ASB-A-302431573
See a problem?- Import Source
- https://storage.googleapis.com/android-osv/ASB-A-302431573.json
- JSON Data
- https://api.osv.dev/v1/vulns/ASB-A-302431573
- Aliases
-
- A-302431573
- CVE-2024-31324
- Published
- 2024-06-01T00:00:00Z
- Modified
- 2024-08-07T19:29:13.064918Z
- Summary
- Bypass of overlay protection in landscape mode
- Details
-
In hide of WindowState.java, there is a possible way to bypass tapjacking/overlay protection by launching the activity in portrait mode first and then rotating it to landscape mode. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.
- References
Affected packages
Android / platform/frameworks/base
Package
Ecosystem specific
{
"vanir_signatures": [
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"245473983391176718730302978641546328531",
"313924545993132266942307048621488058859",
"78977014087797705884292750982204257011",
"65386863379916081592018638255243931228",
"5552599176822769912654983223030363506"
]
},
"id": "ASB-A-302431573-85657139",
"source": "https://android.googlesource.com/platform/frameworks/base/+/9add9281ffc120c81a7d125892803f1beb5ddcb3",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/wm/WindowState.java"
},
"signature_type": "Line"
},
{
"digest": {
"length": 897.0,
"function_hash": "293916606590406921557414224347428403917"
},
"id": "ASB-A-302431573-eebaecae",
"source": "https://android.googlesource.com/platform/frameworks/base/+/9add9281ffc120c81a7d125892803f1beb5ddcb3",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/wm/WindowState.java",
"function": "hide"
},
"signature_type": "Function"
}
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/9add9281ffc120c81a7d125892803f1beb5ddcb3"
],
"spl": "2024-06-01",
"severity": "High",
"types": [
"EoP"
]
}
Android / platform/frameworks/base
Package
Ecosystem specific
{
"vanir_signatures": [
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"245473983391176718730302978641546328531",
"313924545993132266942307048621488058859",
"78977014087797705884292750982204257011",
"65386863379916081592018638255243931228",
"5552599176822769912654983223030363506"
]
},
"id": "ASB-A-302431573-87113032",
"source": "https://android.googlesource.com/platform/frameworks/base/+/10a7f0914c87f4af521b5cbb13e84a83dacebf82",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/wm/WindowState.java"
},
"signature_type": "Line"
},
{
"digest": {
"length": 897.0,
"function_hash": "293916606590406921557414224347428403917"
},
"id": "ASB-A-302431573-9bcb9968",
"source": "https://android.googlesource.com/platform/frameworks/base/+/10a7f0914c87f4af521b5cbb13e84a83dacebf82",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/wm/WindowState.java",
"function": "hide"
},
"signature_type": "Function"
}
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/10a7f0914c87f4af521b5cbb13e84a83dacebf82"
],
"spl": "2024-06-01",
"severity": "High",
"types": [
"EoP"
]
}
Android / platform/frameworks/base
Package
Ecosystem specific
{
"vanir_signatures": [
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"245473983391176718730302978641546328531",
"313924545993132266942307048621488058859",
"78977014087797705884292750982204257011",
"65386863379916081592018638255243931228",
"5552599176822769912654983223030363506"
]
},
"id": "ASB-A-302431573-2b649be8",
"source": "https://android.googlesource.com/platform/frameworks/base/+/10a7f0914c87f4af521b5cbb13e84a83dacebf82",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/wm/WindowState.java"
},
"signature_type": "Line"
},
{
"digest": {
"length": 897.0,
"function_hash": "293916606590406921557414224347428403917"
},
"id": "ASB-A-302431573-d289eff7",
"source": "https://android.googlesource.com/platform/frameworks/base/+/10a7f0914c87f4af521b5cbb13e84a83dacebf82",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/wm/WindowState.java",
"function": "hide"
},
"signature_type": "Function"
}
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/10a7f0914c87f4af521b5cbb13e84a83dacebf82"
],
"spl": "2024-06-01",
"severity": "High",
"types": [
"EoP"
]
}
Android / platform/frameworks/base
Package
Ecosystem specific
{
"vanir_signatures": [
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"245473983391176718730302978641546328531",
"313924545993132266942307048621488058859",
"78977014087797705884292750982204257011",
"65386863379916081592018638255243931228",
"5552599176822769912654983223030363506"
]
},
"id": "ASB-A-302431573-01dcf300",
"source": "https://android.googlesource.com/platform/frameworks/base/+/10a7f0914c87f4af521b5cbb13e84a83dacebf82",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/wm/WindowState.java"
},
"signature_type": "Line"
},
{
"digest": {
"length": 897.0,
"function_hash": "293916606590406921557414224347428403917"
},
"id": "ASB-A-302431573-e43f85e0",
"source": "https://android.googlesource.com/platform/frameworks/base/+/10a7f0914c87f4af521b5cbb13e84a83dacebf82",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/wm/WindowState.java",
"function": "hide"
},
"signature_type": "Function"
}
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/10a7f0914c87f4af521b5cbb13e84a83dacebf82"
],
"spl": "2024-06-01",
"severity": "High",
"types": [
"EoP"
]
}
Android / platform/frameworks/base
Package
Ecosystem specific
{
"vanir_signatures": [
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"245473983391176718730302978641546328531",
"313924545993132266942307048621488058859",
"78977014087797705884292750982204257011",
"65386863379916081592018638255243931228",
"5552599176822769912654983223030363506"
]
},
"id": "ASB-A-302431573-9d4139a5",
"source": "https://android.googlesource.com/platform/frameworks/base/+/10a7f0914c87f4af521b5cbb13e84a83dacebf82",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/wm/WindowState.java"
},
"signature_type": "Line"
},
{
"digest": {
"length": 897.0,
"function_hash": "293916606590406921557414224347428403917"
},
"id": "ASB-A-302431573-a0fdc2f0",
"source": "https://android.googlesource.com/platform/frameworks/base/+/10a7f0914c87f4af521b5cbb13e84a83dacebf82",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/wm/WindowState.java",
"function": "hide"
},
"signature_type": "Function"
}
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/10a7f0914c87f4af521b5cbb13e84a83dacebf82"
],
"spl": "2024-06-01",
"severity": "High",
"types": [
"EoP"
]
}