In attributeBytesBase64 and attributeBytesHex of BinaryXmlSerializer.java, there is a possible arbitrary XML injection due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
{ "vanir_signatures": [ { "digest": { "length": 305.0, "function_hash": "276202928956936777865925272387699035005" }, "id": "ASB-A-307288067-8c8c1bf6", "source": "https://android.googlesource.com/platform/frameworks/libs/modules-utils/+/8207203d4ee4210032a5d4e94d3cbf4635d7a890", "deprecated": false, "signature_version": "v1", "target": { "file": "java/com/android/modules/utils/BinaryXmlSerializer.java", "function": "attributeBytesHex" }, "signature_type": "Function" }, { "digest": { "length": 308.0, "function_hash": "123285881540088161321404136447312297041" }, "id": "ASB-A-307288067-97671524", "source": "https://android.googlesource.com/platform/frameworks/libs/modules-utils/+/8207203d4ee4210032a5d4e94d3cbf4635d7a890", "deprecated": false, "signature_version": "v1", "target": { "file": "java/com/android/modules/utils/BinaryXmlSerializer.java", "function": "attributeBytesBase64" }, "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "283722049743732542501552246218868566890", "124536555656711251714595757169315741186", "122184924213693488507879712964387799493", "112442495831665481300647493341313298518", "185107612995023145594395780461092034037", "146258699207377061517294099540023252159", "78225582879338290131721514303224868112", "84475282677288083217541497316840726603", "185107612995023145594395780461092034037" ] }, "id": "ASB-A-307288067-c0884d18", "source": "https://android.googlesource.com/platform/frameworks/libs/modules-utils/+/8207203d4ee4210032a5d4e94d3cbf4635d7a890", "deprecated": false, "signature_version": "v1", "target": { "file": "java/com/android/modules/utils/BinaryXmlSerializer.java" }, "signature_type": "Line" } ], "fixes": [ "https://android.googlesource.com/platform/frameworks/libs/modules-utils/+/8207203d4ee4210032a5d4e94d3cbf4635d7a890" ], "spl": "2024-08-01", "severity": "High", "types": [ "EoP" ] }
{ "vanir_signatures": [ { "digest": { "length": 308.0, "function_hash": "123285881540088161321404136447312297041" }, "id": "ASB-A-307288067-91dae152", "source": "https://android.googlesource.com/platform/frameworks/base/+/2f04963358987679cb4cbab085ec78c1b5e0ed0e", "deprecated": false, "signature_version": "v1", "target": { "file": "core/java/com/android/internal/util/BinaryXmlSerializer.java", "function": "attributeBytesBase64" }, "signature_type": "Function" }, { "digest": { "length": 305.0, "function_hash": "276202928956936777865925272387699035005" }, "id": "ASB-A-307288067-b4ba89ae", "source": "https://android.googlesource.com/platform/frameworks/base/+/2f04963358987679cb4cbab085ec78c1b5e0ed0e", "deprecated": false, "signature_version": "v1", "target": { "file": "core/java/com/android/internal/util/BinaryXmlSerializer.java", "function": "attributeBytesHex" }, "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "215027096968947984660538355209230953530", "292425170535058714301227834960314272490", "141389441976109996511672681276036685866", "124536555656711251714595757169315741186", "122184924213693488507879712964387799493", "112442495831665481300647493341313298518", "185107612995023145594395780461092034037", "146258699207377061517294099540023252159", "78225582879338290131721514303224868112", "84475282677288083217541497316840726603", "185107612995023145594395780461092034037" ] }, "id": "ASB-A-307288067-e213bdb3", "source": "https://android.googlesource.com/platform/frameworks/base/+/2f04963358987679cb4cbab085ec78c1b5e0ed0e", "deprecated": false, "signature_version": "v1", "target": { "file": "core/java/com/android/internal/util/BinaryXmlSerializer.java" }, "signature_type": "Line" } ], "fixes": [ "https://android.googlesource.com/platform/frameworks/base/+/2f04963358987679cb4cbab085ec78c1b5e0ed0e" ], "spl": "2024-08-01", "severity": "High", "types": [ "EoP" ] }
{ "vanir_signatures": [ { "digest": { "length": 308.0, "function_hash": "123285881540088161321404136447312297041" }, "id": "ASB-A-307288067-2b5d7f9d", "source": "https://android.googlesource.com/platform/frameworks/base/+/2f04963358987679cb4cbab085ec78c1b5e0ed0e", "deprecated": false, "signature_version": "v1", "target": { "file": "core/java/com/android/internal/util/BinaryXmlSerializer.java", "function": "attributeBytesBase64" }, "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "215027096968947984660538355209230953530", "292425170535058714301227834960314272490", "141389441976109996511672681276036685866", "124536555656711251714595757169315741186", "122184924213693488507879712964387799493", "112442495831665481300647493341313298518", "185107612995023145594395780461092034037", "146258699207377061517294099540023252159", "78225582879338290131721514303224868112", "84475282677288083217541497316840726603", "185107612995023145594395780461092034037" ] }, "id": "ASB-A-307288067-97756750", "source": "https://android.googlesource.com/platform/frameworks/base/+/2f04963358987679cb4cbab085ec78c1b5e0ed0e", "deprecated": false, "signature_version": "v1", "target": { "file": "core/java/com/android/internal/util/BinaryXmlSerializer.java" }, "signature_type": "Line" }, { "digest": { "length": 