ASB-A-311374917
See a problem?- Import Source
- https://storage.googleapis.com/android-osv/ASB-A-311374917.json
- JSON Data
- https://api.osv.dev/v1/vulns/ASB-A-311374917
- Aliases
-
- A-311374917
- CVE-2024-23710
- Published
- 2024-04-01T00:00:00Z
- Modified
- 2024-11-06T12:16:03.231308Z
- Summary
- [none]
- Details
-
In assertPackageWithSharedUserIdIsPrivileged of InstallPackageHelper.java, there is a possible execution of arbitrary app code as a privileged app due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
- References
Affected packages
Android / platform/frameworks/base
Package
Ecosystem specific
{
"vanir_signatures": [
{
"digest": {
"length": 826.0,
"function_hash": "12505857345462554148293220598473537586"
},
"id": "ASB-A-311374917-4baa5877",
"source": "https://android.googlesource.com/platform/frameworks/base/+/3ee5dfdcba047051ce81dca0696d6ddfeafe2d98",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/pm/InstallPackageHelper.java",
"function": "assertPackageWithSharedUserIdIsPrivileged"
},
"signature_type": "Function"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"142272491796128858570440272336916841188",
"279513179055953760729743009432046388456",
"305308426858841051546586543972104519175",
"12567486933665733474173183015902248950",
"220165907536449690886217814456094827069",
"337285818131042692911390527263006087866",
"295521679009619897283679069777166742903",
"103793691344167099316723857210348471246"
]
},
"id": "ASB-A-311374917-8f39f074",
"source": "https://android.googlesource.com/platform/frameworks/base/+/3ee5dfdcba047051ce81dca0696d6ddfeafe2d98",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/pm/InstallPackageHelper.java"
},
"signature_type": "Line"
},
{
"digest": {
"length": 906.0,
"function_hash": "320528743116069756233733524950064869206"
},
"id": "ASB-A-311374917-a813b5fd",
"source": "https://android.googlesource.com/platform/frameworks/base/+/3ee5dfdcba047051ce81dca0696d6ddfeafe2d98",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/pm/InstallPackageHelper.java",
"function": "adjustScanFlags"
},
"signature_type": "Function"
}
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/3ee5dfdcba047051ce81dca0696d6ddfeafe2d98"
],
"spl": "2024-04-01",
"severity": "High",
"types": [
"EoP"
]
}
Android / platform/frameworks/base
Package
Ecosystem specific
{
"vanir_signatures": [
{
"digest": {
"length": 621.0,
"function_hash": "191194278411708660071297782892624782688"
},
"id": "ASB-A-311374917-b71bb36a",
"source": "https://android.googlesource.com/platform/frameworks/base/+/e336c7d7c9ceb49d934bbef0d27ecef344ad80ed",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/pm/InstallPackageHelper.java",
"function": "assertPackageWithSharedUserIdIsPrivileged"
},
"signature_type": "Function"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"206097091774536576018069377390071347857",
"167175873591918855041008216592605271338",
"68082544462925368784189733918983487616",
"33804489427121108605448402949784032527",
"211358728494272279338184300418741513918",
"98771344621410748120718196559108324712",
"295521679009619897283679069777166742903",
"103793691344167099316723857210348471246"
]
},
"id": "ASB-A-311374917-d5d29578",
"source": "https://android.googlesource.com/platform/frameworks/base/+/e336c7d7c9ceb49d934bbef0d27ecef344ad80ed",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/pm/InstallPackageHelper.java"
},
"signature_type": "Line"
},
{
"digest": {
"length": 878.0,
"function_hash": "225627056482186595609933045230434181366"
},
"id": "ASB-A-311374917-f6961e50",
"source": "https://android.googlesource.com/platform/frameworks/base/+/e336c7d7c9ceb49d934bbef0d27ecef344ad80ed",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/pm/InstallPackageHelper.java",
"function": "adjustScanFlags"
},
"signature_type": "Function"
}
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/e336c7d7c9ceb49d934bbef0d27ecef344ad80ed"
],
"spl": "2024-04-01",
"severity": "High",
"types": [
"EoP"
]
}
Android / platform/frameworks/base
Package
Ecosystem specific
{
"vanir_signatures": [
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"322924574891058613524656956448922189852",
"181571442540212871866967831090097523026",
"32583951445100985607277820947261262750",
"146839883687927195019265597101361274235",
"169832658915590295332260788665070731075",
"292745688424894433140024777062283157937",
"295521679009619897283679069777166742903",
"103793691344167099316723857210348471246"
]
},
"id": "ASB-A-311374917-6690c62e",
"source": "https://android.googlesource.com/platform/frameworks/base/+/06775341ad7d77410798f95117cbee7a1a02c201",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/pm/InstallPackageHelper.java"
},
"signature_type": "Line"
},
{
"digest": {
"length": 930.0,
"function_hash": "201643041937659271403580841685827015038"
},
"id": "ASB-A-311374917-f19b6edd",
"source": "https://android.googlesource.com/platform/frameworks/base/+/06775341ad7d77410798f95117cbee7a1a02c201",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/pm/InstallPackageHelper.java",
"function": "adjustScanFlags"
},
"signature_type": "Function"
},
{
"digest": {
"length": 835.0,
"function_hash": "59292523802998733930792442565073158547"
},
"id": "ASB-A-311374917-f96daaa0",
"source": "https://android.googlesource.com/platform/frameworks/base/+/06775341ad7d77410798f95117cbee7a1a02c201",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/pm/InstallPackageHelper.java",
"function": "assertPackageWithSharedUserIdIsPrivileged"
},
"signature_type": "Function"
}
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/06775341ad7d77410798f95117cbee7a1a02c201"
],
"spl": "2024-04-01",
"severity": "High",
"types": [
"EoP"
]
}