ASB-A-307532206
See a problem?- Import Source
- https://storage.googleapis.com/android-osv/ASB-A-307532206.json
- JSON Data
- https://api.osv.dev/v1/vulns/ASB-A-307532206
- Aliases
-
- A-307532206
- CVE-2024-0044
- GHSA-m7fh-f3w4-r6v2
- Published
- 2024-10-01T00:00:00Z
- Modified
- 2026-03-16T03:03:40.042903Z
- Summary
- [none]
- Details
-
In createSessionInternal of PackageInstallerService.java, there is a possible run-as any app due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
- References
Affected packages
Android
platform/frameworks/base
Package
- Name
- platform/frameworks/base
Ecosystem specific
{
"severity": "High",
"spl": "2024-10-01",
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/1f445474cd1b902b2e7292a0d24e58f020fd51e7",
"https://android.googlesource.com/platform/frameworks/base/+/c32cfc60ccf531470f6125b6019d8ab2452b3617"
],
"vanir_signatures": [
{
"id": "ASB-A-307532206-645330db",
"signature_type": "Function",
"digest": {
"function_hash": "118302423527281123188555171841019273990",
"length": 9877.0
},
"target": {
"file": "services/core/java/com/android/server/pm/PackageInstallerService.java",
"function": "createSessionInternal"
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/c32cfc60ccf531470f6125b6019d8ab2452b3617",
"signature_version": "v1",
"deprecated": false
},
{
"id": "ASB-A-307532206-7aecae62",
"signature_type": "Line",
"digest": {
"line_hashes": [
"284803680333932329887073626633948812525",
"179264801066443041600717415825501381523",
"231716843220810492233163875316964993044",
"130562515976894497144520941180629984392",
"10780416454602562257286144648161043842",
"302913260409292156218252619083035441236",
"186060393980121631587197748624094543373",
"297368605010644150633623733803819928263"
],
"threshold": 0.9
},
"target": {
"file": "services/core/java/com/android/server/pm/PackageInstallerService.java"
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/c32cfc60ccf531470f6125b6019d8ab2452b3617",
"signature_version": "v1",
"deprecated": false
},
{
"id": "ASB-A-307532206-8d798121",
"signature_type": "Function",
"digest": {
"function_hash": "80160765892421145253546014595266689531",
"length": 10242.0
},
"target": {
"file": "services/core/java/com/android/server/pm/PackageInstallerService.java",
"function": "createSessionInternal"
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/1f445474cd1b902b2e7292a0d24e58f020fd51e7",
"signature_version": "v1",
"deprecated": false
},
{
"id": "ASB-A-307532206-a668a93e",
"signature_type": "Line",
"digest": {
"line_hashes": [
"184706813287456333092556182924773192666",
"258525001705866154552060440427065763455",
"241981054553128876053032811736045737547",
"184132455716437459367256077854815697818",
"340132409577538132394476352327661106620",
"296302170137542778483489044574695533459",
"234414874153440323268187332248730764126",
"132812956931285130538267354160065218439",
"171843296994411148774272138938328996120",
"185919541569227081832448652292314921974",
"81316516492970505053815663782025134142",
"67877059201785154032388944281276260982",
"321417768265877557058235625636028017389",
"213060499428898817000109579431506996583",
"173986929311603877768057675392213566673",
"3146485719530314982434007919193743349",
"165658162129414390250905618359134524802",
"287929065946877560993198616651631817580",
"321848859495809826226404784193508854059"
],
"threshold": 0.9
},
"target": {
"file": "services/core/java/com/android/server/pm/PackageInstallerService.java"
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/1f445474cd1b902b2e7292a0d24e58f020fd51e7",
"signature_version": "v1",
"deprecated": false
}
],
"types": [
"EoP"
]
}platform/frameworks/base
Package
- Name
- platform/frameworks/base
Ecosystem specific
{
"severity": "High",
"spl": "2024-10-01",
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/a7e48c8d7e00962d335b0076266a5df98d41a21c",
"https://android.googlesource.com/platform/frameworks/base/+/e05cf74c0c80f552f0e651a842cf58b4b569c643"
],
"vanir_signatures": [
{
