ASB-A-283103220
See a problem?- Import Source
- https://storage.googleapis.com/android-osv/ASB-A-283103220.json
- JSON Data
- https://api.osv.dev/v1/vulns/ASB-A-283103220
- Aliases
-
- A-283103220
- CVE-2024-34737
- Published
- 2024-08-01T00:00:00Z
- Modified
- 2024-11-06T12:16:03.231308Z
- Summary
- [none]
- Details
-
In ensureSetPipAspectRatioQuotaTracker of ActivityClientController.java, there is a possible way to generate unmovable and undeletable pip windows due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
- References
Affected packages
Android / platform/frameworks/base
Package
Ecosystem specific
{
"vanir_signatures": [
{
"digest": {
"length": 306.0,
"function_hash": "7661186528491046079776168913862366150"
},
"id": "ASB-A-283103220-141b11f4",
"source": "https://android.googlesource.com/platform/frameworks/base/+/17b00deed56a6bbd3b78fbac76c2f1089f615002",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/wm/ActivityClientController.java",
"function": "enterPictureInPictureMode"
},
"signature_type": "Function"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"20560361139697493239572078327654212989",
"196262081544903997256622560234058652990",
"145238596617758854685942466458763067341",
"101616803920260102196604217381177654707",
"170366304355567808352258637144423944727",
"245513285400685865588047207312748297311",
"233729006949429976137466122228001314313",
"9931488221603652907270801078703318456",
"196762249137715562813091058727356286363",
"220791316988420571958160381080647469192",
"21976226700441314954244461939528232298",
"49755412345419449558839851993022800668",
"213850530987789803621289675567474844135",
"105547404261213397132339546868903007659",
"67961713532094020957387950966994654375",
"324137957251426102315950415493378396369",
"213850530987789803621289675567474844135",
"94292210717988007472389600877455246396",
"329270710114063937963407335338271385794",
"272050194766935735912611777789447609548",
"71606650987266817749258932982127628827",
"175949891527355317870643126605712918573",
"133121324755513759455518452290437880526",
"227720175068353148805243015656664751219"
]
},
"id": "ASB-A-283103220-359bb290",
"source": "https://android.googlesource.com/platform/frameworks/base/+/17b00deed56a6bbd3b78fbac76c2f1089f615002",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/wm/ActivityClientController.java"
},
"signature_type": "Line"
},
{
"digest": {
"length": 281.0,
"function_hash": "101739474889880265372477014927441160066"
},
"id": "ASB-A-283103220-504b7ee6",
"source": "https://android.googlesource.com/platform/frameworks/base/+/17b00deed56a6bbd3b78fbac76c2f1089f615002",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/wm/ActivityClientController.java",
"function": "setPictureInPictureParams"
},
"signature_type": "Function"
},
{
"digest": {
"length": 1391.0,
"function_hash": "43442668249358473115613429488493375157"
},
"id": "ASB-A-283103220-df4a9737",
"source": "https://android.googlesource.com/platform/frameworks/base/+/17b00deed56a6bbd3b78fbac76c2f1089f615002",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/wm/ActivityClientController.java",
"function": "ensureValidPictureInPictureActivityParams"
},
"signature_type": "Function"
}
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/17b00deed56a6bbd3b78fbac76c2f1089f615002"
],
"spl": "2024-08-01",
"severity": "High",
"types": [
"EoP"
]
}
Android / platform/frameworks/base
Package
Ecosystem specific
{
"vanir_signatures": [
{
"digest": {
"length": 476.0,
"function_hash": "171421446813533110320952197215981956072"
},
"id": "ASB-A-283103220-306e2b7f",
"source": "https://android.googlesource.com/platform/frameworks/base/+/add219bcb2aa3654ed8614f150b664be1161812d",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/wm/ActivityClientController.java",
"function": "setPictureInPictureParams"
},
"signature_type": "Function"
},
{
"digest": {
"length": 1068.0,
"function_hash": "208782388286239501354787427445782463590"
},
"id": "ASB-A-283103220-33493cfc",
"source": "https://android.googlesource.com/platform/frameworks/base/+/add219bcb2aa3654ed8614f150b664be1161812d",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/wm/ActivityClientController.java",
"function": "ensureValidPictureInPictureActivityParams"
},
"signature_type": "Function"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"313753903221639052457570773679952840647",
"157660133717960975700920736535171584904",
"111626024918874756711164654525579247876",
"338259431431763331576199413549624206353",
"218707843283039590033781462603009053291",
"170752588125053999974321322778433402369",
"247382992357610374850516072490059300258",
"310446141881586806172284310145302718476",
"117068778597037076858245031807366161921",
"143146395528801866658816138666432240617",
"259981170478718095876877519938940011577",
"77113707542957055727576013389438363923",
"150032992700180872538678797932959151004",
"233729006949429976137466122228001314313",
"9931488221603652907270801078703318456",
