ASB-A-317048338
See a problem?- Import Source
- https://storage.googleapis.com/android-osv/ASB-A-317048338.json
- JSON Data
- https://api.osv.dev/v1/vulns/ASB-A-317048338
- Aliases
-
- A-317048338
- CVE-2024-34723
- Published
- 2024-07-01T00:00:00Z
- Modified
- 2025-11-21T16:23:56.435667Z
- Summary
- [none]
- Details
-
In onTransact of ParcelableListBinder.java , there is a possible way to steal mAllowlistToken to launch an app from background due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
- References
Affected packages
Android
platform/frameworks/base
Package
- Name
- platform/frameworks/base
Ecosystem specific
{
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/c5fc8ea92c0aabbb2fdccc23b743c18a8bf62e64"
],
"types": [
"EoP"
],
"vanir_signatures": [
{
"signature_type": "Line",
"deprecated": false,
"target": {
"file": "media/java/android/media/session/ParcelableListBinder.java"
},
"digest": {
"line_hashes": [
"277414439674915683742142744915414494344",
"9155515753219081534698570184541400972",
"108523684834901997976744731577859307119",
"207650444937645740851379120624853955330",
"131871105866204800642630690674865431182",
"253195722049323863173684665670044847624",
"207371717012017084315715725166305903847",
"130340700937132950314679418677373074842",
"209868289336708692528790631341754177785",
"246906291923128057153073030125872865137",
"112898930566137033651887153629522846317"
],
"threshold": 0.9
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/c5fc8ea92c0aabbb2fdccc23b743c18a8bf62e64",
"signature_version": "v1",
"id": "ASB-A-317048338-1e26853a"
},
{
"signature_type": "Line",
"deprecated": false,
"target": {
"file": "services/core/java/com/android/server/media/MediaSessionRecord.java"
},
"digest": {
"line_hashes": [
"223098869778792187233221702169479404469",
"148411122483376070416404714235843314034",
"193648132976712986893750581745768761410",
"159704646286461114910839525191750144915",
"234419997433143833309551793298012071675",
"139060567859374558189901606618907421782",
"23501822227056199231068231509741477459",
"287348090354746631072460210529853813400",
"254726124340971479487934881966816465097"
],
"threshold": 0.9
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/c5fc8ea92c0aabbb2fdccc23b743c18a8bf62e64",
"signature_version": "v1",
"id": "ASB-A-317048338-4d141020"
},
{
"signature_type": "Function",
"deprecated": false,
"target": {
"file": "services/core/java/com/android/server/media/MediaSessionRecord.java",
"function": "getBinderForSetQueue"
},
"digest": {
"length": 212.0,
"function_hash": "119401332131997474521646555619788514507"
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/c5fc8ea92c0aabbb2fdccc23b743c18a8bf62e64",
"signature_version": "v1",
"id": "ASB-A-317048338-adeafe8a"
},
{
"signature_type": "Function",
"deprecated": false,
"target": {
"file": "media/java/android/media/session/ParcelableListBinder.java",
"function": "onTransact"
},
"digest": {
"length": 638.0,
"function_hash": "119558734287650650039236647575312971643"
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/c5fc8ea92c0aabbb2fdccc23b743c18a8bf62e64",
"signature_version": "v1",
"id": "ASB-A-317048338-ce77b485"
},
{
"signature_type": "Function",
"deprecated": false,
"target": {
"file": "media/java/android/media/session/ParcelableListBinder.java",
"function": "ParcelableListBinder"
},
"digest": {
"length": 58.0,
"function_hash": "96502798840140682248892902518676650319"
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/c5fc8ea92c0aabbb2fdccc23b743c18a8bf62e64",
"signature_version": "v1",
"id": "ASB-A-317048338-e1e08e75"
}
],
"spl": "2024-07-01",
"severity": "High"
}platform/frameworks/base
Package
- Name
- platform/frameworks/base
Ecosystem specific
{
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/df3584bb93ab89d7e174f7d39e42d4b22cb92fe0"
],
"types": [
"EoP"
],
"vanir_signatures": [
{
"signature_type": "Function",
"deprecated": false,
"target": {
"file": "media/java/android/media/session/ParcelableListBinder.java",
