ASB-A-341680936
See a problem?- Import Source
- https://storage.googleapis.com/android-osv/ASB-A-341680936.json
- JSON Data
- https://api.osv.dev/v1/vulns/ASB-A-341680936
- Aliases
-
- A-341680936
- CVE-2024-43093
- Published
- 2025-03-01T00:00:00Z
- Modified
- 2025-03-03T15:57:18.482689Z
- Summary
- [none]
- Details
-
In shouldHideDocument of ExternalStorageProvider.java, there is a possible bypass of a file path filter designed to prevent access to sensitive directories due to incorrect unicode normalization. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
- References
Affected packages
Android / platform/frameworks/base
Package
Ecosystem specific
{
"vanir_signatures": [
{
"digest": {
"length": 207.0,
"function_hash": "297717396204470872634311050904808164171"
},
"id": "ASB-A-341680936-7ffaa2a8",
"source": "https://android.googlesource.com/platform/frameworks/base/+/b91437020051b4f7fb78dbe14b40dd2f7c754f48",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "packages/ExternalStorageProvider/src/com/android/externalstorage/ExternalStorageProvider.java",
"function": "shouldHideDocument"
},
"signature_type": "Function"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"82383509994944209197550046869742228831",
"92736127983341831571401450139155350602",
"11178458602711922477761236377671491738",
"218593904282397687475559102996718449354",
"163959190879765981841303926269514662985",
"229395446405442564238235676967819175315",
"69872619935661865626078323738185575240",
"176760729794269842001035921457772591482",
"180111467092620191187509636909841449915",
"231554190964722082970558902036937057288",
"209123422967229645531423107889931090188",
"224765289385384294407017732659433291177",
"17687126784026348192855174961885991782",
"189531952909343160028141470373618825497",
"244758599954022578569552642200938371143",
"243445143413923747903612479158629299082",
"229312143133866111910960041947068522991",
"223098270538101092763464501278079255337",
"177850502028062498000214868692648001981",
"25034569560734105328920507087347052786",
"53072638448672322689479527507176646283",
"111586911541459156417573305324852249917",
"332800826803127257022304227152783767803"
]
},
"id": "ASB-A-341680936-f2d79ba4",
"source": "https://android.googlesource.com/platform/frameworks/base/+/b91437020051b4f7fb78dbe14b40dd2f7c754f48",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "packages/ExternalStorageProvider/src/com/android/externalstorage/ExternalStorageProvider.java"
},
"signature_type": "Line"
}
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/b91437020051b4f7fb78dbe14b40dd2f7c754f48"
],
"spl": "2025-03-01",
"severity": "High",
"types": [
"EoP"
]
}
Android / platform/frameworks/base
Package
Ecosystem specific
{
"vanir_signatures": [
{
"digest": {
"length": 207.0,
"function_hash": "297717396204470872634311050904808164171"
},
"id": "ASB-A-341680936-9caa0fbe",
"source": "https://android.googlesource.com/platform/frameworks/base/+/01006f7f97083ae49a546f9e0a94db7bdfd2a152",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "packages/ExternalStorageProvider/src/com/android/externalstorage/ExternalStorageProvider.java",
"function": "shouldHideDocument"
},
"signature_type": "Function"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"82383509994944209197550046869742228831",
"92736127983341831571401450139155350602",
"11178458602711922477761236377671491738",
"218593904282397687475559102996718449354",
"163959190879765981841303926269514662985",
"229395446405442564238235676967819175315",
"69872619935661865626078323738185575240",
"176760729794269842001035921457772591482",
"180111467092620191187509636909841449915",
"231554190964722082970558902036937057288",
"209123422967229645531423107889931090188",
"224765289385384294407017732659433291177",
"17687126784026348192855174961885991782",
"189531952909343160028141470373618825497",
"244758599954022578569552642200938371143",
"243445143413923747903612479158629299082",
"229312143133866111910960041947068522991",
"223098270538101092763464501278079255337",
"177850502028062498000214868692648001981",
"25034569560734105328920507087347052786",
"53072638448672322689479527507176646283",
"111586911541459156417573305324852249917",
"332800826803127257022304227152783767803"
]
},
"id": "ASB-A-341680936-ed0b646b",
"source": "https://android.googlesource.com/platform/frameworks/base/+/01006f7f97083ae49a546f9e0a94db7bdfd2a152",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "packages/ExternalStorageProvider/src/com/android/externalstorage/ExternalStorageProvider.java"
