ASB-A-341680936
See a problem?- Import Source
- https://storage.googleapis.com/android-osv/ASB-A-341680936.json
- JSON Data
- https://api.osv.dev/v1/vulns/ASB-A-341680936
- Aliases
-
- A-341680936
- CVE-2024-43093
- Published
- 2025-03-01T00:00:00Z
- Modified
- 2025-12-05T16:54:10.362055Z
- Summary
- [none]
- Details
-
In shouldHideDocument of ExternalStorageProvider.java, there is a possible bypass of a file path filter designed to prevent access to sensitive directories due to incorrect unicode normalization. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
- References
Affected packages
Android
platform/frameworks/base
Package
- Name
- platform/frameworks/base
Ecosystem specific
{
"spl": "2025-03-01",
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/b91437020051b4f7fb78dbe14b40dd2f7c754f48"
],
"severity": "High",
"types": [
"EoP"
],
"vanir_signatures": [
{
"target": {
"file": "packages/ExternalStorageProvider/src/com/android/externalstorage/ExternalStorageProvider.java"
},
"digest": {
"line_hashes": [
"82383509994944209197550046869742228831",
"92736127983341831571401450139155350602",
"11178458602711922477761236377671491738",
"218593904282397687475559102996718449354",
"163959190879765981841303926269514662985",
"229395446405442564238235676967819175315",
"69872619935661865626078323738185575240",
"176760729794269842001035921457772591482",
"180111467092620191187509636909841449915",
"231554190964722082970558902036937057288",
"209123422967229645531423107889931090188",
"224765289385384294407017732659433291177",
"17687126784026348192855174961885991782",
"189531952909343160028141470373618825497",
"244758599954022578569552642200938371143",
"243445143413923747903612479158629299082",
"229312143133866111910960041947068522991",
"223098270538101092763464501278079255337",
"177850502028062498000214868692648001981",
"25034569560734105328920507087347052786",
"53072638448672322689479527507176646283",
"111586911541459156417573305324852249917",
"332800826803127257022304227152783767803"
],
"threshold": 0.9
},
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/base/+/b91437020051b4f7fb78dbe14b40dd2f7c754f48",
"deprecated": false,
"signature_type": "Line",
"id": "ASB-A-341680936-6abff257"
},
{
"target": {
"function": "shouldHideDocument",
"file": "packages/ExternalStorageProvider/src/com/android/externalstorage/ExternalStorageProvider.java"
},
"digest": {
"length": 207.0,
"function_hash": "297717396204470872634311050904808164171"
},
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/base/+/b91437020051b4f7fb78dbe14b40dd2f7c754f48",
"deprecated": false,
"signature_type": "Function",
"id": "ASB-A-341680936-6d48f70b"
}
]
}platform/frameworks/base
Package
- Name
- platform/frameworks/base
Ecosystem specific
{
"spl": "2025-03-01",
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/01006f7f97083ae49a546f9e0a94db7bdfd2a152"
],
"severity": "High",
"types": [
"EoP"
],
"vanir_signatures": [
{
"target": {
"file": "packages/ExternalStorageProvider/src/com/android/externalstorage/ExternalStorageProvider.java"
},
"digest": {
"line_hashes": [
"82383509994944209197550046869742228831",
"92736127983341831571401450139155350602",
"11178458602711922477761236377671491738",
"218593904282397687475559102996718449354",
"163959190879765981841303926269514662985",
"229395446405442564238235676967819175315",
"69872619935661865626078323738185575240",
"176760729794269842001035921457772591482",
"180111467092620191187509636909841449915",
"231554190964722082970558902036937057288",
"209123422967229645531423107889931090188",
"224765289385384294407017732659433291177",
"17687126784026348192855174961885991782",
"189531952909343160028141470373618825497",
"244758599954022578569552642200938371143",
"243445143413923747903612479158629299082",
"229312143133866111910960041947068522991",
"223098270538101092763464501278079255337",
"177850502028062498000214868692648001981",
"25034569560734105328920507087347052786",
"53072638448672322689479527507176646283",
"111586911541459156417573305324852249917",
"332800826803127257022304227152783767803"
],
"threshold": 0.9
},
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/base/+/01006f7f97083ae49a546f9e0a94db7bdfd2a152",
"deprecated": false,
"signature_type": "Line",
"id": "ASB-A-341680936-924a566b"
},
{
"target": {
"function": "shouldHideDocument",
