ASB-A-316153291
See a problem?- Import Source
- https://storage.googleapis.com/android-osv/ASB-A-316153291.json
- JSON Data
- https://api.osv.dev/v1/vulns/ASB-A-316153291
- Aliases
-
- A-316153291
- CVE-2024-31317
- Published
- 2024-06-01T00:00:00Z
- Modified
- 2025-06-30T14:52:47.841487Z
- Summary
- [none]
- Details
-
In multiple functions of ZygoteProcess.java, there is a possible way to achieve code execution as any app via WRITESECURESETTINGS due to unsafe deserialization. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.
- References
Affected packages
Android / platform/frameworks/base
Package
Ecosystem specific
{
"severity": "High",
"spl": "2024-06-01",
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/7ba059e2cf0a2c20f9a849719cdc32b12c933a44"
],
"vanir_signatures": [
{
"signature_type": "Function",
"deprecated": false,
"target": {
"function": "maybeSetApiDenylistExemptions",
"file": "core/java/android/os/ZygoteProcess.java"
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/7ba059e2cf0a2c20f9a849719cdc32b12c933a44",
"id": "ASB-A-316153291-4708fa78",
"signature_version": "v1",
"digest": {
"length": 1178.0,
"function_hash": "214448203349323599548795376745365520973"
}
},
{
"signature_type": "Function",
"deprecated": false,
"target": {
"function": "zygoteSendArgsAndGetResult",
"file": "core/java/android/os/ZygoteProcess.java"
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/7ba059e2cf0a2c20f9a849719cdc32b12c933a44",
"id": "ASB-A-316153291-8a5d6124",
"signature_version": "v1",
"digest": {
"length": 657.0,
"function_hash": "175695285244469626251881774535437376642"
}
},
{
"signature_type": "Line",
"deprecated": false,
"target": {
"file": "core/java/android/os/ZygoteProcess.java"
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/7ba059e2cf0a2c20f9a849719cdc32b12c933a44",
"id": "ASB-A-316153291-fad5e15d",
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"250685846269877699305537590881757732988",
"182524859769249996603924161581678875248",
"186756118610173750335684351721385489392",
"182453770008676228557481321627097140899",
"137382483238606221430484722300192924877",
"131451455353301429098872188703380899469",
"80825542379334931313093044566922438533"
]
}
}
],
"types": [
"EoP"
]
}
Android / platform/frameworks/base
Package
Ecosystem specific
{
"severity": "High",
"spl": "2024-06-01",
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/60669aa49aba34c0950d6246bd95b54f91a3c8e8"
],
"vanir_signatures": [
{
"signature_type": "Function",
"deprecated": false,
"target": {
"function": "maybeSetApiDenylistExemptions",
"file": "core/java/android/os/ZygoteProcess.java"
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/60669aa49aba34c0950d6246bd95b54f91a3c8e8",
"id": "ASB-A-316153291-02ccd840",
"signature_version": "v1",
"digest": {
"length": 1178.0,
"function_hash": "214448203349323599548795376745365520973"
}
},
{
"signature_type": "Line",
"deprecated": false,
"target": {
"file": "core/java/android/os/ZygoteProcess.java"
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/60669aa49aba34c0950d6246bd95b54f91a3c8e8",
"id": "ASB-A-316153291-bb550b30",
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"250685846269877699305537590881757732988",
"182524859769249996603924161581678875248",
"186756118610173750335684351721385489392",
"182453770008676228557481321627097140899",
"137382483238606221430484722300192924877",
"131451455353301429098872188703380899469",
"80825542379334931313093044566922438533"
]
}
},
{
"signature_type": "Function",
"deprecated": false,
"target": {
"function": "zygoteSendArgsAndGetResult",
"file": "core/java/android/os/ZygoteProcess.java"
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/60669aa49aba34c0950d6246bd95b54f91a3c8e8",
"id": "ASB-A-316153291-cfeea0e6",
"signature_version": "v1",
"digest": {
"length": 657.0,
"function_hash": "175695285244469626251881774535437376642"
}
}
],
"types": [
"EoP"
]
}
Android / platform/frameworks/base
Package
Ecosystem specific
{
"severity": "High",
"spl": "2024-06-01",
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/60669aa49aba34c0950d6246bd95b54f91a3c8e8"
],
"vanir_signatures": [
{
"signature_type": "Function",
"deprecated": false,
"target": {
"function": "maybeSetApiDenylistExemptions",
"file": "core/java/android/os/ZygoteProcess.java"
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/60669aa49aba34c0950d6246bd95b54f91a3c8e8",
"id": "ASB-A-316153291-088a7ca6",
"signature_version": "v1",
"digest": {
