ASB-A-283699145

See a problem?
Import Source
https://storage.googleapis.com/android-osv/ASB-A-283699145.json
JSON Data
https://api.osv.dev/v1/vulns/ASB-A-283699145
Aliases
Published
2023-12-01T00:00:00Z
Modified
2026-04-24T15:37:38.793646Z
Summary
[none]
Details

In onTransact of IncidentService.cpp, there is a possible out of bounds write due to memory corruption. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

References

Affected packages

Android
platform/frameworks/base

Package

Name
platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
14-next:0
Fixed
14-next:2023-12-01

Affected versions

Other
14-next

Ecosystem specific 

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "172443825425735659130612088279631497838",
                    "87095234300440577981712593612054653192",
                    "181035596412257502561531291368585469683",
                    "178560458846057669041384444199635420189",
                    "272320636500326788687113970580329097263",
                    "124938934875534925526175360237650061883",
                    "266767335645061768932475154149530364725",
                    "141177541074504564839850689640202501430",
                    "78165157138368822931328054849781914200",
                    "223486805494479665078780819804238327125",
                    "167681171040007542862107872106203057846",
                    "76969655573289818818651540298835593549",
                    "10956823126506419822393896227440217122",
                    "125571098748896862381169465902116515961",
                    "58282277178717432294300886937119173818",
                    "283374286640108271559969475024193896829",
                    "132881330010620496522334561253869658802"
                ]
            },
            "id": "ASB-A-283699145-b708d3c2",
            "deprecated": false,
            "signature_version": "v1",
            "signature_type": "Line",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/ba78ef276951269f7b024baebdf1b8fa40bedb23",
            "target": {
                "file": "cmds/incidentd/src/IncidentService.cpp"
            }
        },
        {
            "digest": {
                "length": 1260.0,
                "function_hash": "205720072474376637546658943542620039004"
            },
            "id": "ASB-A-283699145-d157f143",
            "deprecated": false,
            "signature_version": "v1",
            "signature_type": "Function",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/ba78ef276951269f7b024baebdf1b8fa40bedb23",
            "target": {
                "function": "IncidentService::onTransact",
                "file": "cmds/incidentd/src/IncidentService.cpp"
            }
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/ba78ef276951269f7b024baebdf1b8fa40bedb23"
    ],
    "types": [
        "EoP"
    ],
    "spl": "2023-12-01",
    "severity": "High"
}

Database specific

source 
"https://storage.googleapis.com/android-osv/ASB-A-283699145.json"
platform/frameworks/base

Package

Name
platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
11:0
Fixed
11:2023-12-01

Affected versions

Other
11

Ecosystem specific 

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "172443825425735659130612088279631497838",
                    "87095234300440577981712593612054653192",
                    "181035596412257502561531291368585469683",
                    "178560458846057669041384444199635420189",
                    "272320636500326788687113970580329097263",
                    "124938934875534925526175360237650061883",
                    "302862291444684829093576579100726276569",
                    "36201056607344935758438273136816154414",
                    "109823369971792074326148648264918672981",
                    "223486805494479665078780819804238327125",
                    "167681171040007542862107872106203057846",
                    "76969655573289818818651540298835593549",
                    "10956823126506419822393896227440217122",
                    "125571098748896862381169465902116515961",
                    "58282277178717432294300886937119173818",
                    "283374286640108271559969475024193896829",
                    "132881330010620496522334561253869658802"
                ]
            },
            "id": "ASB-A-283699145-24e30172",
            "deprecated": false,
            "signature_version": "v1",
            "signature_type": "Line",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/b4aaf180ee8f3e375c7ab411f03cf9c24c1d8055",
            "target": {
                "file": "cmds/incidentd/src/IncidentService.cpp"
            }
        },
        {
            "digest": {
                "length": 1215.0,
                "function_hash": "175548108494891799001190044926229152188"
            },
            "id": "ASB-A-283699145-99256717",
            "deprecated": false,
            "signature_version": "v1",
            "signature_type": "Function",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/b4aaf180ee8f3e375c7ab411f03cf9c24c1d8055",
            "target": {
                "function": "IncidentService::onTransact",
                "file": "cmds/incidentd/src/IncidentService.cpp"
            }
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/b4aaf180ee8f3e375c7ab411f03cf9c24c1d8055"
    ],
    "types": [
        "EoP"
    ],
    "spl": "2023-12-01",
    "severity": "High"
}

