ASB-A-303871379
See a problem?- Import Source
- https://storage.googleapis.com/android-osv/ASB-A-303871379.json
- JSON Data
- https://api.osv.dev/v1/vulns/ASB-A-303871379
- Aliases
-
- A-303871379
- CVE-2024-0052
- Published
- 2024-03-01T00:00:00Z
- Modified
- 2026-04-27T15:40:08.012512Z
- Summary
- [none]
- Details
-
In multiple functions of healthconnect, there is a possible leakage of exercise route data due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
- References
Affected packages
Android / platform/packages/modules/HealthFitness
Package
Android / platform/packages/modules/HealthFitness
Package
Ecosystem specific
{
"spl": "2024-03-01",
"fixes": [
"https://android.googlesource.com/platform/packages/modules/HealthFitness/+/69c320af3eff7e5b094c235a49e98d0e64fc26a3"
],
"types": [
"ID"
],
"vanir_signatures": [
{
"signature_type": "Line",
"signature_version": "v1",
"deprecated": false,
"digest": {
"line_hashes": [
"303397910970066705896491300944181946482",
"107077137157228741257530891295972398390",
"255519706190375472030313648668539826357",
"189132526608684497251116704625378001065",
"281492569866441411632087628868213069251",
"294820583194145437124690788142919088377",
"156663210949067441502865218309804169029",
"53179007912776764888647941729736017216",
"200731722973408927217065866298300453506",
"302152118199208000225373328115342342576",
"30738369206559785790232722560622590233",
"51015779955444135986342672355561960235",
"98746580527231370175012943851094704963",
"161511247687839254016800474012408059856",
"296709997152946268295237337224672578530",
"326638621028445559715170000516814952830",
"272036735068376858103351293106501102177",
"245417023728754938206837584092589112954",
"333452105562182564437815523145894130694",
"164782816622370270512480559658814585331",
"195281663912556875979062488503937872127",
"218128015004106724921233984986615229464",
"51739894621726243908042174272835789979",
"120889771494974528208766248083828502586",
"129664160014023199976294285405804827373",
"186662240011936204860880093132730583956",
"76658740795350931991858143714776811768",
"300087360388233962037417386027070455263",
"37624612028320611871128132129089115222",
"74937696441474105036399087037581923048",
"51571010833889619433296549463567737992",
"313711559079278452221147010102641314583",
"103280463448448907621613706343906574061",
"88608294677670291364421457773357202929",
"293840213456862632469158131553547558402",
"121564410619072817147228023091023237914"
],
"threshold": 0.9
},
"source": "https://android.googlesource.com/platform/packages/modules/HealthFitness/+/69c320af3eff7e5b094c235a49e98d0e64fc26a3",
"target": {
"file": "service/java/com/android/server/healthconnect/storage/datatypehelpers/ExerciseSessionRecordHelper.java"
},
"id": "ASB-A-303871379-08d66c85"
},
{
"signature_type": "Line",
"signature_version": "v1",
"deprecated": false,
"digest": {
"line_hashes": [
"115773042374397725304054136865838307720",
"43016498966660277235977443447744648400",
"300858253448028045561033847365583665767",
"161013414089286661090945709035473165407",
"313186801087517929987222617281508692037",
"221294796177690677149985420788888161539",
"251592861531084697856671027394619778721",
"305776141530431493684491295942136334852",
"111048422099117603262734946830536935433",
"297098700792149737523976802317347369628",
"257315901175972132872290986055947977858",
"209568428495451751262955975890599809213",
"85394869002054256644937347747261106324",
"5705443573018726295169318340970875110",
"291352356509444640429537529900338080972"
],
"threshold": 0.9
},
"source": "https://android.googlesource.com/platform/packages/modules/HealthFitness/+/69c320af3eff7e5b094c235a49e98d0e64fc26a3",
"target": {
"file": "service/java/com/android/server/healthconnect/storage/datatypehelpers/RecordHelper.java"
},
"id": "ASB-A-303871379-11c43bc8"
},
{
"signature_type": "Function",
"signature_version": "v1",
"deprecated": false,
"digest": {
"length": 418.0,
"function_hash": "114894399810740158583994061373834807549"
},
