ASB-A-281666022
See a problem?- Import Source
- https://storage.googleapis.com/android-osv/ASB-A-281666022.json
- JSON Data
- https://api.osv.dev/v1/vulns/ASB-A-281666022
- Aliases
-
- A-281666022
- CVE-2023-40136
- Published
- 2025-02-01T00:00:00Z
- Modified
- 2025-02-07T16:12:49.639446Z
- Summary
- [none]
- Details
-
In setHeader of DialogFillUi.java, there is a possible way to view other user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
- References
Affected packages
Android / platform/frameworks/base
Package
Ecosystem specific
{
"vanir_signatures": [
{
"digest": {
"length": 3696.0,
"function_hash": "110995354895912650465302359732992851334"
},
"id": "ASB-A-281666022-196820fa",
"source": "https://android.googlesource.com/platform/frameworks/base/+/bf7fbbccd920596e514d1559fb3feaca70e55e78",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/autofill/java/com/android/server/autofill/ui/SaveUi.java",
"function": "applyCustomDescription"
},
"signature_type": "Function"
},
{
"digest": {
"length": 6510.0,
"function_hash": "31646391903980341277154471442477253944"
},
"id": "ASB-A-281666022-1b4aaead",
"source": "https://android.googlesource.com/platform/frameworks/base/+/bf7fbbccd920596e514d1559fb3feaca70e55e78",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/autofill/java/com/android/server/autofill/ui/FillUi.java",
"function": "FillUi"
},
"signature_type": "Function"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"152706124914265209826722211813105497440",
"122457438830031755697776489763091500155",
"9557648870503328618362177008065891024",
"21424190766785613237481844130356205668",
"318743049332437221904056720756700357292",
"19494396699293671953931356471127301788",
"125685506690105876920915180744054100445",
"193060436326013056668025233908441392097",
"45525861848201633409686579962243666914",
"247171390140834564838122080548466479325",
"11417974425339281741084590764620266974",
"63675271650473437443478445002199682738",
"337643276294840670681719171796552205364",
"120308007170846405930104003764350781053",
"110491743816707019839998419656968232453",
"290369119132319450297915760482112743456",
"318831208973307593363994768019606516553",
"118585930299939295491472408901765825976"
]
},
"id": "ASB-A-281666022-4cfd03f8",
"source": "https://android.googlesource.com/platform/frameworks/base/+/bf7fbbccd920596e514d1559fb3feaca70e55e78",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/autofill/java/com/android/server/autofill/ui/DialogFillUi.java"
},
"signature_type": "Line"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"70384187207969473467724071990317729398",
"320418546227076084465594181217435078892",
"139034975296227356350451546793061696188",
"198840029242654939539433467117586934531",
"313245536086977364838236582966126120156",
"9821241575628344625617058172907797661",
"84864080468086762366722034388010268348",
"321713212781640076910098641929018121181",
"60835553322294116645322918846401089571",
"194254830192584495059033577937727898134",
"147075656553749944497531376143451541327",
"11224255276186999251427813799537284016",
"190000541700740439308365212289947348130"
]
},
"id": "ASB-A-281666022-6bdb4aae",
"source": "https://android.googlesource.com/platform/frameworks/base/+/bf7fbbccd920596e514d1559fb3feaca70e55e78",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/autofill/java/com/android/server/autofill/ui/FillUi.java"
},
"signature_type": "Line"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"148303161279659643660660451501034279234",
"125883638802437311423689325172088876430",
"68109407143103339498063405506151933519",
"141851605057521366089072764562061264673"
]
},
"id": "ASB-A-281666022-6c63ca40",
"source": "https://android.googlesource.com/platform/frameworks/base/+/bf7fbbccd920596e514d1559fb3feaca70e55e78",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/autofill/java/com/android/server/autofill/ui/SaveUi.java"
},
"signature_type": "Line"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"195550187764114165661677033491385867525",
"207939012160879388942929324645558281641",
"197882718764834178866649541080794831380",
"239233852245253813103569443623407063279",
"44698807005793972678540295405764893919",
"21183059188807409401714516310665780128",
"300048194628243201263727493046361281547",
"303844278245018911624601514776114041871",
"229695913011207263233075675270896549026",
"55169701512537227256118636456135333684",
"198388733492753553705907241123091591212",
"304920987658179113312826479999607115028",
"269055928370450172860520757506759510794",
"237757000885932752970060260599884987089",
"33379483823330199745001603645193499184"
]
},
"id": "ASB-A-281666022-6ef78a68",