"length": 1178.0,
"function_hash": "214448203349323599548795376745365520973"
}
},
{
"signature_type": "Line",
"deprecated": false,
"target": {
"file": "core/java/android/os/ZygoteProcess.java"
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/60669aa49aba34c0950d6246bd95b54f91a3c8e8",
"id": "ASB-A-316153291-852dfbdd",
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"250685846269877699305537590881757732988",
"182524859769249996603924161581678875248",
"186756118610173750335684351721385489392",
"182453770008676228557481321627097140899",
"137382483238606221430484722300192924877",
"131451455353301429098872188703380899469",
"80825542379334931313093044566922438533"
]
}
},
{
"signature_type": "Function",
"deprecated": false,
"target": {
"function": "zygoteSendArgsAndGetResult",
"file": "core/java/android/os/ZygoteProcess.java"
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/60669aa49aba34c0950d6246bd95b54f91a3c8e8",
"id": "ASB-A-316153291-9c54f351",
"signature_version": "v1",
"digest": {
"length": 657.0,
"function_hash": "175695285244469626251881774535437376642"
}
}
],
"types": [
"EoP"
]
}
Android / platform/frameworks/base
Package
Ecosystem specific
{
"severity": "High",
"spl": "2024-06-01",
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/60669aa49aba34c0950d6246bd95b54f91a3c8e8"
],
"vanir_signatures": [
{
"signature_type": "Function",
"deprecated": false,
"target": {
"function": "zygoteSendArgsAndGetResult",
"file": "core/java/android/os/ZygoteProcess.java"
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/60669aa49aba34c0950d6246bd95b54f91a3c8e8",
"id": "ASB-A-316153291-16f4247f",
"signature_version": "v1",
"digest": {
"length": 657.0,
"function_hash": "175695285244469626251881774535437376642"
}
},
{
"signature_type": "Line",
"deprecated": false,
"target": {
"file": "core/java/android/os/ZygoteProcess.java"
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/60669aa49aba34c0950d6246bd95b54f91a3c8e8",
"id": "ASB-A-316153291-8250aede",
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"250685846269877699305537590881757732988",
"182524859769249996603924161581678875248",
"186756118610173750335684351721385489392",
"182453770008676228557481321627097140899",
"137382483238606221430484722300192924877",
"131451455353301429098872188703380899469",
"80825542379334931313093044566922438533"
]
}
},
{
"signature_type": "Function",
"deprecated": false,
"target": {
"function": "maybeSetApiDenylistExemptions",
"file": "core/java/android/os/ZygoteProcess.java"
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/60669aa49aba34c0950d6246bd95b54f91a3c8e8",
"id": "ASB-A-316153291-9c55f11e",
"signature_version": "v1",
"digest": {
"length": 1178.0,
"function_hash": "214448203349323599548795376745365520973"
}
}
],
"types": [
"EoP"
]
}
Android / platform/frameworks/base
Package
Ecosystem specific
{
"severity": "High",
"spl": "2024-06-01",
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/60669aa49aba34c0950d6246bd95b54f91a3c8e8"
],
"vanir_signatures": [
{
"signature_type": "Function",
"deprecated": false,
"target": {
"function": "zygoteSendArgsAndGetResult",
"file": "core/java/android/os/ZygoteProcess.java"
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/60669aa49aba34c0950d6246bd95b54f91a3c8e8",
"id": "ASB-A-316153291-0b9b2229",
"signature_version": "v1",
"digest": {
"length": 657.0,
"function_hash": "175695285244469626251881774535437376642"
}
},
{
"signature_type": "Line",
"deprecated": false,
"target": {
"file": "core/java/android/os/ZygoteProcess.java"
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/60669aa49aba34c0950d6246bd95b54f91a3c8e8",
"id": "ASB-A-316153291-3e77f95b",
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"250685846269877699305537590881757732988",
"182524859769249996603924161581678875248",
"186756118610173750335684351721385489392",
"182453770008676228557481321627097140899",
"137382483238606221430484722300192924877",
"131451455353301429098872188703380899469",
"80825542379334931313093044566922438533"
]
}
},
{
"signature_type": "Function",
"deprecated": false,
"target": {
"function": "maybeSetApiDenylistExemptions",
"file": "core/java/android/os/ZygoteProcess.java"
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/60669aa49aba34c0950d6246bd95b54f91a3c8e8",
"id": "ASB-A-316153291-474c4861",
"signature_version": "v1",
"digest": {
"length": 1178.0,
"function_hash": "214448203349323599548795376745365520973"
}
}
],
"types": [
"EoP"
]
}