ASB-A-328068777
See a problem?- Import Source
- https://storage.googleapis.com/android-osv/ASB-A-328068777.json
- JSON Data
- https://api.osv.dev/v1/vulns/ASB-A-328068777
- Aliases
-
- A-328068777
- CVE-2024-23706
- Published
- 2024-05-01T00:00:00Z
- Modified
- 2025-07-15T14:57:05.684759Z
- Summary
- [none]
- Details
-
In multiple locations, there is a possible bypass of health data permissions due to an improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
- References
Affected packages
Android / platform/packages/modules/HealthFitness
Package
Ecosystem specific
{
"types": [
"EoP"
],
"severity": "Critical",
"vanir_signatures": [
{
"digest": {
"function_hash": "11182637820034618401113751222754258203",
"length": 176.0
},
"signature_version": "v1",
"deprecated": false,
"source": "https://android.googlesource.com/platform/packages/modules/HealthFitness/+/dcb9791c2ed95b06a2ab9656f10fba3a35933ac5",
"id": "ASB-A-328068777-358b6dbd",
"signature_type": "Function",
"target": {
"file": "framework/java/android/health/connect/changelog/ChangeLogTokenRequest.java",
"function": "ChangeLogTokenRequest"
}
},
{
"digest": {
"function_hash": "210789308651513261784163237306101964800",
"length": 1685.0
},
"signature_version": "v1",
"deprecated": false,
"source": "https://android.googlesource.com/platform/packages/modules/HealthFitness/+/dcb9791c2ed95b06a2ab9656f10fba3a35933ac5",
"id": "ASB-A-328068777-755e83ba",
"signature_type": "Function",
"target": {
"file": "service/java/com/android/server/healthconnect/HealthConnectServiceImpl.java",
"function": "getChangeLogToken"
}
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"24184396780336239456519827110476549761",
"326091310677141883351282324384448193723",
"169296199027089828482117199681574946450",
"60912415992642674153698379516784373776",
"253230689317029001137224617269275472402",
"270232514102022061319869247121890143736",
"253692171878371708813287315620972659781",
"23293976492454174139545048729646880666",
"152820436504189419185227330089363240672",
"192804579701164721586373396846142632900",
"36366221292545186722522250319036558772",
"157353292968794510263123915821142624716"
]
},
"signature_version": "v1",
"deprecated": false,
"source": "https://android.googlesource.com/platform/packages/modules/HealthFitness/+/dcb9791c2ed95b06a2ab9656f10fba3a35933ac5",
"id": "ASB-A-328068777-d2a84df2",
"signature_type": "Line",
"target": {
"file": "service/java/com/android/server/healthconnect/HealthConnectServiceImpl.java"
}
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"184284571166231186356303372028293059177",
"158277996485282816687852804984270150792",
"3834673447980206355777666768730623887",
"194253162466046725342937943237631321477",
"40585238822889721281949691705454247789",
"235783409289312975463805719829070200344",
"12902639167930202410359945484686747496"
]
},
"signature_version": "v1",
"deprecated": false,
"source": "https://android.googlesource.com/platform/packages/modules/HealthFitness/+/dcb9791c2ed95b06a2ab9656f10fba3a35933ac5",
"id": "ASB-A-328068777-dd62bad8",
"signature_type": "Line",
"target": {
"file": "framework/java/android/health/connect/changelog/ChangeLogTokenRequest.java"
}
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"169017893411465551870686141667331661882",
"254973238369687517206384210713299461536",
"265493436211331043298307543155769753378",
"230235184610370260045292722396838039625",
"28639966036122384420486418860090170562",
"14787195696624463574573004180146590960",
"124969319363793220763356686989257765174"
]
},
"signature_version": "v1",
"deprecated": false,
"source": "https://android.googlesource.com/platform/packages/modules/HealthFitness/+/dcb9791c2ed95b06a2ab9656f10fba3a35933ac5",
"id": "ASB-A-328068777-ee2b7d22",
"signature_type": "Line",
"target": {
"file": "tests/cts/utils/HealthConnectTestUtils/src/android/healthconnect/cts/utils/DataFactory.java"
}
},
{
"digest": {
"function_hash": "226261509158360689473339911837521724737",
"length": 3195.0
},
"signature_version": "v1",
"deprecated": false,
"source": "https://android.googlesource.com/platform/packages/modules/HealthFitness/+/dcb9791c2ed95b06a2ab9656f10fba3a35933ac5",
