ASB-A-294105066

See a problem?
Import Source
https://storage.googleapis.com/android-osv/ASB-A-294105066.json
JSON Data
https://api.osv.dev/v1/vulns/ASB-A-294105066
Aliases
  • A-294105066
  • CVE-2024-34739
Published
2025-05-01T00:00:00Z
Modified
2025-11-05T16:30:26.460762Z
Summary
[none]
Details

In shouldRestrictOverlayActivities of UsbProfileGroupSettingsManager.java, there is a possible escape from SUW due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

References

Affected packages

Android / platform/frameworks/base

Package

Name
platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
15-next:0
Fixed
15-next:2025-05-01

Affected versions

Other

15-next

Ecosystem specific 

{
    "types": [
        "EoP"
    ],
    "severity": "High",
    "spl": "2025-05-01",
    "vanir_signatures": [
        {
            "deprecated": false,
            "signature_version": "v1",
            "digest": {
                "function_hash": "293592115087675525965099928377831645388",
                "length": 1362.0
            },
            "target": {
                "function": "shouldRestrictOverlayActivities",
                "file": "services/usb/java/com/android/server/usb/UsbProfileGroupSettingsManager.java"
            },
            "id": "ASB-A-294105066-4d805519",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/76feb3795672beacbc534683825bb7f871157e2f",
            "signature_type": "Function"
        },
        {
            "deprecated": false,
            "signature_version": "v1",
            "digest": {
                "line_hashes": [
                    "132320200496910416633144091387043070799",
                    "9222264376772789956722737820518927664",
                    "39510485349635931364974729363780694415",
                    "105403762334205416195417938083360044750",
                    "181287731695673520138842956822233905586",
                    "174713173314741838000960625363681242208",
                    "183049458506848410960649018406972328386",
                    "72075619583929205928583179512331277472",
                    "190591185431082954046842447426409791922",
                    "100052405192186497741302472074187627355"
                ],
                "threshold": 0.9
            },
            "target": {
                "file": "services/usb/java/com/android/server/usb/UsbProfileGroupSettingsManager.java"
            },
            "id": "ASB-A-294105066-bcee7e53",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/76feb3795672beacbc534683825bb7f871157e2f",
            "signature_type": "Line"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/76feb3795672beacbc534683825bb7f871157e2f"
    ]
}

Android / platform/frameworks/base

Package

Name
platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
13:0
Fixed
13:2025-05-01

Affected versions

Other

13

Ecosystem specific 

{
    "types": [
        "EoP"
    ],
    "severity": "High",
    "spl": "2025-05-01",
    "vanir_signatures": [
        {
            "deprecated": false,
            "signature_version": "v1",
            "digest": {
                "line_hashes": [
                    "24391601699875178468681340548252595920",
                    "9222264376772789956722737820518927664",
                    "39510485349635931364974729363780694415",
                    "105403762334205416195417938083360044750",
                    "181287731695673520138842956822233905586",
                    "32776859473314783020600580527272918548",
                    "268287025647145217601171883020346811649",
                    "298008157779326890226920484526372729606",
                    "193635173819899355219600486103369665717",
                    "21543297871747000018628982777714197655"
                ],
                "threshold": 0.9
            },
            "target": {
                "file": "services/usb/java/com/android/server/usb/UsbProfileGroupSettingsManager.java"
            },
            "id": "ASB-A-294105066-463eca58",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/b459bcaac52d162a81a64aafe9e5f201d85a17f0",
            "signature_type": "Line"
        },
        {
            "signature_version": "v1",
            "match_only_versions": [
                "13"
            ],
            "digest": {
                "function_hash": "327865267837982666497546201968089274906",
                "length": 447.0
            },
            "source": "https://android.googlesource.com/platform/frameworks/base/+/b459bcaac52d162a81a64aafe9e5f201d85a17f0",
            "id": "ASB-A-294105066-743ecccb",
            "deprecated": false,
            "signature_type": "Function",
            "target": {
                "function": "resolveActivity",
                "file": "services/usb/java/com/android/server/usb/UsbProfileGroupSettingsManager.java"
            }
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/b459bcaac52d162a81a64aafe9e5f201d85a17f0"
    ]
}

Android / platform/frameworks/base

Package

Name
platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
14:0
Fixed
14:2025-05-01

Affected versions

Other

14

Ecosystem specific 

{
    "types": [
        "EoP"
    ],
    "severity": "High",
    "spl": "2025-05-01",
    "vanir_signatures": [
        {
            "deprecated": false,
            "signature_version": "v1",
            "digest": {
                "line_hashes": [
                    "24391601699875178468681340548252595920",
                    "9222264376772789956722737820518927664",
                    "39510485349635931364974729363780694415",
                    "105403762334205416195417938083360044750",
                    "181287731695673520138842956822233905586",
                    "32776859473314783020600580527272918548",
                    "268287025647145217601171883020346811649",
                    "298008157779326890226920484526372729606",
                    "193635173819899355219600486103369665717",
                    "21543297871747000018628982777714197655"
                ],
                "threshold": 0.9
            },
            "target": {
                "file": "services/usb/java/com/android/server/usb/UsbProfileGroupSettingsManager.java"
            },
            "id": "ASB-A-294105066-cc515bae",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/71042ac086b3470f4086c5c76fc2b6c4e3dff263",
            "signature_type": "Line"
        },
        {
            "signature_version": "v1",
            "match_only_versions": [
                "14"
            ],
            "digest": {
                "function_hash": "327865267837982666497546201968089274906",
                "length": 447.0
            },
            "source": "https://android.googlesource.com/platform/frameworks/base/+/71042ac086b3470f4086c5c76fc2b6c4e3dff263",
            "id": "ASB-A-294105066-ef20f456",
            "deprecated": false,
            "signature_type": "Function",
            "target": {
                "function": "resolveActivity",
                "file": "services/usb/java/com/android/server/usb/UsbProfileGroupSettingsManager.java"
            }
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/71042ac086b3470f4086c5c76fc2b6c4e3dff263"
    ]
}