"id": "ASB-A-307532206-5f7abbf0",
"signature_type": "Line",
"digest": {
"line_hashes": [
"284803680333932329887073626633948812525",
"179264801066443041600717415825501381523",
"231716843220810492233163875316964993044",
"130562515976894497144520941180629984392",
"52829525764972174344745795726046268992",
"212728843764351394230506298557163257436",
"150554449849069317021174599277304386555"
],
"threshold": 0.9
},
"target": {
"file": "services/core/java/com/android/server/pm/PackageInstallerService.java"
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/e05cf74c0c80f552f0e651a842cf58b4b569c643",
"signature_version": "v1",
"deprecated": false
},
{
"id": "ASB-A-307532206-bdbe1371",
"signature_type": "Function",
"digest": {
"function_hash": "105982152797589214575266794798181856626",
"length": 8168.0
},
"target": {
"file": "services/core/java/com/android/server/pm/PackageInstallerService.java",
"function": "createSessionInternal"
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/a7e48c8d7e00962d335b0076266a5df98d41a21c",
"signature_version": "v1",
"deprecated": false
},
{
"id": "ASB-A-307532206-e8ca0130",
"signature_type": "Function",
"digest": {
"function_hash": "54316692619471435079030407728407939052",
"length": 8150.0
},
"target": {
"file": "services/core/java/com/android/server/pm/PackageInstallerService.java",
"function": "createSessionInternal"
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/e05cf74c0c80f552f0e651a842cf58b4b569c643",
"signature_version": "v1",
"deprecated": false
},
{
"id": "ASB-A-307532206-f48c50a9",
"signature_type": "Line",
"digest": {
"line_hashes": [
"184706813287456333092556182924773192666",
"258525001705866154552060440427065763455",
"241981054553128876053032811736045737547",
"184132455716437459367256077854815697818",
"340132409577538132394476352327661106620",
"296302170137542778483489044574695533459",
"234414874153440323268187332248730764126",
"132812956931285130538267354160065218439",
"171843296994411148774272138938328996120",
"185919541569227081832448652292314921974",
"81316516492970505053815663782025134142",
"67877059201785154032388944281276260982",
"321417768265877557058235625636028017389",
"171122632346458238787174789857011859587",
"202447351957260175776614468826789862025",
"280294645804323053104221568206506468235",
"65764947336376362045504290307912661310",
"107836095579188925345526484995796609692",
"321848859495809826226404784193508854059"
],
"threshold": 0.9
},
"target": {
"file": "services/core/java/com/android/server/pm/PackageInstallerService.java"
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/a7e48c8d7e00962d335b0076266a5df98d41a21c",
"signature_version": "v1",
"deprecated": false
}
],
"types": [
"EoP"
]
}platform/frameworks/base
Package
- Name
- platform/frameworks/base
Ecosystem specific
{
"severity": "High",
"spl": "2024-10-01",
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/d76643a89ae9a2b58a4151cd92c1f94f69cb60fa",
"https://android.googlesource.com/platform/frameworks/base/+/3c7a10d969b731d01a3a3f424cf122714e595dc5"
],
"vanir_signatures": [
{
"id": "ASB-A-307532206-5bc4b8bc",
"signature_type": "Function",
"digest": {
"function_hash": "54316692619471435079030407728407939052",
"length": 8150.0
},
"target": {
"file": "services/core/java/com/android/server/pm/PackageInstallerService.java",
"function": "createSessionInternal"
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/3c7a10d969b731d01a3a3f424cf122714e595dc5",
"signature_version": "v1",
"deprecated": false
},
{
"id": "ASB-A-307532206-7ae6b618",
"signature_type": "Line",
"digest": {
"line_hashes": [
"184706813287456333092556182924773192666",
"258525001705866154552060440427065763455",
"241981054553128876053032811736045737547",
"184132455716437459367256077854815697818",
"340132409577538132394476352327661106620",
"296302170137542778483489044574695533459",
"234414874153440323268187332248730764126",
"132812956931285130538267354160065218439",
"171843296994411148774272138938328996120",
"185919541569227081832448652292314921974",