"source": "https://android.googlesource.com/platform/frameworks/base/+/bf7fbbccd920596e514d1559fb3feaca70e55e78",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/autofill/java/com/android/server/autofill/Helper.java"
},
"signature_type": "Line"
},
{
"digest": {
"length": 1677.0,
"function_hash": "14933855057066592257347322952625317997"
},
"id": "ASB-A-281666022-8ecc1824",
"source": "https://android.googlesource.com/platform/frameworks/base/+/bf7fbbccd920596e514d1559fb3feaca70e55e78",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/autofill/java/com/android/server/autofill/ui/DialogFillUi.java",
"function": "createDatasetItems"
},
"signature_type": "Function"
},
{
"digest": {
"length": 498.0,
"function_hash": "243658678464188710220306003597891618027"
},
"id": "ASB-A-281666022-9cab5935",
"source": "https://android.googlesource.com/platform/frameworks/base/+/bf7fbbccd920596e514d1559fb3feaca70e55e78",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/autofill/java/com/android/server/autofill/ui/DialogFillUi.java",
"function": "setHeader"
},
"signature_type": "Function"
},
{
"digest": {
"length": 754.0,
"function_hash": "49532191195551615746744837755912801092"
},
"id": "ASB-A-281666022-be150017",
"source": "https://android.googlesource.com/platform/frameworks/base/+/bf7fbbccd920596e514d1559fb3feaca70e55e78",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/autofill/java/com/android/server/autofill/ui/DialogFillUi.java",
"function": "initialAuthenticationLayout"
},
"signature_type": "Function"
}
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/bf7fbbccd920596e514d1559fb3feaca70e55e78"
],
"spl": "2025-02-01",
"severity": "High",
"types": [
"ID"
]
}
Android / platform/frameworks/base
Package
Ecosystem specific
{
"vanir_signatures": [
{
"digest": {
"length": 6466.0,
"function_hash": "155518773178166328024443815934004657924"
},
"id": "ASB-A-281666022-01c19f12",
"source": "https://android.googlesource.com/platform/frameworks/base/+/73fa082a7202100da107ae14dd7742ecd86da053",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/autofill/java/com/android/server/autofill/ui/FillUi.java",
"function": "FillUi"
},
"signature_type": "Function"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"148303161279659643660660451501034279234",
"125883638802437311423689325172088876430",
"68109407143103339498063405506151933519",
"141851605057521366089072764562061264673"
]
},
"id": "ASB-A-281666022-25520d4c",
"source": "https://android.googlesource.com/platform/frameworks/base/+/73fa082a7202100da107ae14dd7742ecd86da053",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/autofill/java/com/android/server/autofill/ui/SaveUi.java"
},
"signature_type": "Line"
},
{
"digest": {
"length": 3696.0,
"function_hash": "110995354895912650465302359732992851334"
},
"id": "ASB-A-281666022-2d7c8b01",
"source": "https://android.googlesource.com/platform/frameworks/base/+/73fa082a7202100da107ae14dd7742ecd86da053",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/autofill/java/com/android/server/autofill/ui/SaveUi.java",
"function": "applyCustomDescription"
},
"signature_type": "Function"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"206563368113645024653705304061605275981",
"197882718764834178866649541080794831380",
"239233852245253813103569443623407063279",
"44698807005793972678540295405764893919",
"21183059188807409401714516310665780128",
"300048194628243201263727493046361281547",
"200644165688969314273219891189461360855",
"77496428704198062703578586753481553588",
"55169701512537227256118636456135333684",
"198388733492753553705907241123091591212",
"304920987658179113312826479999607115028",
"269055928370450172860520757506759510794",
"237757000885932752970060260599884987089",
"33379483823330199745001603645193499184"
]
},
"id": "ASB-A-281666022-34faaefd",
"source": "https://android.googlesource.com/platform/frameworks/base/+/73fa082a7202100da107ae14dd7742ecd86da053",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/autofill/java/com/android/server/autofill/Helper.java"
},
"signature_type": "Line"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"70384187207969473467724071990317729398",
"320418546227076084465594181217435078892",
"139034975296227356350451546793061696188",
"198840029242654939539433467117586934531",
"313245536086977364838236582966126120156",
"9821241575628344625617058172907797661",
"84864080468086762366722034388010268348",
"321713212781640076910098641929018121181",
"60835553322294116645322918846401089571",
"194254830192584495059033577937727898134",
"147075656553749944497531376143451541327",
"11224255276186999251427813799537284016",
"190000541700740439308365212289947348130"
]
},
"id": "ASB-A-281666022-5d255097",
"source": "https://android.googlesource.com/platform/frameworks/base/+/73fa082a7202100da107ae14dd7742ecd86da053",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/autofill/java/com/android/server/autofill/ui/FillUi.java"
