ASB-A-324321147
See a problem?- Import Source
- https://storage.googleapis.com/android-osv/ASB-A-324321147.json
- JSON Data
- https://api.osv.dev/v1/vulns/ASB-A-324321147
- Aliases
-
- A-324321147
- CVE-2024-32896
- PUB-A-324321147
- Published
- 2024-09-01T00:00:00Z
- Modified
- 2024-11-07T14:19:33.240022Z
- Summary
- [none]
- Details
-
In rebootRecoveryWithCommand of RecoverySystemService.java, there is a possible way to bypass a factory reset due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
- References
Affected packages
Android / platform/build/soong
Package
Android / platform/frameworks/base
Package
Android / platform/hardware/interfaces
Package
Android / platform/system/sepolicy
Package
Ecosystem specific
{
"fixes": [
"https://android.googlesource.com/platform/system/sepolicy/+/d157988ec5b5f057894fe7ff785f163291d9d767",
"https://android.googlesource.com/platform/system/sepolicy/+/ca6c75b9572904b0bd8f9d06c8aff2f85e73e30e"
],
"spl": "2024-09-01",
"severity": "High",
"types": [
"EoP"
]
}
Android / platform/frameworks/base
Package
Ecosystem specific
{
"vanir_signatures": [
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"215485146313622133872370603463836092731",
"205619386683574268652504478022636040735",
"235763321046038053102798807198667731616",
"7688259249438231920505158748089878033",
"118716778913461625128780261708081465621",
"315986714790696207876844379763168183773",
"240590361150340286664442456230007112536"
]
},
"id": "ASB-A-324321147-3bab63b3",
"source": "https://android.googlesource.com/platform/frameworks/base/+/9cdf9eae2e02a6c3651379c33c4655368b009d13",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "keystore/java/android/security/AndroidKeyStoreMaintenance.java"
},
"signature_type": "Line"
},
{
"digest": {
"length": 286.0,
"function_hash": "139922616437392163507278178696116101270"
},
"id": "ASB-A-324321147-532bfe3f",
"source": "https://android.googlesource.com/platform/frameworks/base/+/9cdf9eae2e02a6c3651379c33c4655368b009d13",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/recoverysystem/RecoverySystemService.java",
"function": "rebootRecoveryWithCommand"
},
"signature_type": "Function"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"290337205886082135664529271757085873662",
"44429003753278533918622652126628414746",
"95327427366099733971419211419415740775",
"193889559835343262853449875426062891055",
"52224330636178064851567392536525593756",
"34502311669572159593657740304219709331",
"248090791415092687519252799318411576738",
"275981375170790350061832965663579552572",
"335827388881238834665748622198376128843",
"4225917573281046722291225321582006865",
"23071830967478108637982025294452876294",
"4229832248663760137762095319238212756",
"34119448714758358513840952482255755156",
"692012383037161591342128733200314459",
"230973617615232794927698200478858730588",
"167845493303323722965697666503820776122",
"295029509456953677546158947474111980930",
"7882601665261321662698907659192602205",
"138761776906697323821268530347604769319",
"219182742916591629188321973430301238698",
"133865736767393987389982785909657267233",
"147530044308696879745964161830830661050",
"311420992284092135004605336394684948551"
]
},
"id": "ASB-A-324321147-7ba59c14",
"source": "https://android.googlesource.com/platform/frameworks/base/+/9cdf9eae2e02a6c3651379c33c4655368b009d13",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/recoverysystem/RecoverySystemService.java"
},
"signature_type": "Line"
}
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/9cdf9eae2e02a6c3651379c33c4655368b009d13"
],
"spl": "2024-09-01",
"severity": "High",
"types": [
"EoP"
]
}
Android / platform/system/sepolicy
Package
Android / platform/frameworks/base
Package
Ecosystem specific
{
"vanir_signatures": [
{
"digest": {
"length": 286.0,
"function_hash": "139922616437392163507278178696116101270"
},
"id": "ASB-A-324321147-1e92eb44",
"source": "https://android.googlesource.com/platform/frameworks/base/+/1e81807b183f08c9b7a68d225afff8b9ffb60fbe",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/recoverysystem/RecoverySystemService.java",
"function": "rebootRecoveryWithCommand"
},
"signature_type": "Function"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"290337205886082135664529271757085873662",
"44429003753278533918622652126628414746",
"95327427366099733971419211419415740775",
"193889559835343262853449875426062891055",
"52224330636178064851567392536525593756",
"34502311669572159593657740304219709331",
"248090791415092687519252799318411576738",
"275981375170790350061832965663579552572",
"335827388881238834665748622198376128843",
"4225917573281046722291225321582006865",
"23071830967478108637982025294452876294",
"4229832248663760137762095319238212756",
"34119448714758358513840952482255755156",
"692012383037161591342128733200314459",
"230973617615232794927698200478858730588",
"167845493303323722965697666503820776122",
"295029509456953677546158947474111980930",
"7882601665261321662698907659192602205",
"138761776906697323821268530347604769319",
"219182742916591629188321973430301238698",
"133865736767393987389982785909657267233",
"147530044308696879745964161830830661050",
"311420992284092135004605336394684948551"
]
},
"id": "ASB-A-324321147-4c850602",
"source": "https://android.googlesource.com/platform/frameworks/base/+/1e81807b183f08c9b7a68d225afff8b9ffb60fbe",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/recoverysystem/RecoverySystemService.java"
},
"signature_type": "Line"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"215485146313622133872370603463836092731",
"205619386683574268652504478022636040735",
"235763321046038053102798807198667731616",
"7688259249438231920505158748089878033",
"118716778913461625128780261708081465621",
"315986714790696207876844379763168183773",