"source": "https://android.googlesource.com/platform/packages/modules/HealthFitness/+/69c320af3eff7e5b094c235a49e98d0e64fc26a3",
"target": {
"function": "getExtraDataReadRequests",
"file": "service/java/com/android/server/healthconnect/storage/datatypehelpers/ExerciseSessionRecordHelper.java"
},
"id": "ASB-A-303871379-11cdf29a"
},
{
"signature_type": "Function",
"signature_version": "v1",
"deprecated": false,
"digest": {
"length": 4000.0,
"function_hash": "30724966431946414589281216019393003224"
},
"source": "https://android.googlesource.com/platform/packages/modules/HealthFitness/+/69c320af3eff7e5b094c235a49e98d0e64fc26a3",
"target": {
"function": "readRecords",
"file": "service/java/com/android/server/healthconnect/HealthConnectServiceImpl.java"
},
"id": "ASB-A-303871379-195275a2"
},
{
"signature_type": "Line",
"signature_version": "v1",
"deprecated": false,
"digest": {
"line_hashes": [
"307607149100168818667515056801092756172",
"239466008602587192012674704577849084739",
"245607463741466935590695696572161162666",
"254624107689754141862009810848411608136",
"192817275534771030063274524070420943454",
"336425509797542122420574727241735153700",
"251694526878090107601285900634626848525",
"18711381487436966386608229602984500334",
"108509882596538886408848950389286844566",
"148065690112658882141098821116934810399",
"213122466022310564199251675800567937229",
"251285000472269530802403331456969571645",
"298568479426656644954053383038354866968",
"83331934757146308473251065867058240087",
"307677713301336964578669165266061567854",
"38794395735819664722480248813227951313",
"145394457726406417558424942368140586319",
"61703870535056326136588237900867942991",
"185407886430890193971359182928727458741",
"4010821281863657499048334857443271515",
"154330324999705213193693513973179947968",
"35192062047302338584823327038497294730",
"195316288831050560786172945036340881620",
"43783905364404553803632750918508912660",
"221237909218743271600722051664461021631",
"18908953371903311735053000597217457195",
"205776496907725795965535780692936532567",
"263564158920384822925409691874439321999",
"293233436011099509766860485539146291279",
"218866428073236990774446973102680060606",
"292545821377025716769705874806276700318",
"131400259806753851958877759995334827118",
"38634938285517710856421064475413379098",
"336037305330910713069739705303735934256",
"312251918841610012539820506614233138776",
"282562684190912147301273755786029494478",
"310489386291213959059819318860429557165",
"131507795254000364886554575551653944106",
"170144050462488967232490380044869922287",
"243777524924001702719701594121654908477",
"293709024606437967596678612613012782555",
"328401038647635588621330362426562890597",
"50103496386179712801431527511428037709",
"58668015756155034569747034584444257500",
"89905772886014332803626048520676240455",
"301542558951637891334112236661693042633"
],
"threshold": 0.9
},
"source": "https://android.googlesource.com/platform/packages/modules/HealthFitness/+/69c320af3eff7e5b094c235a49e98d0e64fc26a3",
"target": {
"file": "service/java/com/android/server/healthconnect/HealthConnectServiceImpl.java"
},
"id": "ASB-A-303871379-44a77ebf"
},
{
"signature_type": "Line",
"signature_version": "v1",
"deprecated": false,
"digest": {
"line_hashes": [
"216622662008624389962562292455637054130",
"144778414150245928660397262736564329566",
"171871336850382938845512613681543935068",
"310021049344923917852325132257722639648",
"339512495903744524946367240936352667878",
"179056564528285989694529957854448118587",
"2103457581055546526476563375661324742",
"108381999467508526470239385215239152788",
"138033502511064400626725096753448118863",
"37616110184084569528383645762994566275",
"128570348222707372793397728255858383852",
"197713465465816649153767596273200854182"
],
"threshold": 0.9
},
"source": "https://android.googlesource.com/platform/packages/modules/HealthFitness/+/69c320af3eff7e5b094c235a49e98d0e64fc26a3",
"target": {
"file": "tests/cts/hostsidetests/healthconnect/libs/HealthConnectTestLib/src/android/healthconnect/cts/lib/TestUtils.java"
},
"id": "ASB-A-303871379-44f5a964"
},
{
"match_only_versions": [