},
"signature_type": "Line"
}
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/73fa082a7202100da107ae14dd7742ecd86da053"
],
"spl": "2025-02-01",
"severity": "High",
"types": [
"ID"
]
}
Android / platform/frameworks/base
Package
Ecosystem specific
{
"vanir_signatures": [
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"70384187207969473467724071990317729398",
"320418546227076084465594181217435078892",
"139034975296227356350451546793061696188",
"198840029242654939539433467117586934531",
"313245536086977364838236582966126120156",
"9821241575628344625617058172907797661",
"84864080468086762366722034388010268348",
"321713212781640076910098641929018121181",
"60835553322294116645322918846401089571",
"194254830192584495059033577937727898134",
"147075656553749944497531376143451541327",
"11224255276186999251427813799537284016",
"190000541700740439308365212289947348130"
]
},
"id": "ASB-A-281666022-091bab1b",
"source": "https://android.googlesource.com/platform/frameworks/base/+/f7ca136c514dc975c3f46d95c53fd6b3752c577a",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/autofill/java/com/android/server/autofill/ui/FillUi.java"
},
"signature_type": "Line"
},
{
"digest": {
"length": 3696.0,
"function_hash": "110995354895912650465302359732992851334"
},
"id": "ASB-A-281666022-149edcfe",
"source": "https://android.googlesource.com/platform/frameworks/base/+/f7ca136c514dc975c3f46d95c53fd6b3752c577a",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/autofill/java/com/android/server/autofill/ui/SaveUi.java",
"function": "applyCustomDescription"
},
"signature_type": "Function"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"206563368113645024653705304061605275981",
"197882718764834178866649541080794831380",
"239233852245253813103569443623407063279",
"44698807005793972678540295405764893919",
"21183059188807409401714516310665780128",
"300048194628243201263727493046361281547",
"200644165688969314273219891189461360855",
"77496428704198062703578586753481553588",
"55169701512537227256118636456135333684",
"198388733492753553705907241123091591212",
"304920987658179113312826479999607115028",
"269055928370450172860520757506759510794",
"237757000885932752970060260599884987089",
"33379483823330199745001603645193499184"
]
},
"id": "ASB-A-281666022-1604cc61",
"source": "https://android.googlesource.com/platform/frameworks/base/+/f7ca136c514dc975c3f46d95c53fd6b3752c577a",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/autofill/java/com/android/server/autofill/Helper.java"
},
"signature_type": "Line"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"148303161279659643660660451501034279234",
"125883638802437311423689325172088876430",
"68109407143103339498063405506151933519",
"141851605057521366089072764562061264673"
]
},
"id": "ASB-A-281666022-26fe3684",
"source": "https://android.googlesource.com/platform/frameworks/base/+/f7ca136c514dc975c3f46d95c53fd6b3752c577a",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/autofill/java/com/android/server/autofill/ui/SaveUi.java"
},
"signature_type": "Line"
},
{
"digest": {
"length": 6466.0,
"function_hash": "155518773178166328024443815934004657924"
},
"id": "ASB-A-281666022-c7eb1d31",
"source": "https://android.googlesource.com/platform/frameworks/base/+/f7ca136c514dc975c3f46d95c53fd6b3752c577a",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/autofill/java/com/android/server/autofill/ui/FillUi.java",
"function": "FillUi"
},
"signature_type": "Function"
}
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/f7ca136c514dc975c3f46d95c53fd6b3752c577a"
],
"spl": "2025-02-01",
"severity": "High",
"types": [
"ID"
]
}
Android / platform/frameworks/base
Package
Ecosystem specific
{
"vanir_signatures": [
{
"digest": {
"length": 6466.0,
"function_hash": "155518773178166328024443815934004657924"
},
"id": "ASB-A-281666022-11ff21d0",
"source": "https://android.googlesource.com/platform/frameworks/base/+/93810ba1c0a4d31f49adbf9454731e2b7defdfc0",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/autofill/java/com/android/server/autofill/ui/FillUi.java",
"function": "FillUi"
},
"signature_type": "Function"
},
{
"digest": {
"length": 3696.0,
"function_hash": "110995354895912650465302359732992851334"
},
"id": "ASB-A-281666022-38fe16ba",
"source": "https://android.googlesource.com/platform/frameworks/base/+/93810ba1c0a4d31f49adbf9454731e2b7defdfc0",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/autofill/java/com/android/server/autofill/ui/SaveUi.java",
"function": "applyCustomDescription"
},
"signature_type": "Function"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"70384187207969473467724071990317729398",
"320418546227076084465594181217435078892",
