ASB-A-311687929
See a problem?- Import Source
- https://storage.googleapis.com/android-osv/ASB-A-311687929.json
- JSON Data
- https://api.osv.dev/v1/vulns/ASB-A-311687929
- Aliases
-
- A-311687929
- CVE-2024-0047
- Published
- 2024-03-01T00:00:00Z
- Modified
- 2026-04-24T15:37:38.793646Z
- Summary
- [none]
- Details
-
In writeUserLP of UserManagerService.java, device policies are serialized with an incorrect tag due to a logic error in the code. This could lead to local denial of service when policies are deserialized on reboot with no additional execution privileges needed. User interaction is not needed for exploitation.
- References
-
- https://source.android.com/security/bulletin/2024-03-01
- https://android.googlesource.com/platform/frameworks/base/+/3cd8a2c783fc736627b38f639fe4e239abcf6af1
- https://android.googlesource.com/platform/frameworks/base/+/bd5cc7f03256b328438b9bc3791c6b811a2f1f17
- https://android.googlesource.com/platform/frameworks/base/+/f516739398746fef7e0cf1437d9a40e2ad3c10bb
Affected packages
Android / platform/frameworks/base
Package
Ecosystem specific
{
"vanir_signatures": [
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"65211060261828833982426088633530397028",
"238894602674934805619115338734031989307",
"29574861180385915176436656229143718979",
"80620420539153281467642149250382596135",
"194584805148112031443557872127571747219",
"168105433164273375437248142075042882012",
"45524459603460074279939142182127796987",
"264512530940727082166956193672107479699",
"327537069119556785895055391458434478396",
"221120199256616433925151684985585868739",
"293333844477775633444087229211061498875"
]
},
"id": "ASB-A-311687929-0e2d5514",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/frameworks/base/+/24202a9b15c17739f211ede23d2afbd3be59365b",
"target": {
"file": "services/core/java/com/android/server/pm/UserManagerService.java"
}
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"235102504959757521096952681277335866608",
"336760266520649835342789760058996085469",
"82470238230925790419606155822968792438",
"89359336859412881606241483548958850083",
"164863303718138063880858923984581631331",
"6081852501114552576838151671877715185",
"251844991781972327567458885519887217512",
"190441250569056815069142804069736381202",
"37143557803921786274096379219831080556",
"146042621193807863179285093032325274459",
"216031854196377854925093077638599842473",
"49292425578082718822975136603907708669",
"138291294384737863164037881556251427491",
"199495451461933085453596952308156317390",
"166612743582357483126522827074581201704",
"89101320797881662871061284214596871097",
"151863400372015416106266812704720651468",
"226066932435087505899090168557240079118",
"270169537616256338371475948843134465494",
"159877161427683609565989270421414472172",
"28574739297644802325031973665129311160",
"118982179735971229890826333694905184658"
]
},
"id": "ASB-A-311687929-1a3e07e7",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/frameworks/base/+/5394ddbee5dd88a35e2a9a8508dc260395895ac1",
"target": {
"file": "services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyEngine.java"
}
},
{
"digest": {
"length": 5200.0,
"function_hash": "283613867898690513397758936246684014030"
},
"id": "ASB-A-311687929-57972569",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/frameworks/base/+/739281096aba494151f8c953f2d63ec9fd4c7e87",
"target": {
"function": "readUserLP",
"file": "services/core/java/com/android/server/pm/UserManagerService.java"
}
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"106396370369905837383895976081020023534",
"219355971740771445643251271690300946156",
"158612721900111371941643864959414449485",
"68412815873952271161609618833314641602",
"30044413331846810467463388122509163083",
"238167620621597300959673397537343932275",
"323107737279979551362930456990170127619",
"225304577693045770402230206841406786111",
"143806220849659630328226663187453244804",
"319037224060465236927722596033162889110",
"303698084486245297981947860362631988775",
"329263212149775338373221545074744492329",
"279025990544969428391408486671334548568",
"295973225337534630572795692243236418593",
"83971349660250164938715935868696487184",
"308572593811597954536140124558407428924",
"21899589726048629351848651622467777886",
"127713346647392087720218700847749300801",
"211767298997545656292926886431909335778",
"168301571648229572140302374126598605759",
"480448098223708534916180416168454999",
"111710742409733671282030554442341297007",
"108927271266268172692702082469178003232",
"319540614483045843519909444441601946144",
"213624254060315534054570667944504493902",
"118153859518566344185141745559861193090"
]
},
"id": "ASB-A-311687929-7649af1b",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/frameworks/base/+/739281096aba494151f8c953f2d63ec9fd4c7e87",
"target": {
"file": "services/core/java/com/android/server/pm/UserManagerService.java"