"file": "packages/ExternalStorageProvider/src/com/android/externalstorage/ExternalStorageProvider.java"
},
"digest": {
"length": 207.0,
"function_hash": "297717396204470872634311050904808164171"
},
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/base/+/01006f7f97083ae49a546f9e0a94db7bdfd2a152",
"deprecated": false,
"signature_type": "Function",
"id": "ASB-A-341680936-ef88540c"
}
]
}platform/frameworks/base
Package
- Name
- platform/frameworks/base
Ecosystem specific
{
"spl": "2025-03-01",
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/da4b7509afc15cda9195501b41ecc6c5a0670c19"
],
"severity": "High",
"types": [
"EoP"
],
"vanir_signatures": [
{
"target": {
"function": "shouldHideDocument",
"file": "packages/ExternalStorageProvider/src/com/android/externalstorage/ExternalStorageProvider.java"
},
"digest": {
"length": 207.0,
"function_hash": "297717396204470872634311050904808164171"
},
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/base/+/da4b7509afc15cda9195501b41ecc6c5a0670c19",
"deprecated": false,
"signature_type": "Function",
"id": "ASB-A-341680936-22b5a8ba"
},
{
"target": {
"file": "packages/ExternalStorageProvider/src/com/android/externalstorage/ExternalStorageProvider.java"
},
"digest": {
"line_hashes": [
"82383509994944209197550046869742228831",
"92736127983341831571401450139155350602",
"11178458602711922477761236377671491738",
"218593904282397687475559102996718449354",
"163959190879765981841303926269514662985",
"229395446405442564238235676967819175315",
"69872619935661865626078323738185575240",
"176760729794269842001035921457772591482",
"180111467092620191187509636909841449915",
"231554190964722082970558902036937057288",
"209123422967229645531423107889931090188",
"224765289385384294407017732659433291177",
"17687126784026348192855174961885991782",
"189531952909343160028141470373618825497",
"244758599954022578569552642200938371143",
"243445143413923747903612479158629299082",
"229312143133866111910960041947068522991",
"223098270538101092763464501278079255337",
"177850502028062498000214868692648001981",
"25034569560734105328920507087347052786",
"53072638448672322689479527507176646283",
"111586911541459156417573305324852249917",
"332800826803127257022304227152783767803"
],
"threshold": 0.9
},
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/base/+/da4b7509afc15cda9195501b41ecc6c5a0670c19",
"deprecated": false,
"signature_type": "Line",
"id": "ASB-A-341680936-deeae657"
}
]
}platform/frameworks/base
Package
- Name
- platform/frameworks/base
Ecosystem specific
{
"spl": "2025-03-01",
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/3ebd6405d2e87e6df0887d76470e4b7504bd3a4d"
],
"severity": "High",
"types": [
"EoP"
],
"vanir_signatures": [
{
"target": {
"file": "packages/ExternalStorageProvider/src/com/android/externalstorage/ExternalStorageProvider.java"
},
"digest": {
"line_hashes": [
"82383509994944209197550046869742228831",
"92736127983341831571401450139155350602",
"11178458602711922477761236377671491738",
"218593904282397687475559102996718449354",
"163959190879765981841303926269514662985",
"229395446405442564238235676967819175315",
"69872619935661865626078323738185575240",
"176760729794269842001035921457772591482",
"180111467092620191187509636909841449915",
"231554190964722082970558902036937057288",
"209123422967229645531423107889931090188",
"224765289385384294407017732659433291177",
"17687126784026348192855174961885991782",
"189531952909343160028141470373618825497",
"244758599954022578569552642200938371143",
"243445143413923747903612479158629299082",
"229312143133866111910960041947068522991",
"223098270538101092763464501278079255337",
"177850502028062498000214868692648001981",
"25034569560734105328920507087347052786",
"53072638448672322689479527507176646283",
"111586911541459156417573305324852249917",
"332800826803127257022304227152783767803"
],
"threshold": 0.9
},
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/base/+/3ebd6405d2e87e6df0887d76470e4b7504bd3a4d",
"deprecated": false,
"signature_type": "Line",
"id": "ASB-A-341680936-5f90f593"
},
{
"target": {
"function": "shouldHideDocument",
"file": "packages/ExternalStorageProvider/src/com/android/externalstorage/ExternalStorageProvider.java"
},
"digest": {
"length": 207.0,
"function_hash": "297717396204470872634311050904808164171"
