ASB-A-288113797

See a problem?
Import Source
https://storage.googleapis.com/android-osv/ASB-A-288113797.json
JSON Data
https://api.osv.dev/v1/vulns/ASB-A-288113797
Aliases
Published
2023-12-01T00:00:00Z
Modified
2026-04-24T15:37:38.793646Z
Summary
[none]
Details

In fixUpIncomingShortcutInfo of ShortcutService.java, there is a possible way to view another user's image due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

References

Affected packages

Android
platform/frameworks/base

Package

Name
platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
14-next:0
Fixed
14-next:2023-12-01

Affected versions

Other
14-next

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "function_hash": "147151023695661007597714452911961564894",
                "length": 1098.0
            },
            "id": "ASB-A-288113797-08561cc6",
            "signature_type": "Function",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/520e266bcb0a37ccfcc50c7f618f83f1d988c13a",
            "deprecated": false,
            "target": {
                "function": "fixUpIncomingShortcutInfo",
                "file": "services/core/java/com/android/server/pm/ShortcutService.java"
            },
            "signature_version": "v1"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "301714840950827928888260991036186957534",
                    "9390781471981044482067523708510232303",
                    "144060679038207743109726406051560226052",
                    "159971660088949769821375506581406084819",
                    "308718612377788454877479964169122779823",
                    "62321834771148455616793570555929042846",
                    "172053627303588391329126358714964458915",
                    "110362571885262099744158688696595844112",
                    "304463220540515675967860888327339369583",
                    "59943300903481926007344995756636923370",
                    "140688207799452736261337108461439383886"
                ]
            },
            "id": "ASB-A-288113797-4a6b213a",
            "signature_type": "Line",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/520e266bcb0a37ccfcc50c7f618f83f1d988c13a",
            "deprecated": false,
            "target": {
                "file": "services/core/java/com/android/server/pm/ShortcutService.java"
            },
            "signature_version": "v1"
        }
    ],
    "types": [
        "EoP"
    ],
    "spl": "2023-12-01",
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/520e266bcb0a37ccfcc50c7f618f83f1d988c13a"
    ],
    "severity": "High"
}

Database specific

source
"https://storage.googleapis.com/android-osv/ASB-A-288113797.json"
platform/frameworks/base

Package

Name
platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
11:0
Fixed
11:2023-12-01

Affected versions

Other
11

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "function_hash": "147151023695661007597714452911961564894",
                "length": 1098.0
            },
            "id": "ASB-A-288113797-598bd21b",
            "signature_type": "Function",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/3d41fb7620ffb9c81b23977c8367c323e4721e65",
            "deprecated": false,
            "target": {
                "function": "fixUpIncomingShortcutInfo",
                "file": "services/core/java/com/android/server/pm/ShortcutService.java"
            },
            "signature_version": "v1"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "301714840950827928888260991036186957534",
                    "9390781471981044482067523708510232303",
                    "144060679038207743109726406051560226052",
                    "159971660088949769821375506581406084819",
                    "308718612377788454877479964169122779823",
                    "62321834771148455616793570555929042846",
                    "172053627303588391329126358714964458915",
                    "110362571885262099744158688696595844112",
                    "304463220540515675967860888327339369583",
                    "59943300903481926007344995756636923370",
                    "140688207799452736261337108461439383886"
                ]
            },
            "id": "ASB-A-288113797-83c78ca3",
            "signature_type": "Line",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/3d41fb7620ffb9c81b23977c8367c323e4721e65",
            "deprecated": false,
            "target": {
                "file": "services/core/java/com/android/server/pm/ShortcutService.java"
            },
            "signature_version": "v1"
        }
    ],
    "types": [
        "EoP"
    ],
    "spl": "2023-12-01",
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/3d41fb7620ffb9c81b23977c8367c323e4721e65"
    ],
    "severity": "High"
}

Database specific

source
"https://storage.googleapis.com/android-osv/ASB-A-288113797.json"
platform/frameworks/base

Package

Name
platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
12:0
Fixed
12:2023-12-01

Affected versions

Other
12

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "301714840950827928888260991036186957534",
                    "9390781471981044482067523708510232303",
                    "144060679038207743109726406051560226052",
                    "159971660088949769821375506581406084819",
                    "308718612377788454877479964169122779823",
                    "62321834771148455616793570555929042846",
                    "172053627303588391329126358714964458915",
                    "110362571885262099744158688696595844112",
                    "304463220540515675967860888327339369583",
                    "59943300903481926007344995756636923370",
                    "140688207799452736261337108461439383886"
                ]
            },
            "id": "ASB-A-288113797-9b63d0e0",
            "signature_type": "Line",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/3d41fb7620ffb9c81b23977c8367c323e4721e65",
            "deprecated": false,
            "target": {
                "file": "services/core/java/com/android/server/pm/ShortcutService.java"
            },
            "signature_version": "v1"
        },
        {
            "digest": {
                "function_hash": "147151023695661007597714452911961564894",
                "length": 1098.0
            },
            "id": "ASB-A-288113797-ef8969c4",
            "signature_type": "Function",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/3d41fb7620ffb9c81b23977c8367c323e4721e65",
            "deprecated": false,
            "target": {
                "function": "fixUpIncomingShortcutInfo",
                "file": "services/core/java/com/android/server/pm/ShortcutService.java"
            },
            "signature_version": "v1"
        }
    ],
    "types": [
        "EoP"
    ],
    "spl": "2023-12-01",
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/3d41fb7620ffb9c81b23977c8367c323e4721e65"
    ],
    "severity": "High"
}

