ASB-A-336323279
See a problem?- Import Source
- https://storage.googleapis.com/android-osv/ASB-A-336323279.json
- JSON Data
- https://api.osv.dev/v1/vulns/ASB-A-336323279
- Aliases
-
- A-336323279
- CVE-2024-34738
- Published
- 2024-08-01T00:00:00Z
- Modified
- 2024-11-06T12:16:03.231308Z
- Summary
- [none]
- Details
-
In multiple functions of AppOpsService.java, there is a possible way for unprivileged apps to read their own restrictRead app-op states due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
- References
Affected packages
Android / platform/frameworks/base
Package
Ecosystem specific
{
"vanir_signatures": [
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"155290289070892496713407728111694577272",
"50170075951158264700055049384867889361",
"258567789960322506291680570706060849396",
"103006858551673693882655182545271519297",
"56677228534642494669783196501344303328",
"112189945487356966523093960046031247335",
"152917475649676127471247702203349374973",
"335050055412409923719135812133370812888",
"241109627515707857017823944220942304205",
"173584927456833537101965176588998972260",
"262573321636468416015759523167358481112",
"106084232884673639449023698139121871873",
"54036612676277345232006082715688122333",
"168460017835466189202053310032604387658",
"85459535018880413620145867366719225655",
"224709258165208765206706283495916606041",
"69030975499120734252832411346976782828",
"165451476811191297387992421760603219790",
"90518704425958532938562733404423041300",
"106383597360031344710587720813957895919",
"132903626757647226160171190214934149971",
"34247211009492729252601302964266859890",
"128449159514436591913288189669887916334"
]
},
"id": "ASB-A-336323279-740a03af",
"source": "https://android.googlesource.com/platform/frameworks/base/+/955e78071ec49139583056e21f612edba6439436",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/appop/AppOpsService.java"
},
"signature_type": "Line"
},
{
"digest": {
"length": 314.0,
"function_hash": "271341409669458354291250865136426508731"
},
"id": "ASB-A-336323279-7df0ef98",
"source": "https://android.googlesource.com/platform/frameworks/base/+/955e78071ec49139583056e21f612edba6439436",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/appop/AppOpsService.java",
"function": "verifyIncomingOp"
},
"signature_type": "Function"
},
{
"digest": {
"length": 536.0,
"function_hash": "226569947551239069908695777646051432672"
},
"id": "ASB-A-336323279-8719a508",
"source": "https://android.googlesource.com/platform/frameworks/base/+/955e78071ec49139583056e21f612edba6439436",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/appop/AppOpsService.java",
"function": "collectOps"
},
"signature_type": "Function"
}
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/955e78071ec49139583056e21f612edba6439436"
],
"spl": "2024-08-01",
"severity": "High",
"types": [
"EoP"
]
}
Android / platform/frameworks/base
Package
Ecosystem specific
{
"vanir_signatures": [
{
"digest": {
"length": 314.0,
"function_hash": "271341409669458354291250865136426508731"
},
"id": "ASB-A-336323279-2c8406c6",
"source": "https://android.googlesource.com/platform/frameworks/base/+/e2471e03e471ed701dd1ac0c6c483f82b0dd22d0",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/appop/AppOpsService.java",
"function": "verifyIncomingOp"
},
"signature_type": "Function"
},
{
"match_only_versions": [
"13"
],
"digest": {
"length": 565.0,
"function_hash": "335229134296342272220671894299133808942"
},
"id": "ASB-A-336323279-ee76bb77",
"source": "https://android.googlesource.com/platform/frameworks/base/+/e2471e03e471ed701dd1ac0c6c483f82b0dd22d0",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/appop/AppOpsService.java",
"function": "collectOps"
},
"signature_type": "Function"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"71308875704435778707080096132114324900",
"36163315088678836445270695673990550056",
"162957365957927575174812348340271909813",
"97283526466078414112679262229617318988",
"56677228534642494669783196501344303328",
"95530904211242568681832103475495674385",
"285694059248249154049803579926649887641",
"249657082229337128205639577339949811868",
"253772115497832552708570951606569109011",
"173584927456833537101965176588998972260",
"262573321636468416015759523167358481112",
"106084232884673639449023698139121871873",
"54036612676277345232006082715688122333",
"168460017835466189202053310032604387658",
"165451476811191297387992421760603219790",
"90518704425958532938562733404423041300",
"106383597360031344710587720813957895919",
"132903626757647226160171190214934149971",
"34247211009492729252601302964266859890",
"128449159514436591913288189669887916334"
]
},
"id": "ASB-A-336323279-f76068b7",
"source": "https://android.googlesource.com/platform/frameworks/base/+/e2471e03e471ed701dd1ac0c6c483f82b0dd22d0",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/appop/AppOpsService.java"
},
"signature_type": "Line"
}
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/e2471e03e471ed701dd1ac0c6c483f82b0dd22d0"
],
"spl": "2024-08-01",
"severity": "High",
"types": [
"EoP"
]
}
Android / platform/frameworks/base
Package
Ecosystem specific
{
"vanir_signatures": [
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"102237660525299082857892895966305371001",
"182945194297317478338321406644110804447",
"172218828561879507384994601065657093002",
"103006858551673693882655182545271519297",
"56677228534642494669783196501344303328",
"47890410113008051836251308443189549034",
"172080579671667751572132470175614683275",
"263607453056563888617200606719662511242",
"259143427029110884523456883122189804226",
"173584927456833537101965176588998972260",
"262573321636468416015759523167358481112",
"106084232884673639449023698139121871873",
"54036612676277345232006082715688122333",
"168460017835466189202053310032604387658",
"165451476811191297387992421760603219790",
"90518704425958532938562733404423041300",
"106383597360031344710587720813957895919",
"132903626757647226160171190214934149971",
"34247211009492729252601302964266859890",
"128449159514436591913288189669887916334"
]
},
"id": "ASB-A-336323279-297cd822",
"source": "https://android.googlesource.com/platform/frameworks/base/+/e31c33ea3586531ca99dd4c6d68a34ce07c1cebb",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/appop/AppOpsService.java"
},
"signature_type": "Line"
},
{
"digest": {
"length": 506.0,
"function_hash": "47136927224431509769238248283072278004"
},
"id": "ASB-A-336323279-70d572dc",
"source": "https://android.googlesource.com/platform/frameworks/base/+/e31c33ea3586531ca99dd4c6d68a34ce07c1cebb",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/appop/AppOpsService.java",
"function": "collectOps"
},
"signature_type": "Function"
},
{
"digest": {
"length": 314.0,
"function_hash": "271341409669458354291250865136426508731"
},
"id": "ASB-A-336323279-ea04cde6",
"source": "https://android.googlesource.com/platform/frameworks/base/+/e31c33ea3586531ca99dd4c6d68a34ce07c1cebb",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "services/core/java/com/android/server/appop/AppOpsService.java",
"function": "verifyIncomingOp"
},
"signature_type": "Function"
}
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/e31c33ea3586531ca99dd4c6d68a34ce07c1cebb"
],
"spl": "2024-08-01",
"severity": "High",
"types": [
"EoP"
]
}