Database specific

source 
"https://storage.googleapis.com/android-osv/ASB-A-283699145.json"
platform/frameworks/base

Package

Name
platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
12:0
Fixed
12:2023-12-01

Affected versions

Other
12

Ecosystem specific 

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "172443825425735659130612088279631497838",
                    "87095234300440577981712593612054653192",
                    "181035596412257502561531291368585469683",
                    "178560458846057669041384444199635420189",
                    "272320636500326788687113970580329097263",
                    "124938934875534925526175360237650061883",
                    "302862291444684829093576579100726276569",
                    "36201056607344935758438273136816154414",
                    "109823369971792074326148648264918672981",
                    "223486805494479665078780819804238327125",
                    "167681171040007542862107872106203057846",
                    "76969655573289818818651540298835593549",
                    "10956823126506419822393896227440217122",
                    "125571098748896862381169465902116515961",
                    "58282277178717432294300886937119173818",
                    "283374286640108271559969475024193896829",
                    "132881330010620496522334561253869658802"
                ]
            },
            "id": "ASB-A-283699145-5311c2a1",
            "deprecated": false,
            "signature_version": "v1",
            "signature_type": "Line",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/598dc664d4844363be12e0d164e1e522f92fa23f",
            "target": {
                "file": "cmds/incidentd/src/IncidentService.cpp"
            }
        },
        {
            "digest": {
                "length": 1215.0,
                "function_hash": "175548108494891799001190044926229152188"
            },
            "id": "ASB-A-283699145-75d824f3",
            "deprecated": false,
            "signature_version": "v1",
            "signature_type": "Function",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/598dc664d4844363be12e0d164e1e522f92fa23f",
            "target": {
                "function": "IncidentService::onTransact",
                "file": "cmds/incidentd/src/IncidentService.cpp"
            }
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/598dc664d4844363be12e0d164e1e522f92fa23f"
    ],
    "types": [
        "EoP"
    ],
    "spl": "2023-12-01",
    "severity": "High"
}

Database specific

source 
"https://storage.googleapis.com/android-osv/ASB-A-283699145.json"
platform/frameworks/base

Package

Name
platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
12L:0
Fixed
12L:2023-12-01

Affected versions

Other
12L

Ecosystem specific 

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 1215.0,
                "function_hash": "175548108494891799001190044926229152188"
            },
            "id": "ASB-A-283699145-dca9ba9d",
            "deprecated": false,
            "signature_version": "v1",
            "signature_type": "Function",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/db60b2f5e004a4b303c70bdecb94d4b40f29cc33",
            "target": {
                "function": "IncidentService::onTransact",
                "file": "cmds/incidentd/src/IncidentService.cpp"
            }
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "172443825425735659130612088279631497838",
                    "87095234300440577981712593612054653192",
                    "181035596412257502561531291368585469683",
                    "178560458846057669041384444199635420189",
                    "272320636500326788687113970580329097263",
                    "124938934875534925526175360237650061883",
                    "302862291444684829093576579100726276569",
                    "36201056607344935758438273136816154414",
                    "109823369971792074326148648264918672981",
                    "223486805494479665078780819804238327125",
                    "167681171040007542862107872106203057846",
                    "76969655573289818818651540298835593549",
                    "10956823126506419822393896227440217122",
                    "125571098748896862381169465902116515961",
                    "58282277178717432294300886937119173818",
                    "283374286640108271559969475024193896829",
                    "132881330010620496522334561253869658802"
                ]
            },
            "id": "ASB-A-283699145-f9c9fbfa",
            "deprecated": false,
            "signature_version": "v1",
            "signature_type": "Line",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/db60b2f5e004a4b303c70bdecb94d4b40f29cc33",
            "target": {
                "file": "cmds/incidentd/src/IncidentService.cpp"
            }
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/db60b2f5e004a4b303c70bdecb94d4b40f29cc33"
    ],
    "types": [
        "EoP"
    ],
    "spl": "2023-12-01",
    "severity": "High"
}

