ASB-A-278722815

See a problem?
Import Source
https://storage.googleapis.com/android-osv/ASB-A-278722815.json
JSON Data
https://api.osv.dev/v1/vulns/ASB-A-278722815
Aliases
Published
2023-12-01T00:00:00Z
Modified
2026-04-28T15:17:37.552933Z
Summary
[none]
Details

In injectSendIntentSender of ShortcutService.java, there is a possible background activity launch due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

References

Affected packages

Android / platform/frameworks/base

Package

Name
platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
14-next:0
Fixed
14-next:2023-12-01

Affected versions

Other
14-next

Ecosystem specific 

{
    "spl": "2023-12-01",
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/eb90469587d908ac89121baf4f4dca3d1da5b817"
    ],
    "types": [
        "EoP"
    ],
    "vanir_signatures": [
        {
            "match_only_versions": [
                "14-next"
            ],
            "signature_type": "Function",
            "deprecated": false,
            "digest": {
                "length": 239.0,
                "function_hash": "274573072377361941630205671080613837356"
            },
            "target": {
                "function": "injectSendIntentSender",
                "file": "services/core/java/com/android/server/pm/ShortcutService.java"
            },
            "id": "ASB-A-278722815-9c303291",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/eb90469587d908ac89121baf4f4dca3d1da5b817",
            "signature_version": "v1"
        },
        {
            "match_only_versions": [
                "14-next"
            ],
            "signature_type": "Line",
            "deprecated": false,
            "digest": {
                "line_hashes": [
                    "282007050083275395812881588875439224010",
                    "121767373360754503692510933823465049676",
                    "210091644919993644973117657717030182698",
                    "241511480748587819235818580045714909922",
                    "109535088465150795597397831887177697388",
                    "329664286049235529124895840553730018214",
                    "231911230713795010449640140776637075032",
                    "60328244444378710411924095724399144432",
                    "98855905654055469102136301636680550000",
                    "114829687165789329088780961588095937225",
                    "25064514220660965008269132321312445530"
                ],
                "threshold": 0.9
            },
            "target": {
                "file": "services/core/java/com/android/server/pm/ShortcutService.java"
            },
            "id": "ASB-A-278722815-dbb125e9",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/eb90469587d908ac89121baf4f4dca3d1da5b817",
            "signature_version": "v1"
        }
    ],
    "severity": "High"
}

Database specific

source 
"https://storage.googleapis.com/android-osv/ASB-A-278722815.json"

Android / platform/frameworks/base

Package

Name
platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
14:0
Fixed
14:2023-12-01

Affected versions

Other
14

Ecosystem specific 

{
    "spl": "2023-12-01",
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/0a0778e96d7da3fa8169abdf9261ed62809539fa"
    ],
    "types": [
        "EoP"
    ],
    "vanir_signatures": [
        {
            "match_only_versions": [
                "14"
            ],
            "signature_type": "Function",
            "deprecated": false,
            "digest": {
                "length": 239.0,
                "function_hash": "274573072377361941630205671080613837356"
            },
            "target": {
                "function": "injectSendIntentSender",
                "file": "services/core/java/com/android/server/pm/ShortcutService.java"
            },
            "id": "ASB-A-278722815-7851366d",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/0a0778e96d7da3fa8169abdf9261ed62809539fa",
            "signature_version": "v1"
        },
        {
            "match_only_versions": [
                "14"
            ],
            "signature_type": "Line",
            "deprecated": false,
            "digest": {
                "line_hashes": [
                    "282007050083275395812881588875439224010",
                    "121767373360754503692510933823465049676",
                    "210091644919993644973117657717030182698",
                    "241511480748587819235818580045714909922",
                    "109535088465150795597397831887177697388",
                    "329664286049235529124895840553730018214",
                    "231911230713795010449640140776637075032",
                    "60328244444378710411924095724399144432",
                    "98855905654055469102136301636680550000",
                    "114829687165789329088780961588095937225",
                    "25064514220660965008269132321312445530"
                ],
                "threshold": 0.9
            },
            "target": {
                "file": "services/core/java/com/android/server/pm/ShortcutService.java"
            },
            "id": "ASB-A-278722815-c6c74a05",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/0a0778e96d7da3fa8169abdf9261ed62809539fa",
            "signature_version": "v1"
        }
    ],
    "severity": "High"
}

Database specific

source 
"https://storage.googleapis.com/android-osv/ASB-A-278722815.json"