"81316516492970505053815663782025134142",
"67877059201785154032388944281276260982",
"321417768265877557058235625636028017389",
"171122632346458238787174789857011859587",
"202447351957260175776614468826789862025",
"280294645804323053104221568206506468235",
"65764947336376362045504290307912661310",
"107836095579188925345526484995796609692",
"321848859495809826226404784193508854059"
],
"threshold": 0.9
},
"target": {
"file": "services/core/java/com/android/server/pm/PackageInstallerService.java"
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/d76643a89ae9a2b58a4151cd92c1f94f69cb60fa",
"signature_version": "v1",
"deprecated": false
},
{
"id": "ASB-A-307532206-a434a02c",
"signature_type": "Line",
"digest": {
"line_hashes": [
"284803680333932329887073626633948812525",
"179264801066443041600717415825501381523",
"231716843220810492233163875316964993044",
"130562515976894497144520941180629984392",
"52829525764972174344745795726046268992",
"212728843764351394230506298557163257436",
"150554449849069317021174599277304386555"
],
"threshold": 0.9
},
"target": {
"file": "services/core/java/com/android/server/pm/PackageInstallerService.java"
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/3c7a10d969b731d01a3a3f424cf122714e595dc5",
"signature_version": "v1",
"deprecated": false
},
{
"id": "ASB-A-307532206-f7992111",
"signature_type": "Function",
"digest": {
"function_hash": "105982152797589214575266794798181856626",
"length": 8168.0
},
"target": {
"file": "services/core/java/com/android/server/pm/PackageInstallerService.java",
"function": "createSessionInternal"
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/d76643a89ae9a2b58a4151cd92c1f94f69cb60fa",
"signature_version": "v1",
"deprecated": false
}
],
"types": [
"EoP"
]
}platform/frameworks/base
Package
- Name
- platform/frameworks/base
Ecosystem specific
{
"severity": "High",
"spl": "2024-10-01",
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/d42af9a50dcb1b0cf2035c4da7e46c960bcfbc37",
"https://android.googlesource.com/platform/frameworks/base/+/6dab15262bc864030d6f657e106fbbee6bfa3f4c"
],
"vanir_signatures": [
{
"id": "ASB-A-307532206-293a477d",
"signature_type": "Function",
"digest": {
"function_hash": "182968765642161681024506020680622970741",
"length": 8203.0
},
"target": {
"file": "services/core/java/com/android/server/pm/PackageInstallerService.java",
"function": "createSessionInternal"
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/6dab15262bc864030d6f657e106fbbee6bfa3f4c",
"signature_version": "v1",
"deprecated": false
},
{
"id": "ASB-A-307532206-4932a7e7",
"signature_type": "Line",
"digest": {
"line_hashes": [
"184706813287456333092556182924773192666",
"258525001705866154552060440427065763455",
"241981054553128876053032811736045737547",
"184132455716437459367256077854815697818",
"340132409577538132394476352327661106620",
"296302170137542778483489044574695533459",
"234414874153440323268187332248730764126",
"132812956931285130538267354160065218439",
"171843296994411148774272138938328996120",
"185919541569227081832448652292314921974",
"81316516492970505053815663782025134142",
"67877059201785154032388944281276260982",
"321417768265877557058235625636028017389",
"264829547840328954034593172517169388188",
"338835668675038633072261384189959331250",
"126925928947655615099797966750099646956",
"165658162129414390250905618359134524802",
"287929065946877560993198616651631817580",
"321848859495809826226404784193508854059"
],
"threshold": 0.9
},
"target": {
"file": "services/core/java/com/android/server/pm/PackageInstallerService.java"
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/d42af9a50dcb1b0cf2035c4da7e46c960bcfbc37",
"signature_version": "v1",
"deprecated": false
},
{
"id": "ASB-A-307532206-9224bf9b",
"signature_type": "Function",
"digest": {
"function_hash": "247043678569363673658822426146860755221",
"length": 8223.0
},
"target": {
"file": "services/core/java/com/android/server/pm/PackageInstallerService.java",
