ASB-A-336648613
See a problem?- Import Source
- https://storage.googleapis.com/android-osv/ASB-A-336648613.json
- JSON Data
- https://api.osv.dev/v1/vulns/ASB-A-336648613
- Aliases
-
- A-336648613
- CVE-2024-34743
- Published
- 2024-08-01T00:00:00Z
- Modified
- 2025-09-12T14:58:33.554682Z
- Summary
- [none]
- Details
-
In setTransactionState of SurfaceFlinger.cpp, there is a possible way to perform tapjacking due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
- References
Affected packages
Android / platform/frameworks/native
Package
Ecosystem specific
{
"spl": "2024-08-01",
"vanir_signatures": [
{
"signature_version": "v1",
"id": "ASB-A-336648613-14b4ad06",
"target": {
"file": "services/surfaceflinger/SurfaceFlinger.cpp"
},
"source": "https://android.googlesource.com/platform/frameworks/native/+/04e41761914c3c3aaca965103be3679b7a7af76f",
"deprecated": false,
"signature_type": "Line",
"digest": {
"line_hashes": [
"98259378003215290729200237477895687439",
"124351871409583557248646893027347472071",
"83269910493861560338894238969646644480",
"199318277824035700342671260286424773147"
],
"threshold": 0.9
}
},
{
"signature_version": "v1",
"id": "ASB-A-336648613-165e16f9",
"target": {
"file": "services/surfaceflinger/tests/Credentials_test.cpp"
},
"source": "https://android.googlesource.com/platform/frameworks/native/+/2fc9515b2ae8a4bb4729092c113eff117841a958",
"deprecated": false,
"signature_type": "Line",
"digest": {
"line_hashes": [
"119849422066859117998190507447921247582",
"233788605379638285463660867186484692767",
"258348330144295160924809948120583375696",
"140468011115421245451995813614498008597",
"92733186063308125086410512280235079644",
"202345375235487927167814672541795343501",
"320856776686287278756643701749370531887",
"6077737703250704013138677459097867481",
"147423824564164202981002604416402353662",
"24802709526932377582786707034229334080",
"303639753293515368215693811817733397226",
"70010450437343897477377129399488908447",
"309185948175512427659912767458363091160",
"251125231041549029302901415882271665226",
"262174218451291711126137892668652235802",
"160029374754896997520764646987278392060"
],
"threshold": 0.9
}
},
{
"signature_version": "v1",
"id": "ASB-A-336648613-347a5dc2",
"target": {
"function": "SurfaceFlinger::setTransactionState",
"file": "services/surfaceflinger/SurfaceFlinger.cpp"
},
"source": "https://android.googlesource.com/platform/frameworks/native/+/04e41761914c3c3aaca965103be3679b7a7af76f",
"deprecated": false,
"signature_type": "Function",
"digest": {
"length": 3818.0,
"function_hash": "298505913791856611425474582226856428156"
}
},
{
"signature_version": "v1",
"id": "ASB-A-336648613-a5630507",
"target": {
"function": "TEST_F",
"file": "services/surfaceflinger/tests/Credentials_test.cpp"
},
"source": "https://android.googlesource.com/platform/frameworks/native/+/04e41761914c3c3aaca965103be3679b7a7af76f",
"deprecated": false,
"signature_type": "Function",
"digest": {
"length": 1451.0,
"function_hash": "167139669641146282885240371798531393151"
}
},
{
"signature_version": "v1",
"id": "ASB-A-336648613-b8041d00",
"target": {
"file": "services/surfaceflinger/tests/Credentials_test.cpp"
},
"source": "https://android.googlesource.com/platform/frameworks/native/+/04e41761914c3c3aaca965103be3679b7a7af76f",
"deprecated": false,
"signature_type": "Line",
"digest": {
"line_hashes": [
"119849422066859117998190507447921247582",
"233788605379638285463660867186484692767",
"258348330144295160924809948120583375696",
"140468011115421245451995813614498008597",
"92733186063308125086410512280235079644",
"202345375235487927167814672541795343501",
"320856776686287278756643701749370531887",
"6077737703250704013138677459097867481",
"147423824564164202981002604416402353662",
"24802709526932377582786707034229334080",
"303639753293515368215693811817733397226",
"70010450437343897477377129399488908447",
"309185948175512427659912767458363091160",
"251125231041549029302901415882271665226",
"262174218451291711126137892668652235802",
"160029374754896997520764646987278392060"
],
"threshold": 0.9
}
},
{
"signature_version": "v1",
"id": "ASB-A-336648613-c25669e5",
"target": {
"file": "services/surfaceflinger/SurfaceFlinger.cpp"
},
