ASB-A-313428840

See a problem?
Import Source
https://storage.googleapis.com/android-osv/ASB-A-313428840.json
JSON Data
https://api.osv.dev/v1/vulns/ASB-A-313428840
Aliases
  • A-313428840
  • CVE-2024-31318
Published
2024-06-01T00:00:00Z
Modified
2024-08-07T19:29:58.129572Z
Summary
Missing permission checks in CompanionDeviceShellCommand.java
Details

In CompanionDeviceManagerService.java, there is a possible way to pair a companion device without user acceptance due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

References

Affected packages

Android / platform/frameworks/base

Package

Name
platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
14-next:0
Fixed
14-next:2024-06-01

Affected versions

Other

14-next

Ecosystem specific 

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 379.0,
                "function_hash": "102204838511393825562015089429236352000"
            },
            "id": "ASB-A-313428840-8fae5daa",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/1f31bb181fc56f3deab5ce0d199220404991c438",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/companion/java/com/android/server/companion/CompanionDeviceManagerService.java",
                "function": "onShellCommand"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "188594284336700554854397148804721010541",
                    "145320688309268345662152260291470725413",
                    "7431628385945509680077112363191503693",
                    "100714508666420622330621387876412571307",
                    "191964982586776928958714552677092622024",
                    "95171455182987912448171911664558991177",
                    "47304871896001922448253629926867884951",
                    "96175693692410008216253105950369440776",
                    "190808728275320663413579279295464299389",
                    "35098791035505035869716637782121295573",
                    "205674531604651006279888049728957429478",
                    "259825123994287145354548690475839784389",
                    "303513712870750449856777415963882022463",
                    "110065593151944494037361116776898686475",
                    "309970897985635709644794294013147668243",
                    "160630655781335695108291450589529055142"
                ]
            },
            "id": "ASB-A-313428840-f8389a01",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/1f31bb181fc56f3deab5ce0d199220404991c438",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/companion/java/com/android/server/companion/CompanionDeviceManagerService.java"
            },
            "signature_type": "Line"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/1f31bb181fc56f3deab5ce0d199220404991c438"
    ],
    "spl": "2024-06-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}

Android / platform/frameworks/base

Package

Name
platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
12:0
Fixed
12:2024-06-01

Affected versions

Other

12

Ecosystem specific 

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "198417102019566965033004324174900915000",
                    "106731530058025131814064552595365079508",
                    "259854388630901689928062483535759239212",
                    "177116941139200848688262351973357514853",
                    "250278039044071273978507250667799992651",
                    "178672541915472496330539980743169647956",
                    "7431628385945509680077112363191503693",
                    "246953437866070915788126880217937169120",
                    "293772405389057592984504696320407616179",
                    "148240534737526401940279042131038406955",
                    "110494622924150882873229481353539473841",
                    "96175693692410008216253105950369440776",
                    "190808728275320663413579279295464299389",
                    "273728074536137173621308549930505367168",
                    "184498651880435337515698787098679684847",
                    "122856698942481140566106757287080089266",
                    "277499077012557027664116691943745193601"
                ]
            },
            "id": "ASB-A-313428840-a1e7ca6e",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/8d008c61451dba86aa9f14c6bcd661db2cea4856",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/companion/java/com/android/server/companion/CompanionDeviceManagerService.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 214.0,
                "function_hash": "155144965027971143031095477841855440924"
            },
            "id": "ASB-A-313428840-f3953abf",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/8d008c61451dba86aa9f14c6bcd661db2cea4856",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/companion/java/com/android/server/companion/CompanionDeviceManagerService.java",
                "function": "onShellCommand"
            },
            "signature_type": "Function"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/8d008c61451dba86aa9f14c6bcd661db2cea4856"
    ],
    "spl": "2024-06-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}

Android / platform/frameworks/base

Package

Name
platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
12L:0
Fixed
12L:2024-06-01