"322029860016951986303404484919068377456",
"166779989194548946586417149501184084291",
"21976226700441314954244461939528232298",
"49755412345419449558839851993022800668",
"213850530987789803621289675567474844135",
"105547404261213397132339546868903007659",
"67961713532094020957387950966994654375",
"324137957251426102315950415493378396369",
"213850530987789803621289675567474844135",
"94292210717988007472389600877455246396",
"329519084657824103092102088903784724062",
"133099551088531585368083961539299597420",
"71606650987266817749258932982127628827",
"191218547820737875943830281508834633371",
"120302604704556958261461401843659402445",
"268516517505111659793925575948643560319"
]
},
"id": "ASB-A-283103220-4a166183",
"source": "https://android.googlesource.com/platform/frameworks/base/+/add219bcb2aa3654ed8614f150b664be1161812d",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/wm/ActivityClientController.java"
},
"signature_type": "Line"
},
{
"digest": {
"length": 299.0,
"function_hash": "320944223565968819131800783413842221896"
},
"id": "ASB-A-283103220-847dcf94",
"source": "https://android.googlesource.com/platform/frameworks/base/+/add219bcb2aa3654ed8614f150b664be1161812d",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/wm/ActivityClientController.java",
"function": "enterPictureInPictureMode"
},
"signature_type": "Function"
}
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/add219bcb2aa3654ed8614f150b664be1161812d"
],
"spl": "2024-08-01",
"severity": "High",
"types": [
"EoP"
]
}
Android / platform/frameworks/base
Package
Ecosystem specific
{
"vanir_signatures": [
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"170752588125053999974321322778433402369",
"247382992357610374850516072490059300258",
"310446141881586806172284310145302718476",
"297442260188609105749626537415161517239",
"85309560570767387151639309630880717261",
"280881219730440677504034363906185502717",
"233729006949429976137466122228001314313",
"9931488221603652907270801078703318456",
"322029860016951986303404484919068377456",
"166779989194548946586417149501184084291",
"21976226700441314954244461939528232298",
"49755412345419449558839851993022800668",
"213850530987789803621289675567474844135",
"105547404261213397132339546868903007659",
"67961713532094020957387950966994654375",
"324137957251426102315950415493378396369",
"213850530987789803621289675567474844135",
"94292210717988007472389600877455246396",
"329519084657824103092102088903784724062",
"133099551088531585368083961539299597420",
"71606650987266817749258932982127628827",
"191218547820737875943830281508834633371",
"120302604704556958261461401843659402445",
"268516517505111659793925575948643560319"
]
},
"id": "ASB-A-283103220-3ba0ff9c",
"source": "https://android.googlesource.com/platform/frameworks/base/+/c3f4dd070cfc7f20581779abd83620fc8769fbd4",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/wm/ActivityClientController.java"
},
"signature_type": "Line"
},
{
"digest": {
"length": 1068.0,
"function_hash": "208782388286239501354787427445782463590"
},
"id": "ASB-A-283103220-4b822e7d",
"source": "https://android.googlesource.com/platform/frameworks/base/+/c3f4dd070cfc7f20581779abd83620fc8769fbd4",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/wm/ActivityClientController.java",
"function": "ensureValidPictureInPictureActivityParams"
},
"signature_type": "Function"
},
{
"digest": {
"length": 476.0,
"function_hash": "171421446813533110320952197215981956072"
},
"id": "ASB-A-283103220-5dede2a7",
"source": "https://android.googlesource.com/platform/frameworks/base/+/c3f4dd070cfc7f20581779abd83620fc8769fbd4",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/wm/ActivityClientController.java",
"function": "setPictureInPictureParams"
},
"signature_type": "Function"
},
{
"digest": {
"length": 299.0,
"function_hash": "320944223565968819131800783413842221896"
},
"id": "ASB-A-283103220-d7aaf431",
"source": "https://android.googlesource.com/platform/frameworks/base/+/c3f4dd070cfc7f20581779abd83620fc8769fbd4",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/wm/ActivityClientController.java",
"function": "enterPictureInPictureMode"
},
"signature_type": "Function"
}
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/c3f4dd070cfc7f20581779abd83620fc8769fbd4"
],
"spl": "2024-08-01",
"severity": "High",
"types": [
"EoP"
]
}
Android / platform/frameworks/base
Package
Ecosystem specific
{
"vanir_signatures": [
{
"digest": {
"length": 281.0,
"function_hash": "101739474889880265372477014927441160066"
},
"id": "ASB-A-283103220-0dce4b45",
"source": "https://android.googlesource.com/platform/frameworks/base/+/8d814cc3b2fc94c8c47861abbcb3cec72aceb07e",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/wm/ActivityClientController.java",
"function": "setPictureInPictureParams"
},
"signature_type": "Function"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"20560361139697493239572078327654212989",
"196262081544903997256622560234058652990",
"145238596617758854685942466458763067341",