"function": "onTransact"
},
"digest": {
"length": 638.0,
"function_hash": "119558734287650650039236647575312971643"
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/df3584bb93ab89d7e174f7d39e42d4b22cb92fe0",
"signature_version": "v1",
"id": "ASB-A-317048338-097bc016"
},
{
"signature_type": "Function",
"deprecated": false,
"target": {
"file": "services/core/java/com/android/server/media/MediaSessionRecord.java",
"function": "getBinderForSetQueue"
},
"digest": {
"length": 212.0,
"function_hash": "119401332131997474521646555619788514507"
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/df3584bb93ab89d7e174f7d39e42d4b22cb92fe0",
"signature_version": "v1",
"id": "ASB-A-317048338-1bdd3633"
},
{
"signature_type": "Line",
"deprecated": false,
"target": {
"file": "media/java/android/media/session/ParcelableListBinder.java"
},
"digest": {
"line_hashes": [
"277414439674915683742142744915414494344",
"9155515753219081534698570184541400972",
"108523684834901997976744731577859307119",
"207650444937645740851379120624853955330",
"131871105866204800642630690674865431182",
"253195722049323863173684665670044847624",
"207371717012017084315715725166305903847",
"130340700937132950314679418677373074842",
"209868289336708692528790631341754177785",
"246906291923128057153073030125872865137",
"112898930566137033651887153629522846317"
],
"threshold": 0.9
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/df3584bb93ab89d7e174f7d39e42d4b22cb92fe0",
"signature_version": "v1",
"id": "ASB-A-317048338-2d56e50d"
},
{
"signature_type": "Line",
"deprecated": false,
"target": {
"file": "services/core/java/com/android/server/media/MediaSessionRecord.java"
},
"digest": {
"line_hashes": [
"223098869778792187233221702169479404469",
"148411122483376070416404714235843314034",
"193648132976712986893750581745768761410",
"159704646286461114910839525191750144915",
"234419997433143833309551793298012071675",
"139060567859374558189901606618907421782",
"23501822227056199231068231509741477459",
"287348090354746631072460210529853813400",
"254726124340971479487934881966816465097"
],
"threshold": 0.9
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/df3584bb93ab89d7e174f7d39e42d4b22cb92fe0",
"signature_version": "v1",
"id": "ASB-A-317048338-ac8b045c"
},
{
"signature_type": "Function",
"deprecated": false,
"target": {
"file": "media/java/android/media/session/ParcelableListBinder.java",
"function": "ParcelableListBinder"
},
"digest": {
"length": 58.0,
"function_hash": "96502798840140682248892902518676650319"
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/df3584bb93ab89d7e174f7d39e42d4b22cb92fe0",
"signature_version": "v1",
"id": "ASB-A-317048338-f07aa195"
}
],
"spl": "2024-07-01",
"severity": "High"
}platform/frameworks/base
Package
- Name
- platform/frameworks/base
Ecosystem specific
{
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/df3584bb93ab89d7e174f7d39e42d4b22cb92fe0"
],
"types": [
"EoP"
],
"vanir_signatures": [
{
"signature_type": "Line",
"deprecated": false,
"target": {
"file": "media/java/android/media/session/ParcelableListBinder.java"
},
"digest": {
"line_hashes": [
"277414439674915683742142744915414494344",
"9155515753219081534698570184541400972",
"108523684834901997976744731577859307119",
"207650444937645740851379120624853955330",
"131871105866204800642630690674865431182",
"253195722049323863173684665670044847624",
"207371717012017084315715725166305903847",
"130340700937132950314679418677373074842",
"209868289336708692528790631341754177785",
"246906291923128057153073030125872865137",
"112898930566137033651887153629522846317"
],
"threshold": 0.9
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/df3584bb93ab89d7e174f7d39e42d4b22cb92fe0",
"signature_version": "v1",
"id": "ASB-A-317048338-5f4d145c"
},
{
"signature_type": "Function",
"deprecated": false,
"target": {
"file": "services/core/java/com/android/server/media/MediaSessionRecord.java",
"function": "getBinderForSetQueue"
},
"digest": {
"length": 212.0,