Database specific

source
"https://storage.googleapis.com/android-osv/ASB-A-288113797.json"
platform/frameworks/base

Package

Name
platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
12L:0
Fixed
12L:2023-12-01

Affected versions

Other
12L

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "301714840950827928888260991036186957534",
                    "9390781471981044482067523708510232303",
                    "144060679038207743109726406051560226052",
                    "159971660088949769821375506581406084819",
                    "308718612377788454877479964169122779823",
                    "62321834771148455616793570555929042846",
                    "172053627303588391329126358714964458915",
                    "110362571885262099744158688696595844112",
                    "304463220540515675967860888327339369583",
                    "59943300903481926007344995756636923370",
                    "140688207799452736261337108461439383886"
                ]
            },
            "id": "ASB-A-288113797-89a7ffd5",
            "signature_type": "Line",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/3d41fb7620ffb9c81b23977c8367c323e4721e65",
            "deprecated": false,
            "target": {
                "file": "services/core/java/com/android/server/pm/ShortcutService.java"
            },
            "signature_version": "v1"
        },
        {
            "digest": {
                "function_hash": "147151023695661007597714452911961564894",
                "length": 1098.0
            },
            "id": "ASB-A-288113797-de39437a",
            "signature_type": "Function",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/3d41fb7620ffb9c81b23977c8367c323e4721e65",
            "deprecated": false,
            "target": {
                "function": "fixUpIncomingShortcutInfo",
                "file": "services/core/java/com/android/server/pm/ShortcutService.java"
            },
            "signature_version": "v1"
        }
    ],
    "types": [
        "EoP"
    ],
    "spl": "2023-12-01",
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/3d41fb7620ffb9c81b23977c8367c323e4721e65"
    ],
    "severity": "High"
}

Database specific

source
"https://storage.googleapis.com/android-osv/ASB-A-288113797.json"
platform/frameworks/base

Package

Name
platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
13:0
Fixed
13:2023-12-01

Affected versions

Other
13

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "function_hash": "147151023695661007597714452911961564894",
                "length": 1098.0
            },
            "id": "ASB-A-288113797-a31c4416",
            "signature_type": "Function",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/3d41fb7620ffb9c81b23977c8367c323e4721e65",
            "deprecated": false,
            "target": {
                "function": "fixUpIncomingShortcutInfo",
                "file": "services/core/java/com/android/server/pm/ShortcutService.java"
            },
            "signature_version": "v1"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "301714840950827928888260991036186957534",
                    "9390781471981044482067523708510232303",
                    "144060679038207743109726406051560226052",
                    "159971660088949769821375506581406084819",
                    "308718612377788454877479964169122779823",
                    "62321834771148455616793570555929042846",
                    "172053627303588391329126358714964458915",
                    "110362571885262099744158688696595844112",
                    "304463220540515675967860888327339369583",
                    "59943300903481926007344995756636923370",
                    "140688207799452736261337108461439383886"
                ]
            },
            "id": "ASB-A-288113797-a56369ad",
            "signature_type": "Line",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/3d41fb7620ffb9c81b23977c8367c323e4721e65",
            "deprecated": false,
            "target": {
                "file": "services/core/java/com/android/server/pm/ShortcutService.java"
            },
            "signature_version": "v1"
        }
    ],
    "types": [
        "EoP"
    ],
    "spl": "2023-12-01",
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/3d41fb7620ffb9c81b23977c8367c323e4721e65"
    ],
    "severity": "High"
}

Database specific

source
"https://storage.googleapis.com/android-osv/ASB-A-288113797.json"
platform/frameworks/base

Package

Name
platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
14:0
Fixed
14:2023-12-01

Affected versions

Other
14

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "function_hash": "147151023695661007597714452911961564894",
                "length": 1098.0
            },
            "id": "ASB-A-288113797-486eb889",
            "signature_type": "Function",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/3d41fb7620ffb9c81b23977c8367c323e4721e65",
            "deprecated": false,
            "target": {
                "function": "fixUpIncomingShortcutInfo",
                "file": "services/core/java/com/android/server/pm/ShortcutService.java"
            },
            "signature_version": "v1"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "301714840950827928888260991036186957534",
                    "9390781471981044482067523708510232303",
                    "144060679038207743109726406051560226052",
                    "159971660088949769821375506581406084819",
                    "308718612377788454877479964169122779823",
                    "62321834771148455616793570555929042846",
                    "172053627303588391329126358714964458915",
                    "110362571885262099744158688696595844112",
                    "304463220540515675967860888327339369583",
                    "59943300903481926007344995756636923370",
                    "140688207799452736261337108461439383886"
                ]
            },
            "id": "ASB-A-288113797-a404e843",
            "signature_type": "Line",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/3d41fb7620ffb9c81b23977c8367c323e4721e65",
            "deprecated": false,
            "target": {
                "file": "services/core/java/com/android/server/pm/ShortcutService.java"
            },
            "signature_version": "v1"
        }
    ],
    "types": [
        "EoP"
    ],
    "spl": "2023-12-01",
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/3d41fb7620ffb9c81b23977c8367c323e4721e65"
    ],
    "severity": "High"
}

Database specific

source
"https://storage.googleapis.com/android-osv/ASB-A-288113797.json"