Database specific

source 
"https://storage.googleapis.com/android-osv/ASB-A-283699145.json"
platform/frameworks/base

Package

Name
platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
13:0
Fixed
13:2023-12-01

Affected versions

Other
13

Ecosystem specific 

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 1215.0,
                "function_hash": "175548108494891799001190044926229152188"
            },
            "id": "ASB-A-283699145-4d281e2d",
            "deprecated": false,
            "signature_version": "v1",
            "signature_type": "Function",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/6fe75d9d37321843ebae8a34a049f4d3f24e1965",
            "target": {
                "function": "IncidentService::onTransact",
                "file": "cmds/incidentd/src/IncidentService.cpp"
            }
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "172443825425735659130612088279631497838",
                    "87095234300440577981712593612054653192",
                    "181035596412257502561531291368585469683",
                    "178560458846057669041384444199635420189",
                    "272320636500326788687113970580329097263",
                    "124938934875534925526175360237650061883",
                    "302862291444684829093576579100726276569",
                    "36201056607344935758438273136816154414",
                    "109823369971792074326148648264918672981",
                    "223486805494479665078780819804238327125",
                    "167681171040007542862107872106203057846",
                    "76969655573289818818651540298835593549",
                    "10956823126506419822393896227440217122",
                    "125571098748896862381169465902116515961",
                    "58282277178717432294300886937119173818",
                    "283374286640108271559969475024193896829",
                    "132881330010620496522334561253869658802"
                ]
            },
            "id": "ASB-A-283699145-4e2c2572",
            "deprecated": false,
            "signature_version": "v1",
            "signature_type": "Line",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/6fe75d9d37321843ebae8a34a049f4d3f24e1965",
            "target": {
                "file": "cmds/incidentd/src/IncidentService.cpp"
            }
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/6fe75d9d37321843ebae8a34a049f4d3f24e1965"
    ],
    "types": [
        "EoP"
    ],
    "spl": "2023-12-01",
    "severity": "High"
}

Database specific

source 
"https://storage.googleapis.com/android-osv/ASB-A-283699145.json"
platform/frameworks/base

Package

Name
platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
14:0
Fixed
14:2023-12-01

Affected versions

Other
14

Ecosystem specific 

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "172443825425735659130612088279631497838",
                    "87095234300440577981712593612054653192",
                    "181035596412257502561531291368585469683",
                    "178560458846057669041384444199635420189",
                    "272320636500326788687113970580329097263",
                    "124938934875534925526175360237650061883",
                    "302862291444684829093576579100726276569",
                    "36201056607344935758438273136816154414",
                    "109823369971792074326148648264918672981",
                    "223486805494479665078780819804238327125",
                    "167681171040007542862107872106203057846",
                    "76969655573289818818651540298835593549",
                    "10956823126506419822393896227440217122",
                    "125571098748896862381169465902116515961",
                    "58282277178717432294300886937119173818",
                    "283374286640108271559969475024193896829",
                    "132881330010620496522334561253869658802"
                ]
            },
            "id": "ASB-A-283699145-89d488d8",
            "deprecated": false,
            "signature_version": "v1",
            "signature_type": "Line",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/5ae8b8102cbcae0aa9a90d1c19197b74bdcaf31a",
            "target": {
                "file": "cmds/incidentd/src/IncidentService.cpp"
            }
        },
        {
            "digest": {
                "length": 1215.0,
                "function_hash": "175548108494891799001190044926229152188"
            },
            "id": "ASB-A-283699145-bbe08ca7",
            "deprecated": false,
            "signature_version": "v1",
            "signature_type": "Function",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/5ae8b8102cbcae0aa9a90d1c19197b74bdcaf31a",
            "target": {
                "function": "IncidentService::onTransact",
                "file": "cmds/incidentd/src/IncidentService.cpp"
            }
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/5ae8b8102cbcae0aa9a90d1c19197b74bdcaf31a"
    ],
    "types": [
        "EoP"
    ],
    "spl": "2023-12-01",
    "severity": "High"
}

Database specific

source 
"https://storage.googleapis.com/android-osv/ASB-A-283699145.json"