ASB-A-343440463

See a problem?
Import Source
https://storage.googleapis.com/android-osv/ASB-A-343440463.json
JSON Data
https://api.osv.dev/v1/vulns/ASB-A-343440463
Aliases
  • A-343440463
  • CVE-2024-43086
Published
2024-11-01T00:00:00Z
Modified
2025-11-07T15:56:02.122943Z
Summary
[none]
Details

In validateAccountsInternal of AccountManagerService.java, there is a possible way to leak account credentials to a third party app due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

References

Affected packages

Android

platform/frameworks/base

Package

Name
platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
15-next:0
Fixed
15-next:2024-11-01

Affected versions

Other

15-next

Ecosystem specific 

{
    "types": [
        "ID"
    ],
    "spl": "2024-11-01",
    "vanir_signatures": [
        {
            "signature_type": "Function",
            "digest": {
                "function_hash": "101193414350098439995614606646394339346",
                "length": 3331.0
            },
            "target": {
                "file": "services/core/java/com/android/server/accounts/AccountManagerService.java",
                "function": "validateAccountsInternal"
            },
            "signature_version": "v1",
            "id": "ASB-A-343440463-3e2e7f42",
            "deprecated": false,
            "source": "https://android.googlesource.com/platform/frameworks/base/+/ddfc078af7e89641360b896f99af23a6b371b847"
        },
        {
            "signature_type": "Line",
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "29173051221296658536910211516454044335",
                    "184312520786542076771135869227635029727",
                    "17260541059910676630107404919963034225",
                    "7291052111595615850872169535590355287"
                ]
            },
            "target": {
                "file": "services/core/java/com/android/server/accounts/AccountManagerService.java"
            },
            "signature_version": "v1",
            "id": "ASB-A-343440463-4b98c8b4",
            "deprecated": false,
            "source": "https://android.googlesource.com/platform/frameworks/base/+/ddfc078af7e89641360b896f99af23a6b371b847"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/ddfc078af7e89641360b896f99af23a6b371b847"
    ],
    "severity": "High"
}

platform/frameworks/base

Package

Name
platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
12:0
Fixed
12:2024-11-01

Affected versions

Other

12

Ecosystem specific 

{
    "types": [
        "ID"
    ],
    "spl": "2024-11-01",
    "vanir_signatures": [
        {
            "signature_type": "Line",
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "29173051221296658536910211516454044335",
                    "184312520786542076771135869227635029727",
                    "17260541059910676630107404919963034225",
                    "7291052111595615850872169535590355287"
                ]
            },
            "target": {
                "file": "services/core/java/com/android/server/accounts/AccountManagerService.java"
            },
            "signature_version": "v1",
            "id": "ASB-A-343440463-38e08104",
            "deprecated": false,
            "source": "https://android.googlesource.com/platform/frameworks/base/+/6e25cd888a1b48bd718175e4d06e8dca0a197302"
        },
        {
            "signature_type": "Function",
            "digest": {
                "function_hash": "22297508970871024618962377483595679632",
                "length": 3140.0
            },
            "target": {
                "file": "services/core/java/com/android/server/accounts/AccountManagerService.java",
                "function": "validateAccountsInternal"
            },
            "signature_version": "v1",
            "id": "ASB-A-343440463-b0418465",
            "deprecated": false,
            "source": "https://android.googlesource.com/platform/frameworks/base/+/6e25cd888a1b48bd718175e4d06e8dca0a197302"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/6e25cd888a1b48bd718175e4d06e8dca0a197302"
    ],
    "severity": "High"
}

platform/frameworks/base

Package

Name
platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
12L:0
Fixed
12L:2024-11-01

