ASB-A-329230490

See a problem?
Import Source
https://storage.googleapis.com/android-osv/ASB-A-329230490.json
JSON Data
https://api.osv.dev/v1/vulns/ASB-A-329230490
Aliases
  • A-329230490
  • CVE-2024-31320
Published
2024-07-01T00:00:00Z
Modified
2025-07-18T15:02:24.688977Z
Summary
[none]
Details

In setSkipPrompt of AssociationRequest.java , there is a possible way to establish a companion device association without any confirmation due to CDM. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

References

Affected packages

Android / platform/frameworks/base

Package

Name
platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
12:0
Fixed
12:2024-07-01

Affected versions

Other

12

Ecosystem specific 

{
    "types": [
        "EoP"
    ],
    "severity": "Critical",
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "283533769886380923448576656925363146498",
                    "306640430079475523562921556048505603680",
                    "220247844284439815336487099373551580211",
                    "296340939658799727884616528029234346770"
                ]
            },
            "signature_version": "v1",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/56ac420b653da3f716f37a77780d7a74bc5fc439",
            "deprecated": false,
            "id": "ASB-A-329230490-5add1a57",
            "signature_type": "Line",
            "target": {
                "file": "core/java/android/companion/AssociationRequest.java"
            }
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "67950038913822548496977403571025662121",
                    "222725767583171763006265824348111716351",
                    "286500330299365691393581685729299877668",
                    "166044803054551522655759985343015696389",
                    "151376619027520813586001682013091186310",
                    "194068989226376155571126814800988254819",
                    "257382018809139542673220738604381729552"
                ]
            },
            "signature_version": "v1",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/71418ecfa539b99d9bb0053d1de5060040bdf02f",
            "deprecated": false,
            "id": "ASB-A-329230490-6b902821",
            "signature_type": "Line",
            "target": {
                "file": "services/companion/java/com/android/server/companion/CompanionDeviceManagerService.java"
            }
        },
        {
            "digest": {
                "function_hash": "168892350902793353495994525992132626819",
                "length": 55.0
            },
            "signature_version": "v1",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/56ac420b653da3f716f37a77780d7a74bc5fc439",
            "deprecated": false,
            "id": "ASB-A-329230490-a4ce043d",
            "signature_type": "Function",
            "target": {
                "file": "core/java/android/companion/AssociationRequest.java",
                "function": "setSkipPrompt"
            }
        },
        {
            "digest": {
                "function_hash": "37463952415737052809221431915743857188",
                "length": 1588.0
            },
            "signature_version": "v1",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/71418ecfa539b99d9bb0053d1de5060040bdf02f",
            "deprecated": false,
            "id": "ASB-A-329230490-a592a235",
            "signature_type": "Function",
            "target": {
                "file": "services/companion/java/com/android/server/companion/CompanionDeviceManagerService.java",
                "function": "associate"
            }
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/56ac420b653da3f716f37a77780d7a74bc5fc439",
        "https://android.googlesource.com/platform/frameworks/base/+/71418ecfa539b99d9bb0053d1de5060040bdf02f"
    ],
    "spl": "2024-07-01"
}

Android / platform/frameworks/base

Package

Name
platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
12L:0
Fixed
12L:2024-07-01

Affected versions

Other

12L

Ecosystem specific 

{
    "types": [
        "EoP"
    ],
    "severity": "Critical",
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "283533769886380923448576656925363146498",
                    "306640430079475523562921556048505603680",
                    "220247844284439815336487099373551580211",
                    "296340939658799727884616528029234346770"
                ]
            },
            "signature_version": "v1",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/be2e3b05858ba7a6349f5487d2658d00853b11cd",
            "deprecated": false,
            "id": "ASB-A-329230490-2e9d0f69",
            "signature_type": "Line",
            "target": {
                "file": "core/java/android/companion/AssociationRequest.java"
            }
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "67950038913822548496977403571025662121",
                    "222725767583171763006265824348111716351",
                    "286500330299365691393581685729299877668",
                    "166044803054551522655759985343015696389",
                    "151376619027520813586001682013091186310",
                    "194068989226376155571126814800988254819",
                    "257382018809139542673220738604381729552"
                ]
            },
            "signature_version": "v1",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/f28e88e53d57779fff5900d1811ffa07ab174640",
            "deprecated": false,
            "id": "ASB-A-329230490-3f23a8b1",
            "signature_type": "Line",
            "target": {
                "file": "services/companion/java/com/android/server/companion/CompanionDeviceManagerService.java"
            }
        },
        {
            "digest": {
                "function_hash": "65861310754994395892854568185787642004",
                "length": 1683.0
            },
            "signature_version": "v1",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/f28e88e53d57779fff5900d1811ffa07ab174640",
            "deprecated": false,
            "id": "ASB-A-329230490-8ac5bf9f",
            "signature_type": "Function",
            "target": {
                "file": "services/companion/java/com/android/server/companion/CompanionDeviceManagerService.java",
                "function": "associate"
            }
        },
        {
            "digest": {
                "function_hash": "168892350902793353495994525992132626819",
                "length": 55.0
            },
            "signature_version": "v1",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/be2e3b05858ba7a6349f5487d2658d00853b11cd",
            "deprecated": false,
            "id": "ASB-A-329230490-f8035f09",
            "signature_type": "Function",
            "target": {
                "file": "core/java/android/companion/AssociationRequest.java",
                "function": "setSkipPrompt"
            }
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/be2e3b05858ba7a6349f5487d2658d00853b11cd",
        "https://android.googlesource.com/platform/frameworks/base/+/f28e88e53d57779fff5900d1811ffa07ab174640"
    ],
    "spl": "2024-07-01"
}