ASB-A-317048338
See a problem?- Import Source
- https://storage.googleapis.com/android-osv/ASB-A-317048338.json
- JSON Data
- https://api.osv.dev/v1/vulns/ASB-A-317048338
- Aliases
-
- A-317048338
- CVE-2024-34723
- Published
- 2024-07-01T00:00:00Z
- Modified
- 2025-07-15T14:57:05.684759Z
- Summary
- [none]
- Details
-
In onTransact of ParcelableListBinder.java , there is a possible way to steal mAllowlistToken to launch an app from background due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
- References
Affected packages
Android / platform/frameworks/base
Package
Ecosystem specific
{
"types": [
"EoP"
],
"severity": "High",
"vanir_signatures": [
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"277414439674915683742142744915414494344",
"9155515753219081534698570184541400972",
"108523684834901997976744731577859307119",
"207650444937645740851379120624853955330",
"131871105866204800642630690674865431182",
"253195722049323863173684665670044847624",
"207371717012017084315715725166305903847",
"130340700937132950314679418677373074842",
"209868289336708692528790631341754177785",
"246906291923128057153073030125872865137",
"112898930566137033651887153629522846317"
]
},
"id": "ASB-A-317048338-1e26853a",
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/c5fc8ea92c0aabbb2fdccc23b743c18a8bf62e64",
"signature_version": "v1",
"signature_type": "Line",
"target": {
"file": "media/java/android/media/session/ParcelableListBinder.java"
}
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"223098869778792187233221702169479404469",
"148411122483376070416404714235843314034",
"193648132976712986893750581745768761410",
"159704646286461114910839525191750144915",
"234419997433143833309551793298012071675",
"139060567859374558189901606618907421782",
"23501822227056199231068231509741477459",
"287348090354746631072460210529853813400",
"254726124340971479487934881966816465097"
]
},
"id": "ASB-A-317048338-4d141020",
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/c5fc8ea92c0aabbb2fdccc23b743c18a8bf62e64",
"signature_version": "v1",
"signature_type": "Line",
"target": {
"file": "services/core/java/com/android/server/media/MediaSessionRecord.java"
}
},
{
"digest": {
"function_hash": "119401332131997474521646555619788514507",
"length": 212.0
},
"id": "ASB-A-317048338-adeafe8a",
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/c5fc8ea92c0aabbb2fdccc23b743c18a8bf62e64",
"signature_version": "v1",
"signature_type": "Function",
"target": {
"file": "services/core/java/com/android/server/media/MediaSessionRecord.java",
"function": "getBinderForSetQueue"
}
},
{
"digest": {
"function_hash": "119558734287650650039236647575312971643",
"length": 638.0
},
"id": "ASB-A-317048338-ce77b485",
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/c5fc8ea92c0aabbb2fdccc23b743c18a8bf62e64",
"signature_version": "v1",
"signature_type": "Function",
"target": {
"file": "media/java/android/media/session/ParcelableListBinder.java",
"function": "onTransact"
}
},
{
"digest": {
"function_hash": "96502798840140682248892902518676650319",
"length": 58.0
},
"id": "ASB-A-317048338-e1e08e75",
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/c5fc8ea92c0aabbb2fdccc23b743c18a8bf62e64",
"signature_version": "v1",
"signature_type": "Function",
"target": {
"file": "media/java/android/media/session/ParcelableListBinder.java",
"function": "ParcelableListBinder"
}
}
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/c5fc8ea92c0aabbb2fdccc23b743c18a8bf62e64"
],
"spl": "2024-07-01"
}
Android / platform/frameworks/base
Package
Ecosystem specific
{
"types": [
"EoP"
],
"severity": "High",
"vanir_signatures": [
{
"digest": {
"function_hash": "119558734287650650039236647575312971643",
"length": 638.0
},
"id": "ASB-A-317048338-097bc016",
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/df3584bb93ab89d7e174f7d39e42d4b22cb92fe0",
"signature_version": "v1",
"signature_type": "Function",
"target": {
"file": "media/java/android/media/session/ParcelableListBinder.java",
"function": "onTransact"
}
},
{
"digest": {
"function_hash": "119401332131997474521646555619788514507",
"length": 212.0
},
"id": "ASB-A-317048338-1bdd3633",
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/df3584bb93ab89d7e174f7d39e42d4b22cb92fe0",
"signature_version": "v1",
"signature_type": "Function",
"target": {
"file": "services/core/java/com/android/server/media/MediaSessionRecord.java",
"function": "getBinderForSetQueue"
}
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"277414439674915683742142744915414494344",
"9155515753219081534698570184541400972",
"108523684834901997976744731577859307119",
"207650444937645740851379120624853955330",
"131871105866204800642630690674865431182",
"253195722049323863173684665670044847624",
"207371717012017084315715725166305903847",
"130340700937132950314679418677373074842",
"209868289336708692528790631341754177785",
"246906291923128057153073030125872865137",
"112898930566137033651887153629522846317"
]
},
"id": "ASB-A-317048338-2d56e50d",
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/df3584bb93ab89d7e174f7d39e42d4b22cb92fe0",
"signature_version": "v1",