Affected versions

Other

12L

Ecosystem specific 

{
    "types": [
        "ID"
    ],
    "spl": "2024-11-01",
    "vanir_signatures": [
        {
            "signature_type": "Line",
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "29173051221296658536910211516454044335",
                    "184312520786542076771135869227635029727",
                    "17260541059910676630107404919963034225",
                    "7291052111595615850872169535590355287"
                ]
            },
            "target": {
                "file": "services/core/java/com/android/server/accounts/AccountManagerService.java"
            },
            "signature_version": "v1",
            "id": "ASB-A-343440463-d41cca00",
            "deprecated": false,
            "source": "https://android.googlesource.com/platform/frameworks/base/+/6e25cd888a1b48bd718175e4d06e8dca0a197302"
        },
        {
            "signature_type": "Function",
            "digest": {
                "function_hash": "22297508970871024618962377483595679632",
                "length": 3140.0
            },
            "target": {
                "file": "services/core/java/com/android/server/accounts/AccountManagerService.java",
                "function": "validateAccountsInternal"
            },
            "signature_version": "v1",
            "id": "ASB-A-343440463-f487e839",
            "deprecated": false,
            "source": "https://android.googlesource.com/platform/frameworks/base/+/6e25cd888a1b48bd718175e4d06e8dca0a197302"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/6e25cd888a1b48bd718175e4d06e8dca0a197302"
    ],
    "severity": "High"
}

platform/frameworks/base

Package

Name
platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
13:0
Fixed
13:2024-11-01

Affected versions

Other

13

Ecosystem specific 

{
    "types": [
        "ID"
    ],
    "spl": "2024-11-01",
    "vanir_signatures": [
        {
            "signature_type": "Function",
            "digest": {
                "function_hash": "22297508970871024618962377483595679632",
                "length": 3140.0
            },
            "target": {
                "file": "services/core/java/com/android/server/accounts/AccountManagerService.java",
                "function": "validateAccountsInternal"
            },
            "signature_version": "v1",
            "id": "ASB-A-343440463-a4151bf9",
            "deprecated": false,
            "source": "https://android.googlesource.com/platform/frameworks/base/+/6e25cd888a1b48bd718175e4d06e8dca0a197302"
        },
        {
            "signature_type": "Line",
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "29173051221296658536910211516454044335",
                    "184312520786542076771135869227635029727",
                    "17260541059910676630107404919963034225",
                    "7291052111595615850872169535590355287"
                ]
            },
            "target": {
                "file": "services/core/java/com/android/server/accounts/AccountManagerService.java"
            },
            "signature_version": "v1",
            "id": "ASB-A-343440463-d1bb29be",
            "deprecated": false,
            "source": "https://android.googlesource.com/platform/frameworks/base/+/6e25cd888a1b48bd718175e4d06e8dca0a197302"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/6e25cd888a1b48bd718175e4d06e8dca0a197302"
    ],
    "severity": "High"
}

platform/frameworks/base

Package

Name
platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
14:0
Fixed
14:2024-11-01

Affected versions

Other

14

Ecosystem specific 

{
    "types": [
        "ID"
    ],
    "spl": "2024-11-01",
    "vanir_signatures": [
        {
            "signature_type": "Function",
            "digest": {
                "function_hash": "22297508970871024618962377483595679632",
                "length": 3140.0
            },
            "target": {
                "file": "services/core/java/com/android/server/accounts/AccountManagerService.java",
                "function": "validateAccountsInternal"
            },
            "signature_version": "v1",
            "id": "ASB-A-343440463-f60470dc",
            "deprecated": false,
            "source": "https://android.googlesource.com/platform/frameworks/base/+/6e25cd888a1b48bd718175e4d06e8dca0a197302"
        },
        {
            "signature_type": "Line",
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "29173051221296658536910211516454044335",
                    "184312520786542076771135869227635029727",
                    "17260541059910676630107404919963034225",
                    "7291052111595615850872169535590355287"
                ]
            },
            "target": {
                "file": "services/core/java/com/android/server/accounts/AccountManagerService.java"
            },
            "signature_version": "v1",
            "id": "ASB-A-343440463-fc4644cf",
            "deprecated": false,
            "source": "https://android.googlesource.com/platform/frameworks/base/+/6e25cd888a1b48bd718175e4d06e8dca0a197302"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/6e25cd888a1b48bd718175e4d06e8dca0a197302"
    ],
    "severity": "High"
}