ASB-A-318497672
See a problem?- Import Source
- https://storage.googleapis.com/android-osv/ASB-A-318497672.json
- JSON Data
- https://api.osv.dev/v1/vulns/ASB-A-318497672
- Aliases
-
- A-318497672
- CVE-2024-31326
- Published
- 2024-06-01T00:00:00Z
- Modified
- 2025-12-01T17:14:25.786820Z
- Summary
- [none]
- Details
-
In multiple locations, there is a possible way in which policy migration code will never be executed due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
- References
Affected packages
Android / platform/frameworks/base
Package
Ecosystem specific
{
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/470c1eabca9f341e163a38a2327615e8fa3126ae",
"https://android.googlesource.com/platform/frameworks/base/+/996050c7ce41b6bbf93010bcaa1d490fd470d07a"
],
"types": [
"EoP"
],
"severity": "High",
"vanir_signatures": [
{
"deprecated": false,
"target": {
"file": "services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java",
"function": "migrateScreenCapturePolicyLocked"
},
"digest": {
"function_hash": "337955550426776696120192532837262119825",
"length": 949.0
},
"id": "ASB-A-318497672-001d60c7",
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/frameworks/base/+/996050c7ce41b6bbf93010bcaa1d490fd470d07a",
"signature_version": "v1"
},
{
"deprecated": false,
"target": {
"file": "services/devicepolicy/java/com/android/server/devicepolicy/OwnersData.java",
"function": "readInner"
},
"digest": {
"function_hash": "75509438177018846592881376909255734972",
"length": 2160.0
},
"id": "ASB-A-318497672-02665886",
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/frameworks/base/+/996050c7ce41b6bbf93010bcaa1d490fd470d07a",
"signature_version": "v1"
},
{
"deprecated": false,
"target": {
"file": "services/devicepolicy/java/com/android/server/devicepolicy/OwnersData.java",
"function": "writeInner"
},
"digest": {
"function_hash": "228890743841221609039179292201226021295",
"length": 1746.0
},
"id": "ASB-A-318497672-0ef20d0a",
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/frameworks/base/+/996050c7ce41b6bbf93010bcaa1d490fd470d07a",
"signature_version": "v1"
},
{
"deprecated": false,
"target": {
"file": "services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java",
"function": "triggerDevicePolicyEngineMigration"
},
"digest": {
"function_hash": "120706833936606757114808406047948092498",
"length": 266.0
},
"id": "ASB-A-318497672-1f8f35d0",
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/frameworks/base/+/996050c7ce41b6bbf93010bcaa1d490fd470d07a",
"signature_version": "v1"
},
{
"deprecated": false,
"target": {
"file": "services/devicepolicy/java/com/android/server/devicepolicy/OwnersData.java"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"134315183573276069894262865606703450973",
"4975976393542706706484623998081959527",
"222654661130304224025837272710259461066",
"338782065543219477769003136386833938859",
"127119812593097412206111591331080050814",
"120268196539091283050362465021952550242",
"324300492033503771272757492227108611829",
"27687964379567828997959337058476381851",
"292885334965884076111834971102376913552",
"324401267791120176635147641254241568087",
"172194234382733676358822842005413139702",
"261737133759360125684162648281393533735",
"14274972430461669633960589752723907670",
"195899687780661550172562855081186706844",
"153479549553554384725785740837676556881",
"232577382054214538291493520924461681724"
]
},
"id": "ASB-A-318497672-2780b386",
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/frameworks/base/+/996050c7ce41b6bbf93010bcaa1d490fd470d07a",
"signature_version": "v1"
},
{
"deprecated": false,
"target": {
"file": "services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java",
"function": "migrateV1PoliciesToDevicePolicyEngine"
},
"digest": {
"function_hash": "302457281645800546569209868106266580084",
"length": 593.0
},
"id": "ASB-A-318497672-64dabf78",
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/frameworks/base/+/996050c7ce41b6bbf93010bcaa1d490fd470d07a",
"signature_version": "v1"
},
{
"deprecated": false,
"target": {
"file": "services/devicepolicy/java/com/android/server/devicepolicy/Owners.java"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"56748547567947106027202873475158093786",
"302819740999486446459719753881655992633",
"86203561884030303722709585890657347892",
"65693288605179382186636260536890401159",
"268586148159444179139827776006982938410",
"30699798450167170989772259449774364910",
"271759697865731046844078506501178494425",
"247240428940576947290752410153305847925"
]
},
"id": "ASB-A-318497672-828c6296",
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/frameworks/base/+/996050c7ce41b6bbf93010bcaa1d490fd470d07a",
"signature_version": "v1"
},
{
"deprecated": false,
"target": {
"file": "services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"7440693150589976429524471537314821508",
"260757842871324247700651175814496912659",
"240420176438807128850736850186413813644",
"4450056992643409717803492967975415786",
"180411054796633972074656205614699817679",
"332846532113870358551605963924522818332",
"3226720026021163174236368768182181872",
"29088654571078383174331444420663216743",
