172734744435483104381182718",
"222376968769515075791879262325112236898",
"15274997982046198563146298409434740710",
"294096154273122677522205917725905343301"
]
},
"id": "ASB-A-278558814-22b24c29",
"source": "https://android.googlesource.com/platform/frameworks/base/+/8d839e4985d0acc662e1019390c88fab20bacbd6",
"deprecated": true,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/notification/NotificationManagerService.java"
},
"signature_type": "Line"
},
{
"match_only_versions": [
"12"
],
"digest": {
"length": 525.0,
"function_hash": "299885229804771728740092935875043806001"
},
"id": "ASB-A-278558814-d5606d2f",
"source": "https://android.googlesource.com/platform/frameworks/base/+/8d839e4985d0acc662e1019390c88fab20bacbd6",
"deprecated": true,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/notification/NotificationManagerService.java",
"function": "sanitizeSbn"
},
"signature_type": "Function"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"19328514911481988449621301501520510512",
"264348577362792108663720183346652756510",
"258169763999396838387685599658587282028",
"208883902105813895585599267926983689348",
"271312454085563944599205919785273639862"
]
},
"id": "ASB-A-278558814-fcfa0715",
"source": "https://android.googlesource.com/platform/frameworks/base/+/8d839e4985d0acc662e1019390c88fab20bacbd6",
"deprecated": true,
"signature_version": "v1",
"target": {
"file": "core/java/android/app/Notification.java"
},
"signature_type": "Line"
}
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/8d839e4985d0acc662e1019390c88fab20bacbd6"
],
"spl": "2023-11-01",
"severity": "High",
"types": [
"EoP"
]
}
Android / platform/frameworks/base
Package
Ecosystem specific
{
"vanir_signatures": [
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"171548852846172734744435483104381182718",
"222376968769515075791879262325112236898",
"15274997982046198563146298409434740710",
"294096154273122677522205917725905343301"
]
},
"id": "ASB-A-278558814-912fd3e1",
"source": "https://android.googlesource.com/platform/frameworks/base/+/8d839e4985d0acc662e1019390c88fab20bacbd6",
"deprecated": true,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/notification/NotificationManagerService.java"
},
"signature_type": "Line"
},
{
"digest": {
"length": 71.0,
"function_hash": "275372314725821542637644716462634945986"
},
"id": "ASB-A-278558814-d3c1ddb1",
"source": "https://android.googlesource.com/platform/frameworks/base/+/8d839e4985d0acc662e1019390c88fab20bacbd6",
"deprecated": true,
"signature_version": "v1",
"target": {
"file": "core/java/android/app/Notification.java",
"function": "setAllowlistToken"
},
"signature_type": "Function"
},
{
"match_only_versions": [
"12L"
],
"digest": {
"length": 525.0,
"function_hash": "299885229804771728740092935875043806001"
},
"id": "ASB-A-278558814-e6f926f7",
"source": "https://android.googlesource.com/platform/frameworks/base/+/8d839e4985d0acc662e1019390c88fab20bacbd6",
"deprecated": true,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/notification/NotificationManagerService.java",
"function": "sanitizeSbn"
},
"signature_type": "Function"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"19328514911481988449621301501520510512",
"264348577362792108663720183346652756510",
"258169763999396838387685599658587282028",
"208883902105813895585599267926983689348",
"271312454085563944599205919785273639862"
]
},
"id": "ASB-A-278558814-efee8be2",
"source": "https://android.googlesource.com/platform/frameworks/base/+/8d839e4985d0acc662e1019390c88fab20bacbd6",
"deprecated": true,
"signature_version": "v1",
"target": {
"file": "core/java/android/app/Notification.java"
},
"signature_type": "Line"
}
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/8d839e4985d0acc662e1019390c88fab20bacbd6"
],
"spl": "2023-11-01",
"severity": "High",
"types": [
"EoP"
]
}
Android / platform/frameworks/base
Package
Ecosystem specific
{
"vanir_signatures": [
{
"digest": {
"length": 71.0,
"function_hash": "275372314725821542637644716462634945986"
},
"id": "ASB-A-278558814-236d8e8f",
"source": "https://android.googlesource.com/platform/frameworks/base/+/1896c2e7068c9ec1ab8355d863d7e8107d5d5706",