"function_hash": "119401332131997474521646555619788514507"
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/df3584bb93ab89d7e174f7d39e42d4b22cb92fe0",
"signature_version": "v1",
"id": "ASB-A-317048338-74817cf4"
},
{
"signature_type": "Function",
"deprecated": false,
"target": {
"file": "media/java/android/media/session/ParcelableListBinder.java",
"function": "ParcelableListBinder"
},
"digest": {
"length": 58.0,
"function_hash": "96502798840140682248892902518676650319"
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/df3584bb93ab89d7e174f7d39e42d4b22cb92fe0",
"signature_version": "v1",
"id": "ASB-A-317048338-9d0ab990"
},
{
"signature_type": "Line",
"deprecated": false,
"target": {
"file": "services/core/java/com/android/server/media/MediaSessionRecord.java"
},
"digest": {
"line_hashes": [
"223098869778792187233221702169479404469",
"148411122483376070416404714235843314034",
"193648132976712986893750581745768761410",
"159704646286461114910839525191750144915",
"234419997433143833309551793298012071675",
"139060567859374558189901606618907421782",
"23501822227056199231068231509741477459",
"287348090354746631072460210529853813400",
"254726124340971479487934881966816465097"
],
"threshold": 0.9
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/df3584bb93ab89d7e174f7d39e42d4b22cb92fe0",
"signature_version": "v1",
"id": "ASB-A-317048338-a6a291aa"
},
{
"signature_type": "Function",
"deprecated": false,
"target": {
"file": "media/java/android/media/session/ParcelableListBinder.java",
"function": "onTransact"
},
"digest": {
"length": 638.0,
"function_hash": "119558734287650650039236647575312971643"
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/df3584bb93ab89d7e174f7d39e42d4b22cb92fe0",
"signature_version": "v1",
"id": "ASB-A-317048338-d0efc56d"
}
],
"spl": "2024-07-01",
"severity": "High"
}platform/frameworks/base
Package
- Name
- platform/frameworks/base
Ecosystem specific
{
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/df3584bb93ab89d7e174f7d39e42d4b22cb92fe0"
],
"types": [
"EoP"
],
"vanir_signatures": [
{
"signature_type": "Function",
"deprecated": false,
"target": {
"file": "services/core/java/com/android/server/media/MediaSessionRecord.java",
"function": "getBinderForSetQueue"
},
"digest": {
"length": 212.0,
"function_hash": "119401332131997474521646555619788514507"
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/df3584bb93ab89d7e174f7d39e42d4b22cb92fe0",
"signature_version": "v1",
"id": "ASB-A-317048338-1e5114b9"
},
{
"signature_type": "Function",
"deprecated": false,
"target": {
"file": "media/java/android/media/session/ParcelableListBinder.java",
"function": "ParcelableListBinder"
},
"digest": {
"length": 58.0,
"function_hash": "96502798840140682248892902518676650319"
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/df3584bb93ab89d7e174f7d39e42d4b22cb92fe0",
"signature_version": "v1",
"id": "ASB-A-317048338-780241f8"
},
{
"signature_type": "Line",
"deprecated": false,
"target": {
"file": "services/core/java/com/android/server/media/MediaSessionRecord.java"
},
"digest": {
"line_hashes": [
"223098869778792187233221702169479404469",
"148411122483376070416404714235843314034",
"193648132976712986893750581745768761410",
"159704646286461114910839525191750144915",
"234419997433143833309551793298012071675",
"139060567859374558189901606618907421782",
"23501822227056199231068231509741477459",
"287348090354746631072460210529853813400",
"254726124340971479487934881966816465097"
],
"threshold": 0.9
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/df3584bb93ab89d7e174f7d39e42d4b22cb92fe0",
"signature_version": "v1",
"id": "ASB-A-317048338-8ad2960c"
},
{
"signature_type": "Function",
"deprecated": false,
"target": {
"file": "media/java/android/media/session/ParcelableListBinder.java",
"function": "onTransact"
},
"digest": {
"length": 638.0,
"function_hash": "119558734287650650039236647575312971643"
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/df3584bb93ab89d7e174f7d39e42d4b22cb92fe0",