"function": "createSessionInternal"
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/d42af9a50dcb1b0cf2035c4da7e46c960bcfbc37",
"signature_version": "v1",
"deprecated": false
},
{
"id": "ASB-A-307532206-f8647d26",
"signature_type": "Line",
"digest": {
"line_hashes": [
"284803680333932329887073626633948812525",
"179264801066443041600717415825501381523",
"231716843220810492233163875316964993044",
"130562515976894497144520941180629984392",
"10780416454602562257286144648161043842",
"302913260409292156218252619083035441236",
"186060393980121631587197748624094543373",
"102274208052382614441820880570373103623"
],
"threshold": 0.9
},
"target": {
"file": "services/core/java/com/android/server/pm/PackageInstallerService.java"
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/6dab15262bc864030d6f657e106fbbee6bfa3f4c",
"signature_version": "v1",
"deprecated": false
}
],
"types": [
"EoP"
]
}platform/frameworks/base
Package
- Name
- platform/frameworks/base
Ecosystem specific
{
"severity": "High",
"spl": "2024-10-01",
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/8705e13d7c0f9fd1d73ea66619dc28e966d98666",
"https://android.googlesource.com/platform/frameworks/base/+/c32cfc60ccf531470f6125b6019d8ab2452b3617"
],
"vanir_signatures": [
{
"id": "ASB-A-307532206-4bd211d0",
"signature_type": "Line",
"digest": {
"line_hashes": [
"184706813287456333092556182924773192666",
"258525001705866154552060440427065763455",
"241981054553128876053032811736045737547",
"184132455716437459367256077854815697818",
"340132409577538132394476352327661106620",
"296302170137542778483489044574695533459",
"234414874153440323268187332248730764126",
"132812956931285130538267354160065218439",
"171843296994411148774272138938328996120",
"185919541569227081832448652292314921974",
"81316516492970505053815663782025134142",
"67877059201785154032388944281276260982",
"321417768265877557058235625636028017389",
"213060499428898817000109579431506996583",
"173986929311603877768057675392213566673",
"3146485719530314982434007919193743349",
"165658162129414390250905618359134524802",
"287929065946877560993198616651631817580",
"321848859495809826226404784193508854059"
],
"threshold": 0.9
},
"target": {
"file": "services/core/java/com/android/server/pm/PackageInstallerService.java"
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/8705e13d7c0f9fd1d73ea66619dc28e966d98666",
"signature_version": "v1",
"deprecated": false
},
{
"id": "ASB-A-307532206-8baf9e34",
"signature_type": "Function",
"digest": {
"function_hash": "155102222324006556214755447359289079931",
"length": 9897.0
},
"target": {
"file": "services/core/java/com/android/server/pm/PackageInstallerService.java",
"function": "createSessionInternal"
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/8705e13d7c0f9fd1d73ea66619dc28e966d98666",
"signature_version": "v1",
"deprecated": false
},
{
"id": "ASB-A-307532206-a619cf71",
"signature_type": "Function",
"digest": {
"function_hash": "118302423527281123188555171841019273990",
"length": 9877.0
},
"target": {
"file": "services/core/java/com/android/server/pm/PackageInstallerService.java",
"function": "createSessionInternal"
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/c32cfc60ccf531470f6125b6019d8ab2452b3617",
"signature_version": "v1",
"deprecated": false
},
{
"id": "ASB-A-307532206-aeab01c3",
"signature_type": "Line",
"digest": {
"line_hashes": [
"284803680333932329887073626633948812525",
"179264801066443041600717415825501381523",
"231716843220810492233163875316964993044",
"130562515976894497144520941180629984392",
"10780416454602562257286144648161043842",
"302913260409292156218252619083035441236",
"186060393980121631587197748624094543373",
"297368605010644150633623733803819928263"
],
"threshold": 0.9
},
"target": {
"file": "services/core/java/com/android/server/pm/PackageInstallerService.java"
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/c32cfc60ccf531470f6125b6019d8ab2452b3617",
"signature_version": "v1",
"deprecated": false
}
],
"types": [
"EoP"
]
}