ASB-A-327645387
See a problem?- Import Source
- https://storage.googleapis.com/android-osv/ASB-A-327645387.json
- JSON Data
- https://api.osv.dev/v1/vulns/ASB-A-327645387
- Aliases
-
- A-327645387
- CVE-2024-40672
- Published
- 2024-10-01T00:00:00Z
- Modified
- 2026-04-17T15:55:28.020024Z
- Summary
- [none]
- Details
-
In onCreate of ChooserActivity.java, there is a possible way to bypass factory reset protections due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
- References
Affected packages
Android
platform/packages/modules/IntentResolver
platform/frameworks/base
Package
- Name
- platform/frameworks/base
Ecosystem specific
{
"severity": "High",
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/c1d48df29500494aee7c870be336cf69799ce2ab"
],
"spl": "2024-10-01",
"vanir_signatures": [
{
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/base/+/c1d48df29500494aee7c870be336cf69799ce2ab",
"target": {
"function": "onCreate",
"file": "core/java/com/android/internal/app/ChooserActivity.java"
},
"deprecated": false,
"digest": {
"function_hash": "63784165284231374071525424989825196510",
"length": 5911.0
},
"signature_type": "Function",
"id": "ASB-A-327645387-a8910d74"
},
{
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/base/+/c1d48df29500494aee7c870be336cf69799ce2ab",
"target": {
"file": "core/java/com/android/internal/app/ChooserActivity.java"
},
"deprecated": false,
"digest": {
"line_hashes": [
"84297325305596949799677948010160540657",
"318593880321436796255787646289661787109",
"170078892775301708348239024600099327547",
"136723238124976027131566521391507206307"
],
"threshold": 0.9
},
"signature_type": "Line",
"id": "ASB-A-327645387-afdc431d"
}
],
"types": [
"EoP"
]
}platform/frameworks/base
Package
- Name
- platform/frameworks/base
Ecosystem specific
{
"severity": "High",
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/c1d48df29500494aee7c870be336cf69799ce2ab"
],
"spl": "2024-10-01",
"vanir_signatures": [
{
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/base/+/c1d48df29500494aee7c870be336cf69799ce2ab",
"target": {
"function": "onCreate",
"file": "core/java/com/android/internal/app/ChooserActivity.java"
},
"deprecated": false,
"digest": {
"function_hash": "63784165284231374071525424989825196510",
"length": 5911.0
},
"signature_type": "Function",
"id": "ASB-A-327645387-8270b501"
},
{
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/base/+/c1d48df29500494aee7c870be336cf69799ce2ab",
"target": {
"file": "core/java/com/android/internal/app/ChooserActivity.java"
},
"deprecated": false,
"digest": {
"line_hashes": [
"84297325305596949799677948010160540657",
"318593880321436796255787646289661787109",
"170078892775301708348239024600099327547",
"136723238124976027131566521391507206307"
],
"threshold": 0.9
},
"signature_type": "Line",
"id": "ASB-A-327645387-c91e9ef5"
}
],
"types": [
"EoP"
]
}platform/frameworks/base
Package
- Name
- platform/frameworks/base
Ecosystem specific
{
"severity": "High",
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/c1d48df29500494aee7c870be336cf69799ce2ab"
],
"spl": "2024-10-01",
"vanir_signatures": [
{
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/base/+/c1d48df29500494aee7c870be336cf69799ce2ab",
"target": {
"function": "onCreate",
"file": "core/java/com/android/internal/app/ChooserActivity.java"
},
"deprecated": false,
"digest": {
"function_hash": "63784165284231374071525424989825196510",
"length": 5911.0
},
"signature_type": "Function",
"id": "ASB-A-327645387-6b5f3436"
},
{
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/base/+/c1d48df29500494aee7c870be336cf69799ce2ab",
"target": {
"file": "core/java/com/android/internal/app/ChooserActivity.java"
},
"deprecated": false,
"digest": {
"line_hashes": [
"84297325305596949799677948010160540657",
"318593880321436796255787646289661787109",
"170078892775301708348239024600099327547",
"136723238124976027131566521391507206307"
],
"threshold": 0.9
},
"signature_type": "Line",
"id": "ASB-A-327645387-bcba5047"
}
],
"types": [
"EoP"
]
}platform/packages/modules/IntentResolver
Package
- Name
- platform/packages/modules/IntentResolver
Ecosystem specific
{
"severity": "High",
"fixes": [
"https://android.googlesource.com/platform/packages/modules/IntentResolver/+/94d1e1e4e9539437ec0549b7bf22999054b92f1f"
],
"spl": "2024-10-01",
"vanir_signatures": [
{
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/packages/modules/IntentResolver/+/94d1e1e4e9539437ec0549b7bf22999054b92f1f",
"target": {
"file": "java/src/com/android/intentresolver/ChooserActivity.java"
},
"deprecated": false,
"digest": {
"line_hashes": [
"324820715498239626715682428195584648648",
"317154587703516535654723700091612711469",
"110750140557317040413527749644739727538",
"151691470971680177407468550681514384386",
"264446681702084100092060472357671912025",
"145271376068213520057596363127990564696",
"21900793622007668300475982509784819962",
"172126988629367529953123465038374872397"
],
"threshold": 0.9
},
"signature_type": "Line",
"id": "ASB-A-327645387-36540b7a"
},
{
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/packages/modules/IntentResolver/+/94d1e1e4e9539437ec0549b7bf22999054b92f1f",
"target": {
"function": "onCreate",
"file": "java/src/com/android/intentresolver/ChooserActivity.java"
},
"deprecated": false,
"digest": {
"function_hash": "336189774948807934980544245030907515023",
"length": 2888.0
},
"signature_type": "Function",
"id": "ASB-A-327645387-685a2c22"
}
],
"types": [
"EoP"
]
}