"253919225760503382980409660110892417651",
"86989268877814237549423221825397549629",
"27326812370372814182284843839770475079",
"38330919947969806530055201946110243171",
"87039131989343026630417963576485805794",
"24211896328908772415530476677668961817",
"159567087418440786194464685001022865370",
"172901608034740654360735312400005192194",
"181063440757589573557854208076031911856",
"134361493354078268788667468624427064451",
"74623802972889298020257291913521208962",
"229728156687503102580696584155405970163",
"178307671998169340562657972604530707442",
"290612966454005197292496435799010986546",
"71311735278296823958535072845501881445",
"65251705684510299454749634853030932618",
"145172117273194427075783897234993794015",
"222243568567061119056117465201422928885",
"278563461188179253981920360721536567459",
"187464518540547686419579178352074268052",
"49310482068298898092470386084419010150",
"161669351487487503028623631855307572549"
]
},
"id": "ASB-A-318497672-9c048935",
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/frameworks/base/+/996050c7ce41b6bbf93010bcaa1d490fd470d07a",
"signature_version": "v1"
},
{
"deprecated": false,
"target": {
"file": "services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java",
"function": "systemReady"
},
"digest": {
"function_hash": "317426998971237620944575443251762340980",
"length": 621.0
},
"id": "ASB-A-318497672-dda66631",
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/frameworks/base/+/996050c7ce41b6bbf93010bcaa1d490fd470d07a",
"signature_version": "v1"
}
],
"spl": "2024-06-01"
}
Android / platform/frameworks/base
Package
Ecosystem specific
{
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/9d809f92e8a026789115a0c6de7124da70101845",
"https://android.googlesource.com/platform/frameworks/base/+/93ba63a2bfdda47fb9376efaad792bc96a106947"
],
"types": [
"EoP"
],
"severity": "High",
"vanir_signatures": [
{
"id": "ASB-A-318497672-06667c8e",
"signature_version": "v1",
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/93ba63a2bfdda47fb9376efaad792bc96a106947",
"digest": {
"function_hash": "84186293594805191071000863849945523866",
"length": 901.0
},
"signature_type": "Function",
"match_only_versions": [
"14"
],
"target": {
"file": "services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java",
"function": "setBackwardCompatibleUserRestriction"
}
},
{
"deprecated": false,
"target": {
"file": "services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java",
"function": "systemReady"
},
"digest": {
"function_hash": "116841737777930290662226125949727638361",
"length": 476.0
},
"id": "ASB-A-318497672-1b44e3e8",
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/frameworks/base/+/9d809f92e8a026789115a0c6de7124da70101845",
"signature_version": "v1"
},
{
"deprecated": false,
"target": {
"file": "services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java",
"function": "migratePoliciesToDevicePolicyEngine"
},
"digest": {
"function_hash": "302457281645800546569209868106266580084",
"length": 593.0
},
"id": "ASB-A-318497672-208c03e8",
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/frameworks/base/+/9d809f92e8a026789115a0c6de7124da70101845",
"signature_version": "v1"
},
{
"deprecated": false,
"target": {
"file": "services/devicepolicy/java/com/android/server/devicepolicy/Owners.java"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"90199854906249541083708861741888569402",
"271759697865731046844078506501178494425",
"247240428940576947290752410153305847925"
]
},
"id": "ASB-A-318497672-3aee297a",
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/frameworks/base/+/9d809f92e8a026789115a0c6de7124da70101845",
"signature_version": "v1"
},
{
"deprecated": false,
"target": {
"file": "services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java",
"function": "migrateScreenCapturePolicyLocked"
},
"digest": {
"function_hash": "337955550426776696120192532837262119825",
"length": 949.0
},
"id": "ASB-A-318497672-4312e4ef",
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/frameworks/base/+/9d809f92e8a026789115a0c6de7124da70101845",
"signature_version": "v1"
},
{
"id": "ASB-A-318497672-4a4b54a7",
"signature_version": "v1",
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/93ba63a2bfdda47fb9376efaad792bc96a106947",
"digest": {
"function_hash": "46704564127751426655116032120886291201",
"length": 247.0
},
"signature_type": "Function",
"match_only_versions": [
"14"
],
"target": {
"file": "services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java",
"function": "migratePoliciesPostUpgradeToDevicePolicyEngineLocked"
}
},
{
"deprecated": false,
"target": {
"file": "services/devicepolicy/java/com/android/server/devicepolicy/OwnersData.java"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"288705447172926954021515709648398181742",
"80758562862756248821251646045382977599",
"119596498911745720182207544856721700203",
"260780052023465177957778270536777186804",
"152062440606049321185883825388179347548",
"235006009379857325702518349208775135864",
"324300492033503771272757492227108611829",
"53789487844998066806761666380756357637",
"166170550422294906358242709973951933661",