"signature_version": "v1",
"id": "ASB-A-317048338-aeee0688"
},
{
"signature_type": "Line",
"deprecated": false,
"target": {
"file": "media/java/android/media/session/ParcelableListBinder.java"
},
"digest": {
"line_hashes": [
"277414439674915683742142744915414494344",
"9155515753219081534698570184541400972",
"108523684834901997976744731577859307119",
"207650444937645740851379120624853955330",
"131871105866204800642630690674865431182",
"253195722049323863173684665670044847624",
"207371717012017084315715725166305903847",
"130340700937132950314679418677373074842",
"209868289336708692528790631341754177785",
"246906291923128057153073030125872865137",
"112898930566137033651887153629522846317"
],
"threshold": 0.9
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/df3584bb93ab89d7e174f7d39e42d4b22cb92fe0",
"signature_version": "v1",
"id": "ASB-A-317048338-ffe4cc06"
}
],
"spl": "2024-07-01",
"severity": "High"
}platform/frameworks/base
Package
- Name
- platform/frameworks/base
Ecosystem specific
{
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/df3584bb93ab89d7e174f7d39e42d4b22cb92fe0"
],
"types": [
"EoP"
],
"vanir_signatures": [
{
"signature_type": "Line",
"deprecated": false,
"target": {
"file": "media/java/android/media/session/ParcelableListBinder.java"
},
"digest": {
"line_hashes": [
"277414439674915683742142744915414494344",
"9155515753219081534698570184541400972",
"108523684834901997976744731577859307119",
"207650444937645740851379120624853955330",
"131871105866204800642630690674865431182",
"253195722049323863173684665670044847624",
"207371717012017084315715725166305903847",
"130340700937132950314679418677373074842",
"209868289336708692528790631341754177785",
"246906291923128057153073030125872865137",
"112898930566137033651887153629522846317"
],
"threshold": 0.9
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/df3584bb93ab89d7e174f7d39e42d4b22cb92fe0",
"signature_version": "v1",
"id": "ASB-A-317048338-1f5e3044"
},
{
"signature_type": "Line",
"deprecated": false,
"target": {
"file": "services/core/java/com/android/server/media/MediaSessionRecord.java"
},
"digest": {
"line_hashes": [
"223098869778792187233221702169479404469",
"148411122483376070416404714235843314034",
"193648132976712986893750581745768761410",
"159704646286461114910839525191750144915",
"234419997433143833309551793298012071675",
"139060567859374558189901606618907421782",
"23501822227056199231068231509741477459",
"287348090354746631072460210529853813400",
"254726124340971479487934881966816465097"
],
"threshold": 0.9
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/df3584bb93ab89d7e174f7d39e42d4b22cb92fe0",
"signature_version": "v1",
"id": "ASB-A-317048338-246aa90f"
},
{
"signature_type": "Function",
"deprecated": false,
"target": {
"file": "media/java/android/media/session/ParcelableListBinder.java",
"function": "onTransact"
},
"digest": {
"length": 638.0,
"function_hash": "119558734287650650039236647575312971643"
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/df3584bb93ab89d7e174f7d39e42d4b22cb92fe0",
"signature_version": "v1",
"id": "ASB-A-317048338-2f65164b"
},
{
"signature_type": "Function",
"deprecated": false,
"target": {
"file": "services/core/java/com/android/server/media/MediaSessionRecord.java",
"function": "getBinderForSetQueue"
},
"digest": {
"length": 212.0,
"function_hash": "119401332131997474521646555619788514507"
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/df3584bb93ab89d7e174f7d39e42d4b22cb92fe0",
"signature_version": "v1",
"id": "ASB-A-317048338-6337cc19"
},
{
"signature_type": "Function",
"deprecated": false,
"target": {
"file": "media/java/android/media/session/ParcelableListBinder.java",
"function": "ParcelableListBinder"
},
"digest": {
"length": 58.0,
"function_hash": "96502798840140682248892902518676650319"
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/df3584bb93ab89d7e174f7d39e42d4b22cb92fe0",
"signature_version": "v1",
"id": "ASB-A-317048338-7bc299b1"
}
],
"spl": "2024-07-01",
"severity": "High"
}