ASB-A-318683640
See a problem?- Import Source
- https://storage.googleapis.com/android-osv/ASB-A-318683640.json
- JSON Data
- https://api.osv.dev/v1/vulns/ASB-A-318683640
- Aliases
-
- A-318683640
- CVE-2024-34741
- Published
- 2024-08-01T00:00:00Z
- Modified
- 2025-11-20T16:40:03.878765Z
- Summary
- [none]
- Details
-
In setForceHideNonSystemOverlayWindowIfNeeded of WindowState.java, there is a possible way for message content to be visible on the screensaver while lock screen visibility settings are restricted by the user due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
- References
Affected packages
Android
platform/frameworks/base
Package
- Name
- platform/frameworks/base
Ecosystem specific
{
"types": [
"EoP"
],
"severity": "High",
"vanir_signatures": [
{
"id": "ASB-A-318683640-3af25465",
"source": "https://android.googlesource.com/platform/frameworks/base/+/c37bc9147086f497ac7b1595083836014f524d5f",
"signature_version": "v1",
"deprecated": false,
"target": {
"function": "setForceHideNonSystemOverlayWindowIfNeeded",
"file": "services/core/java/com/android/server/wm/WindowState.java"
},
"digest": {
"length": 481.0,
"function_hash": "33535692624345647058553414990851841036"
},
"signature_type": "Function"
},
{
"id": "ASB-A-318683640-6cfca88c",
"source": "https://android.googlesource.com/platform/frameworks/base/+/c37bc9147086f497ac7b1595083836014f524d5f",
"signature_version": "v1",
"deprecated": false,
"target": {
"file": "services/core/java/com/android/server/wm/WindowState.java"
},
"digest": {
"line_hashes": [
"96710653856505510310639285268304304599",
"114150964921545335069853003710598487929",
"242653503504830908522467223816673413331",
"216236270590369504877657653743272043732",
"235009063878773953305101238394174009391",
"45748856088546638997270855150878886267",
"259737364452735097326233047373753140657",
"264343516757559416919468476769995182526",
"145575060683468577973982917984868881036"
],
"threshold": 0.9
},
"signature_type": "Line"
}
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/c37bc9147086f497ac7b1595083836014f524d5f"
],
"spl": "2024-08-01"
}platform/frameworks/base
Package
- Name
- platform/frameworks/base
Ecosystem specific
{
"types": [
"EoP"
],
"severity": "High",
"vanir_signatures": [
{
"id": "ASB-A-318683640-4a0d47ed",
"source": "https://android.googlesource.com/platform/frameworks/base/+/89bc634cb534b8e0ffd798ac9f9f89ac1be0f785",
"signature_version": "v1",
"deprecated": false,
"target": {
"function": "setForceHideNonSystemOverlayWindowIfNeeded",
"file": "services/core/java/com/android/server/wm/WindowState.java"
},
"digest": {
"length": 481.0,
"function_hash": "33535692624345647058553414990851841036"
},
"signature_type": "Function"
},
{
"id": "ASB-A-318683640-a28d7d88",
"source": "https://android.googlesource.com/platform/frameworks/base/+/89bc634cb534b8e0ffd798ac9f9f89ac1be0f785",
"signature_version": "v1",
"deprecated": false,
"target": {
"file": "services/core/java/com/android/server/wm/WindowState.java"
},
"digest": {
"line_hashes": [
"96710653856505510310639285268304304599",
"114150964921545335069853003710598487929",
"242653503504830908522467223816673413331",
"216236270590369504877657653743272043732",
"235009063878773953305101238394174009391",
"45748856088546638997270855150878886267",
"259737364452735097326233047373753140657",
"264343516757559416919468476769995182526",
"145575060683468577973982917984868881036"
],
"threshold": 0.9
},
"signature_type": "Line"
}
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/89bc634cb534b8e0ffd798ac9f9f89ac1be0f785"
],
"spl": "2024-08-01"
}platform/frameworks/base
Package
- Name
- platform/frameworks/base
Ecosystem specific
{
"types": [
"EoP"
],
"severity": "High",
"vanir_signatures": [
{
"id": "ASB-A-318683640-18d37625",
"source": "https://android.googlesource.com/platform/frameworks/base/+/5a2a9f4991d0c4d28d06e4a9ee73d55f22c14fec",
"signature_version": "v1",
"deprecated": false,
"target": {
"file": "services/core/java/com/android/server/wm/WindowState.java"