"240590361150340286664442456230007112536"
]
},
"id": "ASB-A-324321147-4fc6c413",
"source": "https://android.googlesource.com/platform/frameworks/base/+/1e81807b183f08c9b7a68d225afff8b9ffb60fbe",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "keystore/java/android/security/AndroidKeyStoreMaintenance.java"
},
"signature_type": "Line"
}
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/1e81807b183f08c9b7a68d225afff8b9ffb60fbe"
],
"spl": "2024-09-01",
"severity": "High",
"types": [
"EoP"
]
}
Android / platform/system/sepolicy
Package
Android / platform/frameworks/base
Package
Ecosystem specific
{
"vanir_signatures": [
{
"digest": {
"length": 286.0,
"function_hash": "139922616437392163507278178696116101270"
},
"id": "ASB-A-324321147-072802d5",
"source": "https://android.googlesource.com/platform/frameworks/base/+/d020a38e4148a642e2f06363e27cce60097efa5d",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/recoverysystem/RecoverySystemService.java",
"function": "rebootRecoveryWithCommand"
},
"signature_type": "Function"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"290337205886082135664529271757085873662",
"44429003753278533918622652126628414746",
"95327427366099733971419211419415740775",
"193889559835343262853449875426062891055",
"52224330636178064851567392536525593756",
"34502311669572159593657740304219709331",
"248090791415092687519252799318411576738",
"275981375170790350061832965663579552572",
"335827388881238834665748622198376128843",
"4225917573281046722291225321582006865",
"23071830967478108637982025294452876294",
"4229832248663760137762095319238212756",
"34119448714758358513840952482255755156",
"692012383037161591342128733200314459",
"230973617615232794927698200478858730588",
"167845493303323722965697666503820776122",
"295029509456953677546158947474111980930",
"7882601665261321662698907659192602205",
"138761776906697323821268530347604769319",
"219182742916591629188321973430301238698",
"133865736767393987389982785909657267233",
"147530044308696879745964161830830661050",
"311420992284092135004605336394684948551"
]
},
"id": "ASB-A-324321147-675a7557",
"source": "https://android.googlesource.com/platform/frameworks/base/+/d020a38e4148a642e2f06363e27cce60097efa5d",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/recoverysystem/RecoverySystemService.java"
},
"signature_type": "Line"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"215485146313622133872370603463836092731",
"205619386683574268652504478022636040735",
"235763321046038053102798807198667731616",
"7688259249438231920505158748089878033",
"118716778913461625128780261708081465621",
"315986714790696207876844379763168183773",
"240590361150340286664442456230007112536"
]
},
"id": "ASB-A-324321147-98f2bc62",
"source": "https://android.googlesource.com/platform/frameworks/base/+/d020a38e4148a642e2f06363e27cce60097efa5d",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "keystore/java/android/security/AndroidKeyStoreMaintenance.java"
},
"signature_type": "Line"
}
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/d020a38e4148a642e2f06363e27cce60097efa5d"
],
"spl": "2024-09-01",
"severity": "High",
"types": [
"EoP"
]
}
Android / platform/system/sepolicy
Package
Android / platform/frameworks/base
Package
Ecosystem specific
{
"vanir_signatures": [
{
"digest": {
"length": 286.0,
"function_hash": "139922616437392163507278178696116101270"
},
"id": "ASB-A-324321147-7cb96162",
"source": "https://android.googlesource.com/platform/frameworks/base/+/c85d5febdc186f7fa1af2d0a6bdf705683437a98",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/recoverysystem/RecoverySystemService.java",
"function": "rebootRecoveryWithCommand"
},
"signature_type": "Function"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"290337205886082135664529271757085873662",
"44429003753278533918622652126628414746",
"95327427366099733971419211419415740775",
"193889559835343262853449875426062891055",
"234414802658805065033155889456798918156",
"243942422904347728247854685558340666159",
"94715560017765580375664593237494171610",
"253945846818432226472765210389068817276",
"335827388881238834665748622198376128843",
"4225917573281046722291225321582006865",
"23071830967478108637982025294452876294",
"4229832248663760137762095319238212756",
"34119448714758358513840952482255755156",
"692012383037161591342128733200314459",
"230973617615232794927698200478858730588",
"167845493303323722965697666503820776122",
"295029509456953677546158947474111980930",
"7882601665261321662698907659192602205",
"138761776906697323821268530347604769319",
"219182742916591629188321973430301238698",
"133865736767393987389982785909657267233",
"147530044308696879745964161830830661050",
"311420992284092135004605336394684948551"
]
},
"id": "ASB-A-324321147-dabc2e75",
"source": "https://android.googlesource.com/platform/frameworks/base/+/c85d5febdc186f7fa1af2d0a6bdf705683437a98",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/recoverysystem/RecoverySystemService.java"
},
"signature_type": "Line"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"215485146313622133872370603463836092731",
"205619386683574268652504478022636040735",
"235763321046038053102798807198667731616",
"7688259249438231920505158748089878033",
"118716778913461625128780261708081465621",
"315986714790696207876844379763168183773",
"240590361150340286664442456230007112536"
]
},
"id": "ASB-A-324321147-e0559c83",
"source": "https://android.googlesource.com/platform/frameworks/base/+/c85d5febdc186f7fa1af2d0a6bdf705683437a98",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "keystore/java/android/security/AndroidKeyStoreMaintenance.java"
},
"signature_type": "Line"
}
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/c85d5febdc186f7fa1af2d0a6bdf705683437a98"
],
"spl": "2024-09-01",
"severity": "High",
"types": [
"EoP"
]
}