"deprecated": true,
"signature_version": "v1",
"target": {
"file": "core/java/android/app/Notification.java",
"function": "setAllowlistToken"
},
"signature_type": "Function"
},
{
"match_only_versions": [
"13"
],
"digest": {
"length": 525.0,
"function_hash": "299885229804771728740092935875043806001"
},
"id": "ASB-A-278558814-392d2632",
"source": "https://android.googlesource.com/platform/frameworks/base/+/1896c2e7068c9ec1ab8355d863d7e8107d5d5706",
"deprecated": true,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/notification/NotificationManagerService.java",
"function": "sanitizeSbn"
},
"signature_type": "Function"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"19328514911481988449621301501520510512",
"264348577362792108663720183346652756510",
"258169763999396838387685599658587282028",
"208883902105813895585599267926983689348",
"271312454085563944599205919785273639862"
]
},
"id": "ASB-A-278558814-4f1a7aa4",
"source": "https://android.googlesource.com/platform/frameworks/base/+/1896c2e7068c9ec1ab8355d863d7e8107d5d5706",
"deprecated": true,
"signature_version": "v1",
"target": {
"file": "core/java/android/app/Notification.java"
},
"signature_type": "Line"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"171548852846172734744435483104381182718",
"222376968769515075791879262325112236898",
"15274997982046198563146298409434740710",
"294096154273122677522205917725905343301"
]
},
"id": "ASB-A-278558814-b4b30738",
"source": "https://android.googlesource.com/platform/frameworks/base/+/1896c2e7068c9ec1ab8355d863d7e8107d5d5706",
"deprecated": true,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/notification/NotificationManagerService.java"
},
"signature_type": "Line"
}
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/1896c2e7068c9ec1ab8355d863d7e8107d5d5706"
],
"spl": "2023-11-01",
"severity": "High",
"types": [
"EoP"
]
}
Android / platform/frameworks/base
Package
Ecosystem specific
{
"vanir_signatures": [
{
"match_only_versions": [
"14"
],
"digest": {
"length": 525.0,
"function_hash": "299885229804771728740092935875043806001"
},
"id": "ASB-A-278558814-02aae8ef",
"source": "https://android.googlesource.com/platform/frameworks/base/+/e79cbff7f85ea5497dcdb27b13535e4e3ac9913f",
"deprecated": true,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/notification/NotificationManagerService.java",
"function": "sanitizeSbn"
},
"signature_type": "Function"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"171548852846172734744435483104381182718",
"222376968769515075791879262325112236898",
"15274997982046198563146298409434740710",
"294096154273122677522205917725905343301"
]
},
"id": "ASB-A-278558814-a63fabec",
"source": "https://android.googlesource.com/platform/frameworks/base/+/e79cbff7f85ea5497dcdb27b13535e4e3ac9913f",
"deprecated": true,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/notification/NotificationManagerService.java"
},
"signature_type": "Line"
},
{
"digest": {
"length": 71.0,
"function_hash": "275372314725821542637644716462634945986"
},
"id": "ASB-A-278558814-e8d9c695",
"source": "https://android.googlesource.com/platform/frameworks/base/+/e79cbff7f85ea5497dcdb27b13535e4e3ac9913f",
"deprecated": true,
"signature_version": "v1",
"target": {
"file": "core/java/android/app/Notification.java",
"function": "setAllowlistToken"
},
"signature_type": "Function"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"19328514911481988449621301501520510512",
"264348577362792108663720183346652756510",
"258169763999396838387685599658587282028",
"208883902105813895585599267926983689348",
"271312454085563944599205919785273639862"
]
},
"id": "ASB-A-278558814-f875368b",
"source": "https://android.googlesource.com/platform/frameworks/base/+/e79cbff7f85ea5497dcdb27b13535e4e3ac9913f",
"deprecated": true,
"signature_version": "v1",
"target": {
"file": "core/java/android/app/Notification.java"
},
"signature_type": "Line"
}
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/e79cbff7f85ea5497dcdb27b13535e4e3ac9913f"
],
"spl": "2023-11-01",
"severity": "High",
"types": [
"EoP"
]
}