"236120844029322885250617870495907689448",
"172194234382733676358822842005413139702",
"287729996107601370131550422716443884435",
"34581504997475248457077109168411333215",
"75698102600900706989092434601224419676"
]
},
"id": "ASB-A-318497672-5fd52851",
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/frameworks/base/+/9d809f92e8a026789115a0c6de7124da70101845",
"signature_version": "v1"
},
{
"deprecated": false,
"target": {
"file": "services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java",
"function": "triggerDevicePolicyEngineMigration"
},
"digest": {
"function_hash": "120706833936606757114808406047948092498",
"length": 266.0
},
"id": "ASB-A-318497672-9a5c4386",
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/frameworks/base/+/9d809f92e8a026789115a0c6de7124da70101845",
"signature_version": "v1"
},
{
"deprecated": false,
"target": {
"file": "services/devicepolicy/java/com/android/server/devicepolicy/OwnersData.java",
"function": "writeInner"
},
"digest": {
"function_hash": "941022955090147328617971135909179441",
"length": 1630.0
},
"id": "ASB-A-318497672-b3d98595",
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/frameworks/base/+/9d809f92e8a026789115a0c6de7124da70101845",
"signature_version": "v1"
},
{
"deprecated": false,
"target": {
"file": "services/devicepolicy/java/com/android/server/devicepolicy/OwnersData.java",
"function": "readInner"
},
"digest": {
"function_hash": "274388886422873482377926766904248692632",
"length": 2044.0
},
"id": "ASB-A-318497672-ca725422",
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/frameworks/base/+/9d809f92e8a026789115a0c6de7124da70101845",
"signature_version": "v1"
},
{
"deprecated": false,
"target": {
"file": "services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"153588125183344527029659955600401235599",
"314421979308298915767712301697322892982",
"332481353864046304853309661740527949578",
"23659876419306554628179686522737251945",
"49815070887135304574256045370402252526",
"5752165342168614949813639055325622958",
"89936995750045119611999969406285607791",
"112948567500860286891248937248445440151",
"329087416334997937591169790422660424286",
"83882034580862187874598518993795926425",
"209122525558987665381422482584962478637",
"179835102533879863257283899425080393477",
"312533106523090103228947450126741554543",
"270725991022197284664827335340857666136",
"98405777471760371730465372378614534588",
"87039131989343026630417963576485805794",
"24211896328908772415530476677668961817",
"159567087418440786194464685001022865370",
"172901608034740654360735312400005192194",
"181063440757589573557854208076031911856",
"134361493354078268788667468624427064451",
"74623802972889298020257291913521208962",
"229728156687503102580696584155405970163",
"178307671998169340562657972604530707442",
"290612966454005197292496435799010986546",
"71311735278296823958535072845501881445",
"65251705684510299454749634853030932618",
"145172117273194427075783897234993794015",
"222243568567061119056117465201422928885",
"278563461188179253981920360721536567459",
"187464518540547686419579178352074268052",
"49310482068298898092470386084419010150",
"161669351487487503028623631855307572549"
]
},
"id": "ASB-A-318497672-ea1954ef",
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/frameworks/base/+/9d809f92e8a026789115a0c6de7124da70101845",
"signature_version": "v1"
},
{
"id": "ASB-A-318497672-fd02e1e6",
"signature_version": "v1",
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/93ba63a2bfdda47fb9376efaad792bc96a106947",
"digest": {
"threshold": 0.9,
"line_hashes": [
"50699759590227761783815922960665465061",
"71073223685601930878124177551041160144",
"124112749914602327105690195329445536803",
"174074013925349525148049990868866965252",
"142477545901143670830700784327351583747",
"275707431970236846117352027454107920873",
"113208399291404589571724379396368472250",
"250406124488338237781553613054247334879",
"84304403071380449668640318571051553826",
"255109626617302659990368063925920639496",
"52532764251426443105485079093636943105",
"65493729999490975915788905988812558635",
"116346789254857830899333464679556792624",
"189074888190909733039643637737147530273",
"15598106601146800897536586816883841125",
"125442281906485219756672105533539315591",
"12384118064849644697200118606686041144",
"157778894341868446419813769681320813677",
"201628909126243165621774428819656617297",
"217971561308029675694889531142985351794",
"200179134562603550355792653684030956970",
"103521245193409829349936911577712319128",
"263468838454507771129484567223650526442",
"178039204388984617910670629715230388897",
"295747577431459138783214723720080232905",
"46586927259348287448215477604619069123",
"315746589325900581318993504810409920229",
"85911361021838849427153047908860830623",
"38738072481728445368352428008389677464",
"138265914951383547045658420452169404283",
"304096654412745923872600209637805337416",
"76901675059906925014231087703536115874"
]
},
"signature_type": "Line",
"match_only_versions": [
"14"
],
"target": {
"file": "services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java"
}
}
],
"spl": "2024-06-01"
}