"14"
],
"signature_type": "Function",
"deprecated": false,
"digest": {
"length": 84.0,
"function_hash": "55633498020479226693549024660886861785"
},
"target": {
"function": "getExtraDataReadRequests",
"file": "service/java/com/android/server/healthconnect/storage/datatypehelpers/RecordHelper.java"
},
"id": "ASB-A-303871379-681a27de",
"source": "https://android.googlesource.com/platform/packages/modules/HealthFitness/+/69c320af3eff7e5b094c235a49e98d0e64fc26a3",
"signature_version": "v1"
},
{
"signature_type": "Function",
"signature_version": "v1",
"deprecated": false,
"digest": {
"length": 261.0,
"function_hash": "337090286334532094340003832202207077518"
},
"source": "https://android.googlesource.com/platform/packages/modules/HealthFitness/+/69c320af3eff7e5b094c235a49e98d0e64fc26a3",
"target": {
"function": "ReadTransactionRequest",
"file": "service/java/com/android/server/healthconnect/storage/request/ReadTransactionRequest.java"
},
"id": "ASB-A-303871379-7b1f4caa"
},
{
"signature_type": "Line",
"signature_version": "v1",
"deprecated": false,
"digest": {
"line_hashes": [
"261876655572792055439130468996427437546",
"106316643915755070678036351210257199689",
"310478092011952943974622318786772371447",
"150515948390854663390735514227214331550",
"1261959798154896799739157349889800840",
"192302277006309213272428280231167767684",
"118352675439420908179836113844069935404",
"155574099057581777376375761880853214655",
"262611421518017625777898048370521415544",
"324757256370290393879044897175907728281",
"125587918527931544319580394460777908207",
"175622377035366603556280343907468752107",
"5676363857152462776625497270812035919",
"207001789881660192535548033859928366989",
"97423803509302047447906702040068173080",
"144662091405191411777675945707086210000",
"145248841579842207162450437731590209460",
"291663246367929952061257884701255182701"
],
"threshold": 0.9
},
"source": "https://android.googlesource.com/platform/packages/modules/HealthFitness/+/69c320af3eff7e5b094c235a49e98d0e64fc26a3",
"target": {
"file": "service/java/com/android/server/healthconnect/storage/request/ReadTransactionRequest.java"
},
"id": "ASB-A-303871379-88a25489"
},
{
"signature_type": "Function",
"signature_version": "v1",
"deprecated": false,
"digest": {
"length": 1423.0,
"function_hash": "192082415569888399400429002379035541035"
},
"source": "https://android.googlesource.com/platform/packages/modules/HealthFitness/+/69c320af3eff7e5b094c235a49e98d0e64fc26a3",
"target": {
"function": "toRecordInternal",
"file": "framework/java/android/health/connect/datatypes/ExerciseSessionRecord.java"
},
"id": "ASB-A-303871379-8c9d329f"
},
{
"signature_type": "Line",
"signature_version": "v1",
"deprecated": false,
"digest": {
"line_hashes": [
"322188533109300798593035108578781427989",
"184634760747528273037251352924883106736",
"62736856872061594056577457859154850083",
"276433295572456466352745530416083614061",
"324927055495563417452509288760058125323",
"123560786500136795943866234408335508067",
"93673601881214388693794286016314388151",
"198368942389786071498763663014109128005"
],
"threshold": 0.9
},
"source": "https://android.googlesource.com/platform/packages/modules/HealthFitness/+/69c320af3eff7e5b094c235a49e98d0e64fc26a3",
"target": {
"file": "service/java/com/android/server/healthconnect/storage/datatypehelpers/AppInfoHelper.java"
},
"id": "ASB-A-303871379-91b93dc2"
},
{
"signature_type": "Line",
"signature_version": "v1",
"deprecated": false,
"digest": {
"line_hashes": [
"259742347465424858126965088649354661860",
"313266793520816806867257727916338231289",
"268840683687182057963682973263291100849",
"93293804719988993413710598863699053469",
"25955792841505998722623901527931126204",
"197666473082436148547415428975927509288",
"287907490831514730198769102742589993468",
"225196001945180873421820788087647353008",
"332776173753097792482620338452469736627",
"222050889440854103523105990470239617772",
"214269547419768092065050533525333794311",
"113691281198056472403596186317624347818",
"288338715146222141858383255153567465175",
