ASB-A-341256043

See a problem?

Import Source

https://storage.googleapis.com/android-osv/ASB-A-341256043.json

JSON Data

https://api.osv.dev/v1/vulns/ASB-A-341256043

Aliases

A-341256043
CVE-2024-43081

Published

2024-11-01T00:00:00Z

Modified

2024-11-06T16:12:12.576054Z

Summary

[none]

Details

In installExistingPackageAsUser of InstallPackageHelper.java, there is a possible carrier restriction bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

References

Affected packages

Android / platform/frameworks/base

Package

Name: platform/frameworks/base

Affected ranges

Type: ECOSYSTEM
Events: Introduced

15-next:0

Fixed

15-next:2024-11-01

Affected versions

Other

15-next

Ecosystem specific

{
    "vanir_signatures": [
        {
            "match_only_versions": [
                "15-next"
            ],
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "247072308262172872979524978937761345608",
                    "70078933855901175012213158357255615818",
                    "130782364824674563949830595169623224801",
                    "97768317995976597419647832143432107752",
                    "172462288539287315524255640510087042382",
                    "317262461759818309976398071849066620926",
                    "248144891049726392850816756954403720649",
                    "312468334464122519273056096798021863641"
                ]
            },
            "id": "ASB-A-341256043-19fc65f9",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/04534c3920f01680cc6f50f57737a25f8f893bb1",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/pm/InstallPackageHelper.java"
            },
            "signature_type": "Line"
        },
        {
            "match_only_versions": [
                "15-next"
            ],
            "digest": {
                "length": 4209.0,
                "function_hash": "123079867802361225203984530978881524921"
            },
            "id": "ASB-A-341256043-5f3b4164",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/04534c3920f01680cc6f50f57737a25f8f893bb1",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/pm/InstallPackageHelper.java",
                "function": "installExistingPackageAsUser"
            },
            "signature_type": "Function"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/04534c3920f01680cc6f50f57737a25f8f893bb1"
    ],
    "spl": "2024-11-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}