"signature_type": "Line",
"target": {
"file": "media/java/android/media/session/ParcelableListBinder.java"
}
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"223098869778792187233221702169479404469",
"148411122483376070416404714235843314034",
"193648132976712986893750581745768761410",
"159704646286461114910839525191750144915",
"234419997433143833309551793298012071675",
"139060567859374558189901606618907421782",
"23501822227056199231068231509741477459",
"287348090354746631072460210529853813400",
"254726124340971479487934881966816465097"
]
},
"id": "ASB-A-317048338-ac8b045c",
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/df3584bb93ab89d7e174f7d39e42d4b22cb92fe0",
"signature_version": "v1",
"signature_type": "Line",
"target": {
"file": "services/core/java/com/android/server/media/MediaSessionRecord.java"
}
},
{
"digest": {
"function_hash": "96502798840140682248892902518676650319",
"length": 58.0
},
"id": "ASB-A-317048338-f07aa195",
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/df3584bb93ab89d7e174f7d39e42d4b22cb92fe0",
"signature_version": "v1",
"signature_type": "Function",
"target": {
"file": "media/java/android/media/session/ParcelableListBinder.java",
"function": "ParcelableListBinder"
}
}
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/df3584bb93ab89d7e174f7d39e42d4b22cb92fe0"
],
"spl": "2024-07-01"
}
Android / platform/frameworks/base
Package
Ecosystem specific
{
"types": [
"EoP"
],
"severity": "High",
"vanir_signatures": [
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"277414439674915683742142744915414494344",
"9155515753219081534698570184541400972",
"108523684834901997976744731577859307119",
"207650444937645740851379120624853955330",
"131871105866204800642630690674865431182",
"253195722049323863173684665670044847624",
"207371717012017084315715725166305903847",
"130340700937132950314679418677373074842",
"209868289336708692528790631341754177785",
"246906291923128057153073030125872865137",
"112898930566137033651887153629522846317"
]
},
"id": "ASB-A-317048338-5f4d145c",
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/df3584bb93ab89d7e174f7d39e42d4b22cb92fe0",
"signature_version": "v1",
"signature_type": "Line",
"target": {
"file": "media/java/android/media/session/ParcelableListBinder.java"
}
},
{
"digest": {
"function_hash": "119401332131997474521646555619788514507",
"length": 212.0
},
"id": "ASB-A-317048338-74817cf4",
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/df3584bb93ab89d7e174f7d39e42d4b22cb92fe0",
"signature_version": "v1",
"signature_type": "Function",
"target": {
"file": "services/core/java/com/android/server/media/MediaSessionRecord.java",
"function": "getBinderForSetQueue"
}
},
{
"digest": {
"function_hash": "96502798840140682248892902518676650319",
"length": 58.0
},
"id": "ASB-A-317048338-9d0ab990",
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/df3584bb93ab89d7e174f7d39e42d4b22cb92fe0",
"signature_version": "v1",
"signature_type": "Function",
"target": {
"file": "media/java/android/media/session/ParcelableListBinder.java",
"function": "ParcelableListBinder"
}
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"223098869778792187233221702169479404469",
"148411122483376070416404714235843314034",
"193648132976712986893750581745768761410",
"159704646286461114910839525191750144915",
"234419997433143833309551793298012071675",
"139060567859374558189901606618907421782",
"23501822227056199231068231509741477459",
"287348090354746631072460210529853813400",
"254726124340971479487934881966816465097"
]
},
"id": "ASB-A-317048338-a6a291aa",
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/df3584bb93ab89d7e174f7d39e42d4b22cb92fe0",
"signature_version": "v1",
"signature_type": "Line",
"target": {
"file": "services/core/java/com/android/server/media/MediaSessionRecord.java"
}
},
{
"digest": {
"function_hash": "119558734287650650039236647575312971643",
"length": 638.0
},
"id": "ASB-A-317048338-d0efc56d",
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/df3584bb93ab89d7e174f7d39e42d4b22cb92fe0",
"signature_version": "v1",
"signature_type": "Function",
"target": {
"file": "media/java/android/media/session/ParcelableListBinder.java",
"function": "onTransact"
}
}
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/df3584bb93ab89d7e174f7d39e42d4b22cb92fe0"
],
"spl": "2024-07-01"
}
Android / platform/frameworks/base
Package
Ecosystem specific
{
"types": [
"EoP"
],
"severity": "High",
"vanir_signatures": [
{
"digest": {
"function_hash": "119401332131997474521646555619788514507",
"length": 212.0
},
"id": "ASB-A-317048338-1e5114b9",
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/df3584bb93ab89d7e174f7d39e42d4b22cb92fe0",
"signature_version": "v1",
"signature_type": "Function",
"target": {
"file": "services/core/java/com/android/server/media/MediaSessionRecord.java",
"function": "getBinderForSetQueue"
}
},
{
"digest": {
"function_hash": "96502798840140682248892902518676650319",
"length": 58.0
},
"id": "ASB-A-317048338-780241f8",
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/df3584bb93ab89d7e174f7d39e42d4b22cb92fe0",
"signature_version": "v1",
"signature_type": "Function",
