ASB-A-279428283

See a problem?

Import Source

https://storage.googleapis.com/android-osv/ASB-A-279428283.json

JSON Data

https://api.osv.dev/v1/vulns/ASB-A-279428283

Aliases

CVE-2024-0025

Published

2024-05-01T00:00:00Z

Modified

2024-07-26T15:05:31Z

Summary

BG-FGS restrictions bypass via set app-owned IIntentSender to contentIntent.mTarget and call `PendingIntent.send` with callbacked whitelistToken

Details

In sendIntentSender of ActivityManagerService.java, there is a possible background activity launch due to a logic error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

References

Affected packages

Android / platform/frameworks/base

Package

Name: platform/frameworks/base

Affected ranges

Type: ECOSYSTEM
Events: Introduced

14-next:0

Fixed

14-next:2024-05-01

Affected versions

Other

14-next

Ecosystem specific

{
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/3ced332ad690e5b308b02db5c9cdd9ca30368c4a",
        "https://android.googlesource.com/platform/frameworks/base/+/2938b381ca54cf3a62273f51211c1e03d0f1c30a"
    ],
    "spl": "2024-05-01",
    "types": [
        "EoP"
    ],
    "severity": "High"
}

Android / platform/frameworks/base

Package

Name: platform/frameworks/base

Affected ranges

Type: ECOSYSTEM
Events: Introduced

12:0

Fixed

12:2024-05-01

Affected versions

Other

Ecosystem specific

{
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/7a76717b61d8cb90a4987454f34e88417d68608b"
    ],
    "spl": "2024-05-01",
    "types": [
        "EoP"
    ],
    "severity": "High"
}

Android / platform/frameworks/base

Package

Name: platform/frameworks/base

Affected ranges

Type: ECOSYSTEM
Events: Introduced

12L:0

Fixed

12L:2024-05-01

Affected versions

Other

12L

Ecosystem specific

{
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/792a8bd3f47214b805ce95b2c418bf54675713f7"
    ],
    "spl": "2024-05-01",
    "types": [
        "EoP"
    ],
    "severity": "High"
}

Android / platform/frameworks/base

Package

Name: platform/frameworks/base

Affected ranges

Type: ECOSYSTEM
Events: Introduced

13:0

Fixed

13:2024-05-01

Affected versions

Other

Ecosystem specific

{
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/e5069813ecf230b9fe9a3302a2a59c91d1aa6498"
    ],
    "spl": "2024-05-01",
    "types": [
        "EoP"
    ],
    "severity": "High"
}

Android / platform/frameworks/base

Package

Name: platform/frameworks/base

Affected ranges

Type: ECOSYSTEM
Events: Introduced

14:0

Fixed

14:2024-05-01

Affected versions

Other

Ecosystem specific

{
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/6a58836fbdee74e6ba1192814dde0b4597414aa0"
    ],
    "spl": "2024-05-01",
    "types": [
        "EoP"
    ],
    "severity": "High"
}