305.0, "function_hash": "276202928956936777865925272387699035005" }, "id": "ASB-A-307288067-ae08b6e4", "source": "https://android.googlesource.com/platform/frameworks/base/+/2f04963358987679cb4cbab085ec78c1b5e0ed0e", "deprecated": false, "signature_version": "v1", "target": { "file": "core/java/com/android/internal/util/BinaryXmlSerializer.java", "function": "attributeBytesHex" }, "signature_type": "Function" } ], "fixes": [ "https://android.googlesource.com/platform/frameworks/base/+/2f04963358987679cb4cbab085ec78c1b5e0ed0e" ], "spl": "2024-08-01", "severity": "High", "types": [ "EoP" ] }
{ "vanir_signatures": [ { "digest": { "length": 305.0, "function_hash": "276202928956936777865925272387699035005" }, "id": "ASB-A-307288067-549f8e22", "source": "https://android.googlesource.com/platform/frameworks/base/+/2f04963358987679cb4cbab085ec78c1b5e0ed0e", "deprecated": false, "signature_version": "v1", "target": { "file": "core/java/com/android/internal/util/BinaryXmlSerializer.java", "function": "attributeBytesHex" }, "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "215027096968947984660538355209230953530", "292425170535058714301227834960314272490", "141389441976109996511672681276036685866", "124536555656711251714595757169315741186", "122184924213693488507879712964387799493", "112442495831665481300647493341313298518", "185107612995023145594395780461092034037", "146258699207377061517294099540023252159", "78225582879338290131721514303224868112", "84475282677288083217541497316840726603", "185107612995023145594395780461092034037" ] }, "id": "ASB-A-307288067-ac8a12dc", "source": "https://android.googlesource.com/platform/frameworks/base/+/2f04963358987679cb4cbab085ec78c1b5e0ed0e", "deprecated": false, "signature_version": "v1", "target": { "file": "core/java/com/android/internal/util/BinaryXmlSerializer.java" }, "signature_type": "Line" }, { "digest": { "length": 308.0, "function_hash": "123285881540088161321404136447312297041" }, "id": "ASB-A-307288067-caff5f0f", "source": "https://android.googlesource.com/platform/frameworks/base/+/2f04963358987679cb4cbab085ec78c1b5e0ed0e", "deprecated": false, "signature_version": "v1", "target": { "file": "core/java/com/android/internal/util/BinaryXmlSerializer.java", "function": "attributeBytesBase64" }, "signature_type": "Function" } ], "fixes": [ "https://android.googlesource.com/platform/frameworks/base/+/2f04963358987679cb4cbab085ec78c1b5e0ed0e" ], "spl": "2024-08-01", "severity": "High", "types": [ "EoP" ] }
{ "vanir_signatures": [ { "digest": { "length": 305.0, "function_hash": "276202928956936777865925272387699035005" }, "id": "ASB-A-307288067-879ac2af", "source": "https://android.googlesource.com/platform/frameworks/libs/modules-utils/+/8207203d4ee4210032a5d4e94d3cbf4635d7a890", "deprecated": false, "signature_version": "v1", "target": { "file": "java/com/android/modules/utils/BinaryXmlSerializer.java", "function": "attributeBytesHex" }, "signature_type": "Function" }, { "digest": { "length": 308.0, "function_hash": "123285881540088161321404136447312297041" }, "id": "ASB-A-307288067-a15c9166", "source": "https://android.googlesource.com/platform/frameworks/libs/modules-utils/+/8207203d4ee4210032a5d4e94d3cbf4635d7a890", "deprecated": false, "signature_version": "v1", "target": { "file": "java/com/android/modules/utils/BinaryXmlSerializer.java", "function": "attributeBytesBase64" }, "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "283722049743732542501552246218868566890", "124536555656711251714595757169315741186", "122184924213693488507879712964387799493", "112442495831665481300647493341313298518", "185107612995023145594395780461092034037", "146258699207377061517294099540023252159", "78225582879338290131721514303224868112", "84475282677288083217541497316840726603", "185107612995023145594395780461092034037" ] }, "id": "ASB-A-307288067-a83843b8", "source": "https://android.googlesource.com/platform/frameworks/libs/modules-utils/+/8207203d4ee4210032a5d4e94d3cbf4635d7a890", "deprecated": false, "signature_version": "v1", "target": { "file": "java/com/android/modules/utils/BinaryXmlSerializer.java" }, "signature_type": "Line" } ], "fixes": [ "https://android.googlesource.com/platform/frameworks/libs/modules-utils/+/8207203d4ee4210032a5d4e94d3cbf4635d7a890" ], "spl": "2024-08-01", "severity": "High", "types": [ "EoP" ] }