}
},
{
"digest": {
"length": 1124.0,
"function_hash": "215100365954108758035257023445290055101"
},
"id": "ASB-A-311687929-a7c1558a",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/frameworks/base/+/5394ddbee5dd88a35e2a9a8508dc260395895ac1",
"target": {
"function": "setGlobalPolicy",
"file": "services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyEngine.java"
}
},
{
"digest": {
"length": 496.0,
"function_hash": "91214321479560848432219854224299468213"
},
"id": "ASB-A-311687929-b04c1652",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/frameworks/base/+/5394ddbee5dd88a35e2a9a8508dc260395895ac1",
"target": {
"function": "removeGlobalPolicy",
"file": "services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyEngine.java"
}
},
{
"digest": {
"length": 2028.0,
"function_hash": "34704467215268911615335933078684820801"
},
"id": "ASB-A-311687929-b855e28d",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/frameworks/base/+/739281096aba494151f8c953f2d63ec9fd4c7e87",
"target": {
"function": "readUserListLP",
"file": "services/core/java/com/android/server/pm/UserManagerService.java"
}
},
{
"digest": {
"length": 482.0,
"function_hash": "158918564004045502273684293620511102669"
},
"id": "ASB-A-311687929-c19d2bd4",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/frameworks/base/+/739281096aba494151f8c953f2d63ec9fd4c7e87",
"target": {
"function": "readUserLP",
"file": "services/core/java/com/android/server/pm/UserManagerService.java"
}
},
{
"digest": {
"length": 3635.0,
"function_hash": "144548358230426864873260022106430419425"
},
"id": "ASB-A-311687929-c6e724b3",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/frameworks/base/+/24202a9b15c17739f211ede23d2afbd3be59365b",
"target": {
"function": "writeUserLP",
"file": "services/core/java/com/android/server/pm/UserManagerService.java"
}
},
{
"digest": {
"length": 1154.0,
"function_hash": "338201434678511786817700291787499627550"
},
"id": "ASB-A-311687929-c753e8e8",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/frameworks/base/+/5394ddbee5dd88a35e2a9a8508dc260395895ac1",
"target": {
"function": "setLocalPolicy",
"file": "services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyEngine.java"
}
},
{
"digest": {
"length": 798.0,
"function_hash": "122209268350348402820808765777810549135"
},
"id": "ASB-A-311687929-cc456709",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/frameworks/base/+/5394ddbee5dd88a35e2a9a8508dc260395895ac1",
"target": {
"function": "removeLocalPolicy",
"file": "services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyEngine.java"
}
}
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/24202a9b15c17739f211ede23d2afbd3be59365b",
"https://android.googlesource.com/platform/frameworks/base/+/739281096aba494151f8c953f2d63ec9fd4c7e87",
"https://android.googlesource.com/platform/frameworks/base/+/5394ddbee5dd88a35e2a9a8508dc260395895ac1"
],
"types": [
"DoS"
],
"spl": "2024-03-01",
"severity": "High"
}
Android / platform/frameworks/base
Package
Ecosystem specific
{
"vanir_signatures": [
{
"digest": {
"length": 3674.0,
"function_hash": "164913767687320501995212370440097774852"
},
"id": "ASB-A-311687929-138c6306",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/frameworks/base/+/c747c3fd1a0111eb699b950e645080470f0cead8",
"target": {
"function": "writeUserLP",
"file": "services/core/java/com/android/server/pm/UserManagerService.java"
}
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"106396370369905837383895976081020023534",
"219355971740771445643251271690300946156",
"158612721900111371941643864959414449485",
"68412815873952271161609618833314641602",
"30044413331846810467463388122509163083",
"238167620621597300959673397537343932275",
"323107737279979551362930456990170127619",
"225304577693045770402230206841406786111",
"143806220849659630328226663187453244804",
"319037224060465236927722596033162889110",
"303698084486245297981947860362631988775",
"329263212149775338373221545074744492329",
"279025990544969428391408486671334548568",
"295973225337534630572795692243236418593",
"83971349660250164938715935868696487184",
"308572593811597954536140124558407428924",
"21899589726048629351848651622467777886",
"127713346647392087720218700847749300801",
"211767298997545656292926886431909335778",
"168301571648229572140302374126598605759",
"480448098223708534916180416168454999",
"111710742409733671282030554442341297007",
"108927271266268172692702082469178003232",
"319540614483045843519909444441601946144",
"213624254060315534054570667944504493902",
"118153859518566344185141745559861193090"
]
},
"id": "ASB-A-311687929-1d4e7ef4",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/frameworks/base/+/f0d456b03b40c1ef5da728e365fecb70ee835fb8",
"target": {
"file": "services/core/java/com/android/server/pm/UserManagerService.java"
}
},
{
"digest": {
"length": 798.0,
"function_hash": "122209268350348402820808765777810549135"