"245487779860001990815662883849719877662",
"232029641380625607053338605942043153956",
"16075427917053553277337186943676460466",
"56557055817164003506349462305101908869",
"175638435936127782502837518608719023139",
"119449760395101584813169881232682527259",
"250091004087946940666921344834319187294"
],
"threshold": 0.9
},
"source": "https://android.googlesource.com/platform/packages/modules/HealthFitness/+/69c320af3eff7e5b094c235a49e98d0e64fc26a3",
"target": {
"file": "service/java/com/android/server/healthconnect/permission/DataPermissionEnforcer.java"
},
"id": "ASB-A-303871379-9cd7637b"
},
{
"signature_type": "Function",
"signature_version": "v1",
"deprecated": false,
"digest": {
"length": 376.0,
"function_hash": "221406360895427184968068582716976961864"
},
"source": "https://android.googlesource.com/platform/packages/modules/HealthFitness/+/69c320af3eff7e5b094c235a49e98d0e64fc26a3",
"target": {
"function": "collectExtraReadPermissionToStateMapping",
"file": "service/java/com/android/server/healthconnect/permission/DataPermissionEnforcer.java"
},
"id": "ASB-A-303871379-a0a297a6"
},
{
"signature_type": "Function",
"signature_version": "v1",
"deprecated": false,
"digest": {
"length": 310.0,
"function_hash": "252235924817649576655277788320679109785"
},
"source": "https://android.googlesource.com/platform/packages/modules/HealthFitness/+/69c320af3eff7e5b094c235a49e98d0e64fc26a3",
"target": {
"function": "getReadTableRequest",
"file": "service/java/com/android/server/healthconnect/storage/datatypehelpers/RecordHelper.java"
},
"id": "ASB-A-303871379-b4c214df"
},
{
"signature_type": "Function",
"signature_version": "v1",
"deprecated": false,
"digest": {
"length": 2968.0,
"function_hash": "5274421010706655786379510375869700528"
},
"source": "https://android.googlesource.com/platform/packages/modules/HealthFitness/+/69c320af3eff7e5b094c235a49e98d0e64fc26a3",
"target": {
"function": "getChangeLogs",
"file": "service/java/com/android/server/healthconnect/HealthConnectServiceImpl.java"
},
"id": "ASB-A-303871379-e26384f7"
},
{
"signature_type": "Function",
"signature_version": "v1",
"deprecated": false,
"digest": {
"length": 649.0,
"function_hash": "327873478835764122202614632785821446158"
},
"source": "https://android.googlesource.com/platform/packages/modules/HealthFitness/+/69c320af3eff7e5b094c235a49e98d0e64fc26a3",
"target": {
"function": "getExerciseSessionRecord",
"file": "tests/cts/hostsidetests/healthconnect/libs/HealthConnectTestLib/src/android/healthconnect/cts/lib/TestUtils.java"
},
"id": "ASB-A-303871379-e89a4d7f"
},
{
"signature_type": "Function",
"signature_version": "v1",
"deprecated": false,
"digest": {
"length": 162.0,
"function_hash": "91484500998150746351485296960406168484"
},
"source": "https://android.googlesource.com/platform/packages/modules/HealthFitness/+/69c320af3eff7e5b094c235a49e98d0e64fc26a3",
"target": {
"function": "getAppInfoId",
"file": "service/java/com/android/server/healthconnect/storage/datatypehelpers/AppInfoHelper.java"
},
"id": "ASB-A-303871379-ebf2a3c1"
},
{
"signature_type": "Line",
"signature_version": "v1",
"deprecated": false,
"digest": {
"line_hashes": [
"92309067385354652491191766760604571544",
"19309330688837905158963014011079654842",
"251298821583317060630118167118361425015"
],
"threshold": 0.9
},
"source": "https://android.googlesource.com/platform/packages/modules/HealthFitness/+/69c320af3eff7e5b094c235a49e98d0e64fc26a3",
"target": {
"file": "framework/java/android/health/connect/datatypes/ExerciseSessionRecord.java"
},
"id": "ASB-A-303871379-f2082de7"
},
{
"signature_type": "Function",
"signature_version": "v1",
"deprecated": false,
"digest": {
"length": 294.0,
"function_hash": "150877185014473022801309137023511300991"
},
"source": "https://android.googlesource.com/platform/packages/modules/HealthFitness/+/69c320af3eff7e5b094c235a49e98d0e64fc26a3",
"target": {
"function": "getExtraDataReadRequests",
"file": "service/java/com/android/server/healthconnect/storage/datatypehelpers/ExerciseSessionRecordHelper.java"
},
"id": "ASB-A-303871379-fe28baac"
}
],
"severity": "High"
}