"id": "ASB-A-328068777-f972c0c3",
"signature_type": "Function",
"target": {
"file": "service/java/com/android/server/healthconnect/HealthConnectServiceImpl.java",
"function": "getChangeLogs"
}
}
],
"fixes": [
"https://android.googlesource.com/platform/packages/modules/HealthFitness/+/dcb9791c2ed95b06a2ab9656f10fba3a35933ac5"
],
"spl": "2024-05-01"
}
Android / platform/packages/modules/HealthFitness
Package
Ecosystem specific
{
"types": [
"EoP"
],
"severity": "Critical",
"vanir_signatures": [
{
"digest": {
"function_hash": "200292413677519874267550763316819362021",
"length": 1640.0
},
"signature_version": "v1",
"deprecated": false,
"source": "https://android.googlesource.com/platform/packages/modules/HealthFitness/+/cd228a3e21c9c8df83bc3851736d6f4e19956e46",
"id": "ASB-A-328068777-0ec039df",
"signature_type": "Function",
"target": {
"file": "service/java/com/android/server/healthconnect/HealthConnectServiceImpl.java",
"function": "getChangeLogToken"
}
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"28639966036122384420486418860090170562",
"14787195696624463574573004180146590960",
"124969319363793220763356686989257765174"
]
},
"signature_version": "v1",
"deprecated": false,
"source": "https://android.googlesource.com/platform/packages/modules/HealthFitness/+/cd228a3e21c9c8df83bc3851736d6f4e19956e46",
"id": "ASB-A-328068777-417809ae",
"signature_type": "Line",
"target": {
"file": "tests/cts/src/android/healthconnect/cts/TestUtils.java"
}
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"184284571166231186356303372028293059177",
"158277996485282816687852804984270150792",
"3834673447980206355777666768730623887",
"194253162466046725342937943237631321477",
"40585238822889721281949691705454247789",
"235783409289312975463805719829070200344",
"12902639167930202410359945484686747496"
]
},
"signature_version": "v1",
"deprecated": false,
"source": "https://android.googlesource.com/platform/packages/modules/HealthFitness/+/cd228a3e21c9c8df83bc3851736d6f4e19956e46",
"id": "ASB-A-328068777-79dd6a23",
"signature_type": "Line",
"target": {
"file": "framework/java/android/health/connect/changelog/ChangeLogTokenRequest.java"
}
},
{
"digest": {
"function_hash": "11182637820034618401113751222754258203",
"length": 176.0
},
"signature_version": "v1",
"deprecated": false,
"source": "https://android.googlesource.com/platform/packages/modules/HealthFitness/+/cd228a3e21c9c8df83bc3851736d6f4e19956e46",
"id": "ASB-A-328068777-8a7fb9c0",
"signature_type": "Function",
"target": {
"file": "framework/java/android/health/connect/changelog/ChangeLogTokenRequest.java",
"function": "ChangeLogTokenRequest"
}
},
{
"digest": {
"function_hash": "10078778538836670793714516941865304660",
"length": 3125.0
},
"signature_version": "v1",
"deprecated": false,
"source": "https://android.googlesource.com/platform/packages/modules/HealthFitness/+/cd228a3e21c9c8df83bc3851736d6f4e19956e46",
"id": "ASB-A-328068777-ac40d998",
"signature_type": "Function",
"target": {
"file": "service/java/com/android/server/healthconnect/HealthConnectServiceImpl.java",
"function": "getChangeLogs"
}
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"14494658264943636005532725122148944542",
"311715682319723511960856381299179207635",
"88836618091036472495080051796659547660",
"60912415992642674153698379516784373776",
"176314100490389740788039315426701052471",
"337595151293101171946985979025104038853",
"169349844471804201544675214444074849623",
"141976674935542803872601154376733957406",
"286621354561062032981567587104938068619",
"97602143727257462545550882966194720477",
"216526834470958959124533882911469572064",
"54993563389427816304464757331882597587"
]
},
"signature_version": "v1",
"deprecated": false,
"source": "https://android.googlesource.com/platform/packages/modules/HealthFitness/+/cd228a3e21c9c8df83bc3851736d6f4e19956e46",
"id": "ASB-A-328068777-d2f9bdba",
"signature_type": "Line",
"target": {
"file": "service/java/com/android/server/healthconnect/HealthConnectServiceImpl.java"
}
}
],
"fixes": [
"https://android.googlesource.com/platform/packages/modules/HealthFitness/+/cd228a3e21c9c8df83bc3851736d6f4e19956e46"
],
"spl": "2024-05-01"
}