},
"id": "ASB-A-311687929-331c15ed",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/frameworks/base/+/5394ddbee5dd88a35e2a9a8508dc260395895ac1",
"target": {
"function": "removeLocalPolicy",
"file": "services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyEngine.java"
}
},
{
"digest": {
"length": 1124.0,
"function_hash": "215100365954108758035257023445290055101"
},
"id": "ASB-A-311687929-6126dfcb",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/frameworks/base/+/5394ddbee5dd88a35e2a9a8508dc260395895ac1",
"target": {
"function": "setGlobalPolicy",
"file": "services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyEngine.java"
}
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"235102504959757521096952681277335866608",
"336760266520649835342789760058996085469",
"82470238230925790419606155822968792438",
"89359336859412881606241483548958850083",
"164863303718138063880858923984581631331",
"6081852501114552576838151671877715185",
"251844991781972327567458885519887217512",
"190441250569056815069142804069736381202",
"37143557803921786274096379219831080556",
"146042621193807863179285093032325274459",
"216031854196377854925093077638599842473",
"49292425578082718822975136603907708669",
"138291294384737863164037881556251427491",
"199495451461933085453596952308156317390",
"166612743582357483126522827074581201704",
"89101320797881662871061284214596871097",
"151863400372015416106266812704720651468",
"226066932435087505899090168557240079118",
"270169537616256338371475948843134465494",
"159877161427683609565989270421414472172",
"28574739297644802325031973665129311160",
"118982179735971229890826333694905184658"
]
},
"id": "ASB-A-311687929-76849992",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/frameworks/base/+/5394ddbee5dd88a35e2a9a8508dc260395895ac1",
"target": {
"file": "services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyEngine.java"
}
},
{
"digest": {
"length": 2028.0,
"function_hash": "34704467215268911615335933078684820801"
},
"id": "ASB-A-311687929-9c4237e0",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/frameworks/base/+/f0d456b03b40c1ef5da728e365fecb70ee835fb8",
"target": {
"function": "readUserListLP",
"file": "services/core/java/com/android/server/pm/UserManagerService.java"
}
},
{
"digest": {
"length": 1154.0,
"function_hash": "338201434678511786817700291787499627550"
},
"id": "ASB-A-311687929-b4562b84",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/frameworks/base/+/5394ddbee5dd88a35e2a9a8508dc260395895ac1",
"target": {
"function": "setLocalPolicy",
"file": "services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyEngine.java"
}
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"65211060261828833982426088633530397028",
"238894602674934805619115338734031989307",
"29574861180385915176436656229143718979",
"80620420539153281467642149250382596135",
"194584805148112031443557872127571747219",
"168105433164273375437248142075042882012",
"45524459603460074279939142182127796987",
"264512530940727082166956193672107479699",
"327537069119556785895055391458434478396",
"221120199256616433925151684985585868739",
"293333844477775633444087229211061498875"
]
},
"id": "ASB-A-311687929-b777b171",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/frameworks/base/+/c747c3fd1a0111eb699b950e645080470f0cead8",
"target": {
"file": "services/core/java/com/android/server/pm/UserManagerService.java"
}
},
{
"digest": {
"length": 482.0,
"function_hash": "158918564004045502273684293620511102669"
},
"id": "ASB-A-311687929-e9d49703",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/frameworks/base/+/f0d456b03b40c1ef5da728e365fecb70ee835fb8",
"target": {
"function": "readUserLP",
"file": "services/core/java/com/android/server/pm/UserManagerService.java"
}
},
{
"digest": {
"length": 5200.0,
"function_hash": "283613867898690513397758936246684014030"
},
"id": "ASB-A-311687929-eb3bafa0",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/frameworks/base/+/f0d456b03b40c1ef5da728e365fecb70ee835fb8",
"target": {
"function": "readUserLP",
"file": "services/core/java/com/android/server/pm/UserManagerService.java"
}
},
{
"digest": {
"length": 496.0,
"function_hash": "91214321479560848432219854224299468213"
},
"id": "ASB-A-311687929-ecb04bff",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/frameworks/base/+/5394ddbee5dd88a35e2a9a8508dc260395895ac1",
"target": {
"function": "removeGlobalPolicy",
"file": "services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyEngine.java"
}
}
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/c747c3fd1a0111eb699b950e645080470f0cead8",
"https://android.googlesource.com/platform/frameworks/base/+/f0d456b03b40c1ef5da728e365fecb70ee835fb8",
"https://android.googlesource.com/platform/frameworks/base/+/5394ddbee5dd88a35e2a9a8508dc260395895ac1"
],
"types": [
"DoS"
],
"spl": "2024-03-01",
"severity": "High"
}