"151387009672693134392036860732504258789",
"27186018982421236427327993739609283489",
"280881219730440677504034363906185502717",
"233729006949429976137466122228001314313",
"9931488221603652907270801078703318456",
"322029860016951986303404484919068377456",
"166779989194548946586417149501184084291",
"21976226700441314954244461939528232298",
"49755412345419449558839851993022800668",
"213850530987789803621289675567474844135",
"105547404261213397132339546868903007659",
"67961713532094020957387950966994654375",
"324137957251426102315950415493378396369",
"213850530987789803621289675567474844135",
"94292210717988007472389600877455246396",
"329270710114063937963407335338271385794",
"272050194766935735912611777789447609548",
"71606650987266817749258932982127628827",
"175949891527355317870643126605712918573",
"133121324755513759455518452290437880526",
"227720175068353148805243015656664751219"
]
},
"id": "ASB-A-283103220-d52b2dcc",
"source": "https://android.googlesource.com/platform/frameworks/base/+/8d814cc3b2fc94c8c47861abbcb3cec72aceb07e",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/wm/ActivityClientController.java"
},
"signature_type": "Line"
},
{
"digest": {
"length": 1391.0,
"function_hash": "43442668249358473115613429488493375157"
},
"id": "ASB-A-283103220-d9dceac4",
"source": "https://android.googlesource.com/platform/frameworks/base/+/8d814cc3b2fc94c8c47861abbcb3cec72aceb07e",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/wm/ActivityClientController.java",
"function": "ensureValidPictureInPictureActivityParams"
},
"signature_type": "Function"
},
{
"digest": {
"length": 299.0,
"function_hash": "320944223565968819131800783413842221896"
},
"id": "ASB-A-283103220-fc790be8",
"source": "https://android.googlesource.com/platform/frameworks/base/+/8d814cc3b2fc94c8c47861abbcb3cec72aceb07e",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/wm/ActivityClientController.java",
"function": "enterPictureInPictureMode"
},
"signature_type": "Function"
}
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/8d814cc3b2fc94c8c47861abbcb3cec72aceb07e"
],
"spl": "2024-08-01",
"severity": "High",
"types": [
"EoP"
]
}
Android / platform/frameworks/base
Package
Ecosystem specific
{
"vanir_signatures": [
{
"digest": {
"length": 299.0,
"function_hash": "320944223565968819131800783413842221896"
},
"id": "ASB-A-283103220-496750e4",
"source": "https://android.googlesource.com/platform/frameworks/base/+/8d814cc3b2fc94c8c47861abbcb3cec72aceb07e",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/wm/ActivityClientController.java",
"function": "enterPictureInPictureMode"
},
"signature_type": "Function"
},
{
"digest": {
"length": 1391.0,
"function_hash": "43442668249358473115613429488493375157"
},
"id": "ASB-A-283103220-49daa69f",
"source": "https://android.googlesource.com/platform/frameworks/base/+/8d814cc3b2fc94c8c47861abbcb3cec72aceb07e",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/wm/ActivityClientController.java",
"function": "ensureValidPictureInPictureActivityParams"
},
"signature_type": "Function"
},
{
"digest": {
"length": 281.0,
"function_hash": "101739474889880265372477014927441160066"
},
"id": "ASB-A-283103220-8fc54945",
"source": "https://android.googlesource.com/platform/frameworks/base/+/8d814cc3b2fc94c8c47861abbcb3cec72aceb07e",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/wm/ActivityClientController.java",
"function": "setPictureInPictureParams"
},
"signature_type": "Function"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"20560361139697493239572078327654212989",
"196262081544903997256622560234058652990",
"145238596617758854685942466458763067341",
"151387009672693134392036860732504258789",
"27186018982421236427327993739609283489",
"280881219730440677504034363906185502717",
"233729006949429976137466122228001314313",
"9931488221603652907270801078703318456",
"322029860016951986303404484919068377456",
"166779989194548946586417149501184084291",
"21976226700441314954244461939528232298",
"49755412345419449558839851993022800668",
"213850530987789803621289675567474844135",
"105547404261213397132339546868903007659",
"67961713532094020957387950966994654375",
"324137957251426102315950415493378396369",
"213850530987789803621289675567474844135",
"94292210717988007472389600877455246396",
"329270710114063937963407335338271385794",
"272050194766935735912611777789447609548",
"71606650987266817749258932982127628827",
"175949891527355317870643126605712918573",
"133121324755513759455518452290437880526",
"227720175068353148805243015656664751219"
]
},
"id": "ASB-A-283103220-9d04c72f",
"source": "https://android.googlesource.com/platform/frameworks/base/+/8d814cc3b2fc94c8c47861abbcb3cec72aceb07e",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/wm/ActivityClientController.java"
},
"signature_type": "Line"
}
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/8d814cc3b2fc94c8c47861abbcb3cec72aceb07e"
],
"spl": "2024-08-01",
"severity": "High",
"types": [
"EoP"
]
}