ASB-A-317357401
See a problem?- Import Source
- https://storage.googleapis.com/android-osv/ASB-A-317357401.json
- JSON Data
- https://api.osv.dev/v1/vulns/ASB-A-317357401
- Aliases
-
- A-317357401
- CVE-2024-31319
- Published
- 2024-06-01T00:00:00Z
- Modified
- 2024-08-07T19:29:39.691830Z
- Summary
- Reveal audios across users via com.android.server.notification.NotificationManagerService.mService.updateNotificationChannelFromPrivilegedListener
- Details
-
In updateNotificationChannelFromPrivilegedListener of NotificationManagerService.java, there is a possible cross-user data leak due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
- References
Affected packages
Android / platform/frameworks/base
Package
Ecosystem specific
{
"vanir_signatures": [
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"31287492701327525587553268474314366707",
"211333370001482191627373556504564887273",
"149466857873542340337283917965440199878",
"202529696901664688674904472568994251584",
"25932733042716518315183543869357519133",
"200041717468942043478064468077135939358",
"99688494814173390964143094504022483037"
]
},
"id": "ASB-A-317357401-21055193",
"source": "https://android.googlesource.com/platform/frameworks/base/+/9b7bbbf5ad542ecf9ecbf8cd819b468791b443c0",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/notification/NotificationManagerService.java"
},
"signature_type": "Line"
},
{
"digest": {
"length": 294.0,
"function_hash": "94841447874713791451955670877740894498"
},
"id": "ASB-A-317357401-703022c3",
"source": "https://android.googlesource.com/platform/frameworks/base/+/9b7bbbf5ad542ecf9ecbf8cd819b468791b443c0",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/notification/NotificationManagerService.java",
"function": "updateNotificationChannelFromPrivilegedListener"
},
"signature_type": "Function"
}
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/9b7bbbf5ad542ecf9ecbf8cd819b468791b443c0"
],
"spl": "2024-06-01",
"severity": "High",
"types": [
"EoP"
]
}
Android / platform/frameworks/base
Package
Ecosystem specific
{
"vanir_signatures": [
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"31287492701327525587553268474314366707",
"211333370001482191627373556504564887273",
"149466857873542340337283917965440199878",
"202529696901664688674904472568994251584",
"25932733042716518315183543869357519133",
"200041717468942043478064468077135939358",
"99688494814173390964143094504022483037"
]
},
"id": "ASB-A-317357401-3ae51463",
"source": "https://android.googlesource.com/platform/frameworks/base/+/f090c0538a27d8658d8a860046d5c5e931302341",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/notification/NotificationManagerService.java"
},
"signature_type": "Line"
},
{
"digest": {
"length": 294.0,
"function_hash": "94841447874713791451955670877740894498"
},
"id": "ASB-A-317357401-f7f58582",
"source": "https://android.googlesource.com/platform/frameworks/base/+/f090c0538a27d8658d8a860046d5c5e931302341",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/notification/NotificationManagerService.java",
"function": "updateNotificationChannelFromPrivilegedListener"
},
"signature_type": "Function"
}
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/f090c0538a27d8658d8a860046d5c5e931302341"
],
"spl": "2024-06-01",
"severity": "High",
"types": [
"EoP"
]
}
Android / platform/frameworks/base
Package
Ecosystem specific
{
"vanir_signatures": [
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"31287492701327525587553268474314366707",
"211333370001482191627373556504564887273",
"149466857873542340337283917965440199878",
"202529696901664688674904472568994251584",
"25932733042716518315183543869357519133",
"200041717468942043478064468077135939358",
"99688494814173390964143094504022483037"
]
},
"id": "ASB-A-317357401-4a062c49",
"source": "https://android.googlesource.com/platform/frameworks/base/+/f090c0538a27d8658d8a860046d5c5e931302341",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/notification/NotificationManagerService.java"
},
"signature_type": "Line"
},
{
"digest": {
"length": 294.0,
"function_hash": "94841447874713791451955670877740894498"
},
"id": "ASB-A-317357401-87406ccf",
"source": "https://android.googlesource.com/platform/frameworks/base/+/f090c0538a27d8658d8a860046d5c5e931302341",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/notification/NotificationManagerService.java",
"function": "updateNotificationChannelFromPrivilegedListener"
},
"signature_type": "Function"
}
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/f090c0538a27d8658d8a860046d5c5e931302341"
],
"spl": "2024-06-01",
"severity": "High",
"types": [
"EoP"
]
}
Android / platform/frameworks/base
Package
Ecosystem specific
{
"vanir_signatures": [
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"31287492701327525587553268474314366707",
"211333370001482191627373556504564887273",
"149466857873542340337283917965440199878",
"202529696901664688674904472568994251584",
"25932733042716518315183543869357519133",
"200041717468942043478064468077135939358",
"99688494814173390964143094504022483037"
]
},
"id": "ASB-A-317357401-25042b87",
"source": "https://android.googlesource.com/platform/frameworks/base/+/2f26c0def503d3b8032c99adc8a11be87e35cdeb",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/notification/NotificationManagerService.java"
},
"signature_type": "Line"
},
{
"digest": {
"length": 294.0,
"function_hash": "94841447874713791451955670877740894498"
},
"id": "ASB-A-317357401-9a735fc8",
"source": "https://android.googlesource.com/platform/frameworks/base/+/2f26c0def503d3b8032c99adc8a11be87e35cdeb",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/notification/NotificationManagerService.java",
"function": "updateNotificationChannelFromPrivilegedListener"
},
"signature_type": "Function"
}
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/2f26c0def503d3b8032c99adc8a11be87e35cdeb"
],
"spl": "2024-06-01",
"severity": "High",
"types": [
"EoP"
]
}
Android / platform/frameworks/base
Package
Ecosystem specific
{
"vanir_signatures": [
{
"digest": {
"length": 294.0,
"function_hash": "94841447874713791451955670877740894498"
},
"id": "ASB-A-317357401-6631f7fd",
"source": "https://android.googlesource.com/platform/frameworks/base/+/71cfb89a1cdaf743b7b67c724dfbbaa0cca98efc",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/notification/NotificationManagerService.java",
"function": "updateNotificationChannelFromPrivilegedListener"
},
"signature_type": "Function"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"31287492701327525587553268474314366707",
"211333370001482191627373556504564887273",
"149466857873542340337283917965440199878",
"202529696901664688674904472568994251584",
"25932733042716518315183543869357519133",
"200041717468942043478064468077135939358",
"99688494814173390964143094504022483037"
]
},
"id": "ASB-A-317357401-eb8accec",
"source": "https://android.googlesource.com/platform/frameworks/base/+/71cfb89a1cdaf743b7b67c724dfbbaa0cca98efc",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/notification/NotificationManagerService.java"
},
"signature_type": "Line"
}
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/71cfb89a1cdaf743b7b67c724dfbbaa0cca98efc"
],
"spl": "2024-06-01",
"severity": "High",
"types": [
"EoP"
]
}