},
"digest": {
"line_hashes": [
"96710653856505510310639285268304304599",
"114150964921545335069853003710598487929",
"242653503504830908522467223816673413331",
"216236270590369504877657653743272043732",
"235009063878773953305101238394174009391",
"45748856088546638997270855150878886267",
"259737364452735097326233047373753140657",
"264343516757559416919468476769995182526",
"145575060683468577973982917984868881036"
],
"threshold": 0.9
},
"signature_type": "Line"
},
{
"id": "ASB-A-318683640-3f25472e",
"source": "https://android.googlesource.com/platform/frameworks/base/+/5a2a9f4991d0c4d28d06e4a9ee73d55f22c14fec",
"signature_version": "v1",
"deprecated": false,
"target": {
"function": "setForceHideNonSystemOverlayWindowIfNeeded",
"file": "services/core/java/com/android/server/wm/WindowState.java"
},
"digest": {
"length": 481.0,
"function_hash": "33535692624345647058553414990851841036"
},
"signature_type": "Function"
}
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/5a2a9f4991d0c4d28d06e4a9ee73d55f22c14fec"
],
"spl": "2024-08-01"
}platform/frameworks/base
Package
- Name
- platform/frameworks/base
Ecosystem specific
{
"types": [
"EoP"
],
"severity": "High",
"vanir_signatures": [
{
"id": "ASB-A-318683640-f5c578b0",
"source": "https://android.googlesource.com/platform/frameworks/base/+/a9a7079b095abc07374cf287b5689a99ce250f47",
"signature_version": "v1",
"deprecated": false,
"target": {
"file": "services/core/java/com/android/server/wm/WindowState.java"
},
"digest": {
"line_hashes": [
"96710653856505510310639285268304304599",
"114150964921545335069853003710598487929",
"242653503504830908522467223816673413331",
"216236270590369504877657653743272043732",
"235009063878773953305101238394174009391",
"45748856088546638997270855150878886267",
"259737364452735097326233047373753140657",
"264343516757559416919468476769995182526",
"145575060683468577973982917984868881036"
],
"threshold": 0.9
},
"signature_type": "Line"
},
{
"id": "ASB-A-318683640-f629b8cc",
"source": "https://android.googlesource.com/platform/frameworks/base/+/a9a7079b095abc07374cf287b5689a99ce250f47",
"signature_version": "v1",
"deprecated": false,
"target": {
"function": "setForceHideNonSystemOverlayWindowIfNeeded",
"file": "services/core/java/com/android/server/wm/WindowState.java"
},
"digest": {
"length": 481.0,
"function_hash": "33535692624345647058553414990851841036"
},
"signature_type": "Function"
}
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/a9a7079b095abc07374cf287b5689a99ce250f47"
],
"spl": "2024-08-01"
}platform/frameworks/base
Package
- Name
- platform/frameworks/base
Ecosystem specific
{
"types": [
"EoP"
],
"severity": "High",
"vanir_signatures": [
{
"id": "ASB-A-318683640-39b23323",
"source": "https://android.googlesource.com/platform/frameworks/base/+/55d02153259003b7552e7eef70b9e4f3f0dcd45c",
"signature_version": "v1",
"deprecated": false,
"target": {
"file": "services/core/java/com/android/server/wm/WindowState.java"
},
"digest": {
"line_hashes": [
"96710653856505510310639285268304304599",
"114150964921545335069853003710598487929",
"242653503504830908522467223816673413331",
"216236270590369504877657653743272043732",
"235009063878773953305101238394174009391",
"45748856088546638997270855150878886267",
"259737364452735097326233047373753140657",
"264343516757559416919468476769995182526",
"145575060683468577973982917984868881036"
],
"threshold": 0.9
},
"signature_type": "Line"
},
{
"id": "ASB-A-318683640-4cca4b2c",
"source": "https://android.googlesource.com/platform/frameworks/base/+/55d02153259003b7552e7eef70b9e4f3f0dcd45c",
"signature_version": "v1",
"deprecated": false,
"target": {
"function": "setForceHideNonSystemOverlayWindowIfNeeded",
"file": "services/core/java/com/android/server/wm/WindowState.java"
},
"digest": {
"length": 481.0,
"function_hash": "33535692624345647058553414990851841036"
},
"signature_type": "Function"
}
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/55d02153259003b7552e7eef70b9e4f3f0dcd45c"
],
"spl": "2024-08-01"
}