In bindAndGetCallIdentification of CallScreeningServiceHelper.java, there is a possible way to maintain a while-in-use permission in the background due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
{ "fixes": [ "https://android.googlesource.com/platform/packages/services/Telecomm/+/9d97cd5825066ac8e15bbf97f6755663c5341afb" ], "severity": "High", "types": [ "EoP" ], "spl": "2024-09-01", "vanir_signatures": [ { "target": { "file": "src/com/android/server/telecom/CallScreeningServiceHelper.java", "function": "bindAndGetCallIdentification" }, "id": "ASB-A-300904123-757ae549", "deprecated": false, "digest": { "function_hash": "198401407537733887006058687753261895269", "length": 2168.0 }, "source": "https://android.googlesource.com/platform/packages/services/Telecomm/+/9d97cd5825066ac8e15bbf97f6755663c5341afb", "signature_type": "Function", "signature_version": "v1" }, { "target": { "file": "src/com/android/server/telecom/CallScreeningServiceHelper.java" }, "id": "ASB-A-300904123-afd8bf7c", "deprecated": false, "digest": { "threshold": 0.9, "line_hashes": [ "273007395339179459318524592803684622704", "142951750098190853354393223095975446028", "204579555969700246112803004237674141628", "108473673675401684701075550158319777465" ] }, "source": "https://android.googlesource.com/platform/packages/services/Telecomm/+/9d97cd5825066ac8e15bbf97f6755663c5341afb", "signature_type": "Line", "signature_version": "v1" } ] }
{ "fixes": [ "https://android.googlesource.com/platform/packages/services/Telecomm/+/d57f25311acb7fb887fb0296364526345cc905bb" ], "severity": "High", "types": [ "EoP" ], "spl": "2024-09-01", "vanir_signatures": [ { "target": { "file": "src/com/android/server/telecom/CallScreeningServiceHelper.java" }, "id": "ASB-A-300904123-84928286", "deprecated": false, "digest": { "threshold": 0.9, "line_hashes": [ "273007395339179459318524592803684622704", "142951750098190853354393223095975446028", "204579555969700246112803004237674141628", "108473673675401684701075550158319777465" ] }, "source": "https://android.googlesource.com/platform/packages/services/Telecomm/+/d57f25311acb7fb887fb0296364526345cc905bb", "signature_type": "Line", "signature_version": "v1" }, { "target": { "file": "src/com/android/server/telecom/CallScreeningServiceHelper.java", "function": "bindAndGetCallIdentification" }, "id": "ASB-A-300904123-8fd9a854", "deprecated": false, "digest": { "function_hash": "118735567341144056654850713330831375971", "length": 2168.0 }, "source": "https://android.googlesource.com/platform/packages/services/Telecomm/+/d57f25311acb7fb887fb0296364526345cc905bb", "signature_type": "Function", "signature_version": "v1" } ] }
{ "fixes": [ "https://android.googlesource.com/platform/packages/services/Telecomm/+/d57f25311acb7fb887fb0296364526345cc905bb" ], "severity": "High", "types": [ "EoP" ], "spl": "2024-09-01", "vanir_signatures": [ { "target": { "file": "src/com/android/server/telecom/CallScreeningServiceHelper.java", "function": "bindAndGetCallIdentification" }, "id": "ASB-A-300904123-2a3fca47", "deprecated": false, "digest": { "function_hash": "118735567341144056654850713330831375971", "length": 2168.0 }, "source": "https://android.googlesource.com/platform/packages/services/Telecomm/+/d57f25311acb7fb887fb0296364526345cc905bb", "signature_type": "Function", "signature_version": "v1" }, { "target": { "file": "src/com/android/server/telecom/CallScreeningServiceHelper.java" }, "id": "ASB-A-300904123-fb525faf", "deprecated": false, "digest": { "threshold": 0.9, "line_hashes": [ "273007395339179459318524592803684622704", "142951750098190853354393223095975446028", "204579555969700246112803004237674141628", "108473673675401684701075550158319777465" ] }, "source": "https://android.googlesource.com/platform/packages/services/Telecomm/+/d57f25311acb7fb887fb0296364526345cc905bb", "signature_type": "Line", "signature_version": "v1" } ] }
{ "fixes": [ "https://android.googlesource.com/platform/packages/services/Telecomm/+/d57f25311acb7fb887fb0296364526345cc905bb" ], "severity": "High", "types": [ "EoP" ], "spl": "2024-09-01", "vanir_signatures": [ { "target": { "file": "src/com/android/server/telecom/CallScreeningServiceHelper.java", "function": "bindAndGetCallIdentification" }, "id": "ASB-A-300904123-b64e576a", "deprecated": false, "digest": { "function_hash": "118735567341144056654850713330831375971", "length": 2168.0 }, "source": "https://android.googlesource.com/platform/packages/services/Telecomm/+/d57f25311acb7fb887fb0296364526345cc905bb", "signature_type": "Function", "signature_version": "v1" }, { "target": { "file": "src/com/android/server/telecom/CallScreeningServiceHelper.java" }, "id": "ASB-A-300904123-f92483be", "deprecated": false, "digest": { "threshold": 0.9, "line_hashes": [ "273007395339179459318524592803684622704", "142951750098190853354393223095975446028", "204579555969700246112803004237674141628", "108473673675401684701075550158319777465" ] }, "source": "https://android.googlesource.com/platform/packages/services/Telecomm/+/d57f25311acb7fb887fb0296364526345cc905bb", "signature_type": "Line", "signature_version": "v1" } ] }
{ "fixes": [ "https://android.googlesource.com/platform/packages/services/Telecomm/+/d57f25311acb7fb887fb0296364526345cc905bb" ], "severity": "High", "types": [ "EoP" ], "spl": "2024-09-01", "vanir_signatures": [ { "target": { "file": "src/com/android/server/telecom/CallScreeningServiceHelper.java", "function": "bindAndGetCallIdentification" }, "id": "ASB-A-300904123-b832ea34", "deprecated": false, "digest": { "function_hash": "118735567341144056654850713330831375971", "length": 2168.0 }, "source": "https://android.googlesource.com/platform/packages/services/Telecomm/+/d57f25311acb7fb887fb0296364526345cc905bb", "signature_type": "Function", "signature_version": "v1" }, { "target": { "file": "src/com/android/server/telecom/CallScreeningServiceHelper.java" }, "id": "ASB-A-300904123-d42f19f0", "deprecated": false, "digest": { "threshold": 0.9, "line_hashes": [ "273007395339179459318524592803684622704", "142951750098190853354393223095975446028", "204579555969700246112803004237674141628", "108473673675401684701075550158319777465" ] }, "source": "https://android.googlesource.com/platform/packages/services/Telecomm/+/d57f25311acb7fb887fb0296364526345cc905bb", "signature_type": "Line", "signature_version": "v1" } ] }