"target": {
"file": "media/java/android/media/session/ParcelableListBinder.java",
"function": "ParcelableListBinder"
}
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"223098869778792187233221702169479404469",
"148411122483376070416404714235843314034",
"193648132976712986893750581745768761410",
"159704646286461114910839525191750144915",
"234419997433143833309551793298012071675",
"139060567859374558189901606618907421782",
"23501822227056199231068231509741477459",
"287348090354746631072460210529853813400",
"254726124340971479487934881966816465097"
]
},
"id": "ASB-A-317048338-8ad2960c",
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/df3584bb93ab89d7e174f7d39e42d4b22cb92fe0",
"signature_version": "v1",
"signature_type": "Line",
"target": {
"file": "services/core/java/com/android/server/media/MediaSessionRecord.java"
}
},
{
"digest": {
"function_hash": "119558734287650650039236647575312971643",
"length": 638.0
},
"id": "ASB-A-317048338-aeee0688",
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/df3584bb93ab89d7e174f7d39e42d4b22cb92fe0",
"signature_version": "v1",
"signature_type": "Function",
"target": {
"file": "media/java/android/media/session/ParcelableListBinder.java",
"function": "onTransact"
}
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"277414439674915683742142744915414494344",
"9155515753219081534698570184541400972",
"108523684834901997976744731577859307119",
"207650444937645740851379120624853955330",
"131871105866204800642630690674865431182",
"253195722049323863173684665670044847624",
"207371717012017084315715725166305903847",
"130340700937132950314679418677373074842",
"209868289336708692528790631341754177785",
"246906291923128057153073030125872865137",
"112898930566137033651887153629522846317"
]
},
"id": "ASB-A-317048338-ffe4cc06",
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/df3584bb93ab89d7e174f7d39e42d4b22cb92fe0",
"signature_version": "v1",
"signature_type": "Line",
"target": {
"file": "media/java/android/media/session/ParcelableListBinder.java"
}
}
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/df3584bb93ab89d7e174f7d39e42d4b22cb92fe0"
],
"spl": "2024-07-01"
}
Android / platform/frameworks/base
Package
Ecosystem specific
{
"types": [
"EoP"
],
"severity": "High",
"vanir_signatures": [
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"277414439674915683742142744915414494344",
"9155515753219081534698570184541400972",
"108523684834901997976744731577859307119",
"207650444937645740851379120624853955330",
"131871105866204800642630690674865431182",
"253195722049323863173684665670044847624",
"207371717012017084315715725166305903847",
"130340700937132950314679418677373074842",
"209868289336708692528790631341754177785",
"246906291923128057153073030125872865137",
"112898930566137033651887153629522846317"
]
},
"id": "ASB-A-317048338-1f5e3044",
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/df3584bb93ab89d7e174f7d39e42d4b22cb92fe0",
"signature_version": "v1",
"signature_type": "Line",
"target": {
"file": "media/java/android/media/session/ParcelableListBinder.java"
}
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"223098869778792187233221702169479404469",
"148411122483376070416404714235843314034",
"193648132976712986893750581745768761410",
"159704646286461114910839525191750144915",
"234419997433143833309551793298012071675",
"139060567859374558189901606618907421782",
"23501822227056199231068231509741477459",
"287348090354746631072460210529853813400",
"254726124340971479487934881966816465097"
]
},
"id": "ASB-A-317048338-246aa90f",
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/df3584bb93ab89d7e174f7d39e42d4b22cb92fe0",
"signature_version": "v1",
"signature_type": "Line",
"target": {
"file": "services/core/java/com/android/server/media/MediaSessionRecord.java"
}
},
{
"digest": {
"function_hash": "119558734287650650039236647575312971643",
"length": 638.0
},
"id": "ASB-A-317048338-2f65164b",
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/df3584bb93ab89d7e174f7d39e42d4b22cb92fe0",
"signature_version": "v1",
"signature_type": "Function",
"target": {
"file": "media/java/android/media/session/ParcelableListBinder.java",
"function": "onTransact"
}
},
{
"digest": {
"function_hash": "119401332131997474521646555619788514507",
"length": 212.0
},
"id": "ASB-A-317048338-6337cc19",
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/df3584bb93ab89d7e174f7d39e42d4b22cb92fe0",
"signature_version": "v1",
"signature_type": "Function",
"target": {
"file": "services/core/java/com/android/server/media/MediaSessionRecord.java",
"function": "getBinderForSetQueue"
}
},
{
"digest": {
"function_hash": "96502798840140682248892902518676650319",
"length": 58.0
},
"id": "ASB-A-317048338-7bc299b1",
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/df3584bb93ab89d7e174f7d39e42d4b22cb92fe0",
"signature_version": "v1",
"signature_type": "Function",
"target": {
"file": "media/java/android/media/session/ParcelableListBinder.java",
"function": "ParcelableListBinder"
}
}
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/df3584bb93ab89d7e174f7d39e42d4b22cb92fe0"
],
"spl": "2024-07-01"
}