Affected versions

Other

12L

Ecosystem specific 

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 214.0,
                "function_hash": "155144965027971143031095477841855440924"
            },
            "id": "ASB-A-313428840-6593c2bd",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/eb68b0d423afb55159b1c02b0897f597c0905916",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/companion/java/com/android/server/companion/CompanionDeviceManagerService.java",
                "function": "onShellCommand"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "198417102019566965033004324174900915000",
                    "106731530058025131814064552595365079508",
                    "259854388630901689928062483535759239212",
                    "177116941139200848688262351973357514853",
                    "250278039044071273978507250667799992651",
                    "178672541915472496330539980743169647956",
                    "7431628385945509680077112363191503693",
                    "246953437866070915788126880217937169120",
                    "293772405389057592984504696320407616179",
                    "148240534737526401940279042131038406955",
                    "110494622924150882873229481353539473841",
                    "96175693692410008216253105950369440776",
                    "190808728275320663413579279295464299389",
                    "273728074536137173621308549930505367168",
                    "184498651880435337515698787098679684847",
                    "122856698942481140566106757287080089266",
                    "277499077012557027664116691943745193601"
                ]
            },
            "id": "ASB-A-313428840-ce5e4705",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/eb68b0d423afb55159b1c02b0897f597c0905916",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/companion/java/com/android/server/companion/CompanionDeviceManagerService.java"
            },
            "signature_type": "Line"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/eb68b0d423afb55159b1c02b0897f597c0905916"
    ],
    "spl": "2024-06-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}

Android / platform/frameworks/base

Package

Name
platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
13:0
Fixed
13:2024-06-01

Affected versions

Other

13

Ecosystem specific 

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 364.0,
                "function_hash": "213505421070328446555639739870397291866"
            },
            "id": "ASB-A-313428840-1d48c105",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/1ae3b43c248cdf5ee63311f06acd0ee19d93f0cd",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/companion/java/com/android/server/companion/CompanionDeviceManagerService.java",
                "function": "onShellCommand"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "224823870887417987122034460775929210660",
                    "46025526446874290439700405031423217070",
                    "133182271192193300113214878455391897200",
                    "67104893964950896427422683247559532800",
                    "188594284336700554854397148804721010541",
                    "145320688309268345662152260291470725413",
                    "7431628385945509680077112363191503693",
                    "100714508666420622330621387876412571307",
                    "191964982586776928958714552677092622024",
                    "95171455182987912448171911664558991177",
                    "47304871896001922448253629926867884951",
                    "96175693692410008216253105950369440776",
                    "190808728275320663413579279295464299389",
                    "80404283468252972241490381301765285172",
                    "327466180200887364537581424535003343113",
                    "264105563878247808248529109610066493092",
                    "113813386604831852471690434044119960007",
                    "330536976961184503700755228623585881764",
                    "73931761952328427351917291064524100114",
                    "157426751914106267864970440405581315537",
                    "110632165724422251277447466530839143976",
                    "121866084840164263896269922453974290945"
                ]
            },
            "id": "ASB-A-313428840-a4a7a2fb",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/1ae3b43c248cdf5ee63311f06acd0ee19d93f0cd",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/companion/java/com/android/server/companion/CompanionDeviceManagerService.java"
            },
            "signature_type": "Line"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/1ae3b43c248cdf5ee63311f06acd0ee19d93f0cd"
    ],
    "spl": "2024-06-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}

Android / platform/frameworks/base

Package

Name
platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
14:0
Fixed
14:2024-06-01

Affected versions

Other

14

Ecosystem specific 

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "188594284336700554854397148804721010541",
                    "145320688309268345662152260291470725413",
                    "7431628385945509680077112363191503693",
                    "100714508666420622330621387876412571307",
                    "191964982586776928958714552677092622024",
                    "95171455182987912448171911664558991177",
                    "47304871896001922448253629926867884951",
                    "96175693692410008216253105950369440776",
                    "190808728275320663413579279295464299389",
                    "35098791035505035869716637782121295573",
                    "28635933736701976854884262025547592214",
                    "102117236988273943933989309643162366509",
                    "162584322155829619721750585531513676310",
                    "117336191363162470512981144321104059964",
                    "309970897985635709644794294013147668243",
                    "160630655781335695108291450589529055142"
                ]
            },
            "id": "ASB-A-313428840-b7b6be60",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/54c968aaa66e9364bc0380c9a57af5c6844759aa",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/companion/java/com/android/server/companion/CompanionDeviceManagerService.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 382.0,
                "function_hash": "336279034343393733676619928393466321382"
            },
            "id": "ASB-A-313428840-d256bd2c",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/54c968aaa66e9364bc0380c9a57af5c6844759aa",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/companion/java/com/android/server/companion/CompanionDeviceManagerService.java",
                "function": "onShellCommand"
            },
            "signature_type": "Function"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/54c968aaa66e9364bc0380c9a57af5c6844759aa"
    ],
    "spl": "2024-06-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}