},
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/base/+/3ebd6405d2e87e6df0887d76470e4b7504bd3a4d",
"deprecated": false,
"signature_type": "Function",
"id": "ASB-A-341680936-983dff61"
}
]
}platform/frameworks/base
Package
- Name
- platform/frameworks/base
Ecosystem specific
{
"spl": "2025-03-01",
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/7f1bc271379d97bed56e33f8470992d38bce5531"
],
"severity": "High",
"types": [
"EoP"
],
"vanir_signatures": [
{
"target": {
"file": "packages/ExternalStorageProvider/src/com/android/externalstorage/ExternalStorageProvider.java"
},
"digest": {
"line_hashes": [
"82383509994944209197550046869742228831",
"92736127983341831571401450139155350602",
"11178458602711922477761236377671491738",
"218593904282397687475559102996718449354",
"163959190879765981841303926269514662985",
"229395446405442564238235676967819175315",
"69872619935661865626078323738185575240",
"176760729794269842001035921457772591482",
"180111467092620191187509636909841449915",
"231554190964722082970558902036937057288",
"209123422967229645531423107889931090188",
"224765289385384294407017732659433291177",
"17687126784026348192855174961885991782",
"189531952909343160028141470373618825497",
"244758599954022578569552642200938371143",
"243445143413923747903612479158629299082",
"229312143133866111910960041947068522991",
"223098270538101092763464501278079255337",
"177850502028062498000214868692648001981",
"25034569560734105328920507087347052786",
"53072638448672322689479527507176646283",
"111586911541459156417573305324852249917",
"332800826803127257022304227152783767803"
],
"threshold": 0.9
},
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/base/+/7f1bc271379d97bed56e33f8470992d38bce5531",
"deprecated": false,
"signature_type": "Line",
"id": "ASB-A-341680936-03fb263a"
},
{
"target": {
"function": "shouldHideDocument",
"file": "packages/ExternalStorageProvider/src/com/android/externalstorage/ExternalStorageProvider.java"
},
"digest": {
"length": 207.0,
"function_hash": "297717396204470872634311050904808164171"
},
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/base/+/7f1bc271379d97bed56e33f8470992d38bce5531",
"deprecated": false,
"signature_type": "Function",
"id": "ASB-A-341680936-d21eec5b"
}
]
}platform/frameworks/base
Package
- Name
- platform/frameworks/base
Ecosystem specific
{
"spl": "2025-03-01",
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/c984c3b842c2b458db2f1a29574af1d137f28143"
],
"severity": "High",
"types": [
"EoP"
],
"vanir_signatures": [
{
"target": {
"file": "packages/ExternalStorageProvider/src/com/android/externalstorage/ExternalStorageProvider.java"
},
"digest": {
"line_hashes": [
"82383509994944209197550046869742228831",
"92736127983341831571401450139155350602",
"11178458602711922477761236377671491738",
"218593904282397687475559102996718449354",
"163959190879765981841303926269514662985",
"229395446405442564238235676967819175315",
"69872619935661865626078323738185575240",
"176760729794269842001035921457772591482",
"180111467092620191187509636909841449915",
"231554190964722082970558902036937057288",
"209123422967229645531423107889931090188",
"224765289385384294407017732659433291177",
"17687126784026348192855174961885991782",
"189531952909343160028141470373618825497",
"244758599954022578569552642200938371143",
"243445143413923747903612479158629299082",
"229312143133866111910960041947068522991",
"223098270538101092763464501278079255337",
"177850502028062498000214868692648001981",
"25034569560734105328920507087347052786",
"53072638448672322689479527507176646283",
"111586911541459156417573305324852249917",
"332800826803127257022304227152783767803"
],
"threshold": 0.9
},
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/base/+/c984c3b842c2b458db2f1a29574af1d137f28143",
"deprecated": false,
"signature_type": "Line",
"id": "ASB-A-341680936-a468dd1b"
},
{
"target": {
"function": "shouldHideDocument",
"file": "packages/ExternalStorageProvider/src/com/android/externalstorage/ExternalStorageProvider.java"
},
"digest": {
"length": 207.0,
"function_hash": "297717396204470872634311050904808164171"
},
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/base/+/c984c3b842c2b458db2f1a29574af1d137f28143",
"deprecated": false,
"signature_type": "Function",
"id": "ASB-A-341680936-af220e70"
}
]
}