ASB-A-316153291

See a problem?
Import Source
https://storage.googleapis.com/android-osv/ASB-A-316153291.json
JSON Data
https://api.osv.dev/v1/vulns/ASB-A-316153291
Aliases
Published
2024-06-01T00:00:00Z
Modified
2026-04-23T15:15:38.048727Z
Summary
[none]
Details

In multiple functions of ZygoteProcess.java, there is a possible way to achieve code execution as any app via WRITESECURESETTINGS due to unsafe deserialization. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.

References

Affected packages

Android
platform/frameworks/base

Package

Name
platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
14-next:0
Fixed
14-next:2024-06-01

Affected versions

Other
14-next

Ecosystem specific 

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 1178.0,
                "function_hash": "214448203349323599548795376745365520973"
            },
            "id": "ASB-A-316153291-4708fa78",
            "deprecated": false,
            "signature_version": "v1",
            "signature_type": "Function",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/7ba059e2cf0a2c20f9a849719cdc32b12c933a44",
            "target": {
                "function": "maybeSetApiDenylistExemptions",
                "file": "core/java/android/os/ZygoteProcess.java"
            }
        },
        {
            "digest": {
                "length": 657.0,
                "function_hash": "175695285244469626251881774535437376642"
            },
            "id": "ASB-A-316153291-8a5d6124",
            "deprecated": false,
            "signature_version": "v1",
            "signature_type": "Function",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/7ba059e2cf0a2c20f9a849719cdc32b12c933a44",
            "target": {
                "function": "zygoteSendArgsAndGetResult",
                "file": "core/java/android/os/ZygoteProcess.java"
            }
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "250685846269877699305537590881757732988",
                    "182524859769249996603924161581678875248",
                    "186756118610173750335684351721385489392",
                    "182453770008676228557481321627097140899",
                    "137382483238606221430484722300192924877",
                    "131451455353301429098872188703380899469",
                    "80825542379334931313093044566922438533"
                ]
            },
            "id": "ASB-A-316153291-fad5e15d",
            "deprecated": false,
            "signature_version": "v1",
            "signature_type": "Line",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/7ba059e2cf0a2c20f9a849719cdc32b12c933a44",
            "target": {
                "file": "core/java/android/os/ZygoteProcess.java"
            }
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/7ba059e2cf0a2c20f9a849719cdc32b12c933a44"
    ],
    "types": [
        "EoP"
    ],
    "spl": "2024-06-01",
    "severity": "High"
}

Database specific

source 
"https://storage.googleapis.com/android-osv/ASB-A-316153291.json"
platform/frameworks/base

Package

Name
platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
12:0
Fixed
12:2024-06-01

Affected versions

Other
12

Ecosystem specific 

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 1178.0,
                "function_hash": "214448203349323599548795376745365520973"
            },
            "id": "ASB-A-316153291-02ccd840",
            "deprecated": false,
            "signature_version": "v1",
            "signature_type": "Function",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/60669aa49aba34c0950d6246bd95b54f91a3c8e8",
            "target": {
                "function": "maybeSetApiDenylistExemptions",
                "file": "core/java/android/os/ZygoteProcess.java"
            }
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "250685846269877699305537590881757732988",
                    "182524859769249996603924161581678875248",
                    "186756118610173750335684351721385489392",
                    "182453770008676228557481321627097140899",
                    "137382483238606221430484722300192924877",
                    "131451455353301429098872188703380899469",
                    "80825542379334931313093044566922438533"
                ]
            },
            "id": "ASB-A-316153291-bb550b30",
            "deprecated": false,
            "signature_version": "v1",
            "signature_type": "Line",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/60669aa49aba34c0950d6246bd95b54f91a3c8e8",
            "target": {
                "file": "core/java/android/os/ZygoteProcess.java"
            }
        },
        {
            "digest": {
                "length": 657.0,
                "function_hash": "175695285244469626251881774535437376642"
            },
            "id": "ASB-A-316153291-cfeea0e6",
            "deprecated": false,
            "signature_version": "v1",
            "signature_type": "Function",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/60669aa49aba34c0950d6246bd95b54f91a3c8e8",
            "target": {
                "function": "zygoteSendArgsAndGetResult",
                "file": "core/java/android/os/ZygoteProcess.java"
            }
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/60669aa49aba34c0950d6246bd95b54f91a3c8e8"
    ],
    "types": [
        "EoP"
    ],
    "spl": "2024-06-01",
    "severity": "High"
}

Database specific

source 
"https://storage.googleapis.com/android-osv/ASB-A-316153291.json"
platform/frameworks/base

Package

Name
platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
12L:0
Fixed
12L:2024-06-01