},
"signature_type": "Line"
}
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/01006f7f97083ae49a546f9e0a94db7bdfd2a152"
],
"spl": "2025-03-01",
"severity": "High",
"types": [
"EoP"
]
}
Android / platform/frameworks/base
Package
Android / platform/frameworks/base
Package
Android / platform/frameworks/base
Package
Ecosystem specific
{
"vanir_signatures": [
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"82383509994944209197550046869742228831",
"92736127983341831571401450139155350602",
"11178458602711922477761236377671491738",
"218593904282397687475559102996718449354",
"163959190879765981841303926269514662985",
"229395446405442564238235676967819175315",
"69872619935661865626078323738185575240",
"176760729794269842001035921457772591482",
"180111467092620191187509636909841449915",
"231554190964722082970558902036937057288",
"209123422967229645531423107889931090188",
"224765289385384294407017732659433291177",
"17687126784026348192855174961885991782",
"189531952909343160028141470373618825497",
"244758599954022578569552642200938371143",
"243445143413923747903612479158629299082",
"229312143133866111910960041947068522991",
"223098270538101092763464501278079255337",
"177850502028062498000214868692648001981",
"25034569560734105328920507087347052786",
"53072638448672322689479527507176646283",
"111586911541459156417573305324852249917",
"332800826803127257022304227152783767803"
]
},
"id": "ASB-A-341680936-60aa21ac",
"source": "https://android.googlesource.com/platform/frameworks/base/+/7f1bc271379d97bed56e33f8470992d38bce5531",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "packages/ExternalStorageProvider/src/com/android/externalstorage/ExternalStorageProvider.java"
},
"signature_type": "Line"
},
{
"digest": {
"length": 207.0,
"function_hash": "297717396204470872634311050904808164171"
},
"id": "ASB-A-341680936-9d4c80f3",
"source": "https://android.googlesource.com/platform/frameworks/base/+/7f1bc271379d97bed56e33f8470992d38bce5531",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "packages/ExternalStorageProvider/src/com/android/externalstorage/ExternalStorageProvider.java",
"function": "shouldHideDocument"
},
"signature_type": "Function"
}
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/7f1bc271379d97bed56e33f8470992d38bce5531"
],
"spl": "2025-03-01",
"severity": "High",
"types": [
"EoP"
]
}
Android / platform/frameworks/base
Package
Ecosystem specific
{
"vanir_signatures": [
{
"digest": {
"length": 207.0,
"function_hash": "297717396204470872634311050904808164171"
},
"id": "ASB-A-341680936-1966d34c",
"source": "https://android.googlesource.com/platform/frameworks/base/+/c984c3b842c2b458db2f1a29574af1d137f28143",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "packages/ExternalStorageProvider/src/com/android/externalstorage/ExternalStorageProvider.java",
"function": "shouldHideDocument"
},
"signature_type": "Function"
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"82383509994944209197550046869742228831",
"92736127983341831571401450139155350602",
"11178458602711922477761236377671491738",
"218593904282397687475559102996718449354",
"163959190879765981841303926269514662985",
"229395446405442564238235676967819175315",
"69872619935661865626078323738185575240",
"176760729794269842001035921457772591482",
"180111467092620191187509636909841449915",
"231554190964722082970558902036937057288",
"209123422967229645531423107889931090188",
"224765289385384294407017732659433291177",
"17687126784026348192855174961885991782",
"189531952909343160028141470373618825497",
"244758599954022578569552642200938371143",
"243445143413923747903612479158629299082",
"229312143133866111910960041947068522991",
"223098270538101092763464501278079255337",
"177850502028062498000214868692648001981",
"25034569560734105328920507087347052786",
"53072638448672322689479527507176646283",
"111586911541459156417573305324852249917",
"332800826803127257022304227152783767803"
]
},
"id": "ASB-A-341680936-d97036dc",
"source": "https://android.googlesource.com/platform/frameworks/base/+/c984c3b842c2b458db2f1a29574af1d137f28143",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "packages/ExternalStorageProvider/src/com/android/externalstorage/ExternalStorageProvider.java"
},
"signature_type": "Line"
}
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/c984c3b842c2b458db2f1a29574af1d137f28143"
],
"spl": "2025-03-01",
"severity": "High",
"types": [
"EoP"
]
}