"source": "https://android.googlesource.com/platform/frameworks/native/+/2fc9515b2ae8a4bb4729092c113eff117841a958",
"deprecated": false,
"signature_type": "Line",
"digest": {
"line_hashes": [
"98259378003215290729200237477895687439",
"124351871409583557248646893027347472071",
"83269910493861560338894238969646644480",
"199318277824035700342671260286424773147"
],
"threshold": 0.9
}
},
{
"signature_version": "v1",
"id": "ASB-A-336648613-d7e1fae3",
"target": {
"function": "SurfaceFlinger::setTransactionState",
"file": "services/surfaceflinger/SurfaceFlinger.cpp"
},
"source": "https://android.googlesource.com/platform/frameworks/native/+/2fc9515b2ae8a4bb4729092c113eff117841a958",
"deprecated": false,
"signature_type": "Function",
"digest": {
"length": 3425.0,
"function_hash": "330833214335412875635693904938078851747"
}
},
{
"signature_version": "v1",
"id": "ASB-A-336648613-febb3c7f",
"target": {
"function": "TEST_F",
"file": "services/surfaceflinger/tests/Credentials_test.cpp"
},
"source": "https://android.googlesource.com/platform/frameworks/native/+/2fc9515b2ae8a4bb4729092c113eff117841a958",
"deprecated": false,
"signature_type": "Function",
"digest": {
"length": 1451.0,
"function_hash": "167139669641146282885240371798531393151"
}
}
],
"types": [
"EoP"
],
"severity": "High",
"fixes": [
"https://android.googlesource.com/platform/frameworks/native/+/04e41761914c3c3aaca965103be3679b7a7af76f",
"https://android.googlesource.com/platform/frameworks/native/+/2fc9515b2ae8a4bb4729092c113eff117841a958"
]
}
Android / platform/frameworks/native
Package
Ecosystem specific
{
"spl": "2024-08-01",
"vanir_signatures": [
{
"signature_version": "v1",
"id": "ASB-A-336648613-199fc973",
"target": {
"function": "TEST_F",
"file": "services/surfaceflinger/tests/Credentials_test.cpp"
},
"source": "https://android.googlesource.com/platform/frameworks/native/+/f1ad68a1a9fbdeb62999ccaee21643783101157c",
"deprecated": false,
"signature_type": "Function",
"digest": {
"length": 1451.0,
"function_hash": "167139669641146282885240371798531393151"
}
},
{
"signature_version": "v1",
"id": "ASB-A-336648613-a4c9fcb9",
"target": {
"file": "services/surfaceflinger/SurfaceFlinger.cpp"
},
"source": "https://android.googlesource.com/platform/frameworks/native/+/f1ad68a1a9fbdeb62999ccaee21643783101157c",
"deprecated": false,
"signature_type": "Line",
"digest": {
"line_hashes": [
"98259378003215290729200237477895687439",
"124351871409583557248646893027347472071",
"83269910493861560338894238969646644480",
"199318277824035700342671260286424773147"
],
"threshold": 0.9
}
},
{
"signature_version": "v1",
"id": "ASB-A-336648613-b602c7ed",
"target": {
"file": "services/surfaceflinger/tests/Credentials_test.cpp"
},
"source": "https://android.googlesource.com/platform/frameworks/native/+/f1ad68a1a9fbdeb62999ccaee21643783101157c",
"deprecated": false,
"signature_type": "Line",
"digest": {
"line_hashes": [
"119849422066859117998190507447921247582",
"233788605379638285463660867186484692767",
"258348330144295160924809948120583375696",
"140468011115421245451995813614498008597",
"92733186063308125086410512280235079644",
"202345375235487927167814672541795343501",
"320856776686287278756643701749370531887",
"6077737703250704013138677459097867481",
"147423824564164202981002604416402353662",
"24802709526932377582786707034229334080",
"303639753293515368215693811817733397226",
"70010450437343897477377129399488908447",
"309185948175512427659912767458363091160",
"251125231041549029302901415882271665226",
"262174218451291711126137892668652235802",
"160029374754896997520764646987278392060"
],
"threshold": 0.9
}
},
{
"signature_version": "v1",
"id": "ASB-A-336648613-b7b1246b",
"target": {
"function": "SurfaceFlinger::setTransactionState",
"file": "services/surfaceflinger/SurfaceFlinger.cpp"
},
"source": "https://android.googlesource.com/platform/frameworks/native/+/f1ad68a1a9fbdeb62999ccaee21643783101157c",
"deprecated": false,
"signature_type": "Function",
"digest": {
"length": 3425.0,
"function_hash": "330833214335412875635693904938078851747"
}
}
],
"types": [
"EoP"
],
"severity": "High",
"fixes": [
"https://android.googlesource.com/platform/frameworks/native/+/f1ad68a1a9fbdeb62999ccaee21643783101157c"
]
}