Affected versions

Other
12L

Ecosystem specific 

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 1178.0,
                "function_hash": "214448203349323599548795376745365520973"
            },
            "id": "ASB-A-316153291-088a7ca6",
            "deprecated": false,
            "signature_version": "v1",
            "signature_type": "Function",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/60669aa49aba34c0950d6246bd95b54f91a3c8e8",
            "target": {
                "function": "maybeSetApiDenylistExemptions",
                "file": "core/java/android/os/ZygoteProcess.java"
            }
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "250685846269877699305537590881757732988",
                    "182524859769249996603924161581678875248",
                    "186756118610173750335684351721385489392",
                    "182453770008676228557481321627097140899",
                    "137382483238606221430484722300192924877",
                    "131451455353301429098872188703380899469",
                    "80825542379334931313093044566922438533"
                ]
            },
            "id": "ASB-A-316153291-852dfbdd",
            "deprecated": false,
            "signature_version": "v1",
            "signature_type": "Line",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/60669aa49aba34c0950d6246bd95b54f91a3c8e8",
            "target": {
                "file": "core/java/android/os/ZygoteProcess.java"
            }
        },
        {
            "digest": {
                "length": 657.0,
                "function_hash": "175695285244469626251881774535437376642"
            },
            "id": "ASB-A-316153291-9c54f351",
            "deprecated": false,
            "signature_version": "v1",
            "signature_type": "Function",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/60669aa49aba34c0950d6246bd95b54f91a3c8e8",
            "target": {
                "function": "zygoteSendArgsAndGetResult",
                "file": "core/java/android/os/ZygoteProcess.java"
            }
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/60669aa49aba34c0950d6246bd95b54f91a3c8e8"
    ],
    "types": [
        "EoP"
    ],
    "spl": "2024-06-01",
    "severity": "High"
}

Database specific

source 
"https://storage.googleapis.com/android-osv/ASB-A-316153291.json"
platform/frameworks/base

Package

Name
platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
13:0
Fixed
13:2024-06-01

Affected versions

Other
13

Ecosystem specific 

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 657.0,
                "function_hash": "175695285244469626251881774535437376642"
            },
            "id": "ASB-A-316153291-16f4247f",
            "deprecated": false,
            "signature_version": "v1",
            "signature_type": "Function",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/60669aa49aba34c0950d6246bd95b54f91a3c8e8",
            "target": {
                "function": "zygoteSendArgsAndGetResult",
                "file": "core/java/android/os/ZygoteProcess.java"
            }
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "250685846269877699305537590881757732988",
                    "182524859769249996603924161581678875248",
                    "186756118610173750335684351721385489392",
                    "182453770008676228557481321627097140899",
                    "137382483238606221430484722300192924877",
                    "131451455353301429098872188703380899469",
                    "80825542379334931313093044566922438533"
                ]
            },
            "id": "ASB-A-316153291-8250aede",
            "deprecated": false,
            "signature_version": "v1",
            "signature_type": "Line",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/60669aa49aba34c0950d6246bd95b54f91a3c8e8",
            "target": {
                "file": "core/java/android/os/ZygoteProcess.java"
            }
        },
        {
            "digest": {
                "length": 1178.0,
                "function_hash": "214448203349323599548795376745365520973"
            },
            "id": "ASB-A-316153291-9c55f11e",
            "deprecated": false,
            "signature_version": "v1",
            "signature_type": "Function",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/60669aa49aba34c0950d6246bd95b54f91a3c8e8",
            "target": {
                "function": "maybeSetApiDenylistExemptions",
                "file": "core/java/android/os/ZygoteProcess.java"
            }
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/60669aa49aba34c0950d6246bd95b54f91a3c8e8"
    ],
    "types": [
        "EoP"
    ],
    "spl": "2024-06-01",
    "severity": "High"
}

Database specific

source 
"https://storage.googleapis.com/android-osv/ASB-A-316153291.json"
platform/frameworks/base

Package

Name
platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
14:0
Fixed
14:2024-06-01

Affected versions

Other
14

Ecosystem specific 

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 657.0,
                "function_hash": "175695285244469626251881774535437376642"
            },
            "id": "ASB-A-316153291-0b9b2229",
            "deprecated": false,
            "signature_version": "v1",
            "signature_type": "Function",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/60669aa49aba34c0950d6246bd95b54f91a3c8e8",
            "target": {
                "function": "zygoteSendArgsAndGetResult",
                "file": "core/java/android/os/ZygoteProcess.java"
            }
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "250685846269877699305537590881757732988",
                    "182524859769249996603924161581678875248",
                    "186756118610173750335684351721385489392",
                    "182453770008676228557481321627097140899",
                    "137382483238606221430484722300192924877",
                    "131451455353301429098872188703380899469",
                    "80825542379334931313093044566922438533"
                ]
            },
            "id": "ASB-A-316153291-3e77f95b",
            "deprecated": false,
            "signature_version": "v1",
            "signature_type": "Line",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/60669aa49aba34c0950d6246bd95b54f91a3c8e8",
            "target": {
                "file": "core/java/android/os/ZygoteProcess.java"
            }
        },
        {
            "digest": {
                "length": 1178.0,
                "function_hash": "214448203349323599548795376745365520973"
            },
            "id": "ASB-A-316153291-474c4861",
            "deprecated": false,
            "signature_version": "v1",
            "signature_type": "Function",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/60669aa49aba34c0950d6246bd95b54f91a3c8e8",
            "target": {
                "function": "maybeSetApiDenylistExemptions",
                "file": "core/java/android/os/ZygoteProcess.java"
            }
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/60669aa49aba34c0950d6246bd95b54f91a3c8e8"
    ],
    "types": [
        "EoP"
    ],
    "spl": "2024-06-01",
    "severity": "High"
}

Database specific

source 
"https://storage.googleapis.com/android-osv/ASB-A-316153291.json"