"139034975296227356350451546793061696188",
"198840029242654939539433467117586934531",
"313245536086977364838236582966126120156",
"9821241575628344625617058172907797661",
"84864080468086762366722034388010268348",
"321713212781640076910098641929018121181",
"60835553322294116645322918846401089571",
"194254830192584495059033577937727898134",
"147075656553749944497531376143451541327",
"11224255276186999251427813799537284016",
"190000541700740439308365212289947348130"
]
},
"id": "ASB-A-281666022-6557573b",
"source": "https://android.googlesource.com/platform/frameworks/base/+/93810ba1c0a4d31f49adbf9454731e2b7defdfc0",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/autofill/java/com/android/server/autofill/ui/FillUi.java"
},
"signature_type": "Line"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"148303161279659643660660451501034279234",
"125883638802437311423689325172088876430",
"68109407143103339498063405506151933519",
"141851605057521366089072764562061264673"
]
},
"id": "ASB-A-281666022-6cadd22c",
"source": "https://android.googlesource.com/platform/frameworks/base/+/93810ba1c0a4d31f49adbf9454731e2b7defdfc0",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/autofill/java/com/android/server/autofill/ui/SaveUi.java"
},
"signature_type": "Line"
},
{
"digest": {
"length": 1677.0,
"function_hash": "14933855057066592257347322952625317997"
},
"id": "ASB-A-281666022-72e29c96",
"source": "https://android.googlesource.com/platform/frameworks/base/+/93810ba1c0a4d31f49adbf9454731e2b7defdfc0",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/autofill/java/com/android/server/autofill/ui/DialogFillUi.java",
"function": "createDatasetItems"
},
"signature_type": "Function"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"152706124914265209826722211813105497440",
"122457438830031755697776489763091500155",
"9557648870503328618362177008065891024",
"21424190766785613237481844130356205668",
"318743049332437221904056720756700357292",
"19494396699293671953931356471127301788",
"125685506690105876920915180744054100445",
"193060436326013056668025233908441392097",
"45525861848201633409686579962243666914",
"247171390140834564838122080548466479325",
"11417974425339281741084590764620266974",
"63675271650473437443478445002199682738",
"337643276294840670681719171796552205364",
"120308007170846405930104003764350781053",
"110491743816707019839998419656968232453",
"290369119132319450297915760482112743456",
"318831208973307593363994768019606516553",
"118585930299939295491472408901765825976"
]
},
"id": "ASB-A-281666022-819c4a43",
"source": "https://android.googlesource.com/platform/frameworks/base/+/93810ba1c0a4d31f49adbf9454731e2b7defdfc0",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/autofill/java/com/android/server/autofill/ui/DialogFillUi.java"
},
"signature_type": "Line"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"206563368113645024653705304061605275981",
"197882718764834178866649541080794831380",
"239233852245253813103569443623407063279",
"44698807005793972678540295405764893919",
"21183059188807409401714516310665780128",
"300048194628243201263727493046361281547",
"200644165688969314273219891189461360855",
"77496428704198062703578586753481553588",
"55169701512537227256118636456135333684",
"198388733492753553705907241123091591212",
"304920987658179113312826479999607115028",
"269055928370450172860520757506759510794",
"237757000885932752970060260599884987089",
"33379483823330199745001603645193499184"
]
},
"id": "ASB-A-281666022-acaf1308",
"source": "https://android.googlesource.com/platform/frameworks/base/+/93810ba1c0a4d31f49adbf9454731e2b7defdfc0",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/autofill/java/com/android/server/autofill/Helper.java"
},
"signature_type": "Line"
},
{
"digest": {
"length": 498.0,
"function_hash": "243658678464188710220306003597891618027"
},
"id": "ASB-A-281666022-eef87edb",
"source": "https://android.googlesource.com/platform/frameworks/base/+/93810ba1c0a4d31f49adbf9454731e2b7defdfc0",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/autofill/java/com/android/server/autofill/ui/DialogFillUi.java",
"function": "setHeader"
},
"signature_type": "Function"
},
{
"digest": {
"length": 754.0,
"function_hash": "49532191195551615746744837755912801092"
},
"id": "ASB-A-281666022-fa6519ef",
"source": "https://android.googlesource.com/platform/frameworks/base/+/93810ba1c0a4d31f49adbf9454731e2b7defdfc0",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/autofill/java/com/android/server/autofill/ui/DialogFillUi.java",
"function": "initialAuthenticationLayout"
},
"signature_type": "Function"
}
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/93810ba1c0a4d31f49adbf9454731e2b7defdfc0"
],
"spl": "2025-02-01",
"severity": "High",
"types": [
"ID"
]
}