ASB-A-360846772

See a problem?

Import Source

https://storage.googleapis.com/android-osv/ASB-A-360846772.json

JSON Data

https://api.osv.dev/v1/vulns/ASB-A-360846772

Aliases

A-360846772
CVE-2024-49744

Published

2025-01-01T00:00:00Z

Modified

2025-01-13T21:12:09.472843Z

Summary

[none]

Details

In checkKeyIntentParceledCorrectly of AccountManagerService.java, there is a possible way to bypass parcel mismatch mitigation due to unsafe deserialization. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

References

https://source.android.com/security/bulletin/2025-01-01

Affected packages

Android / platform/frameworks/base

Package

Name: platform/frameworks/base

Affected ranges

Type: ECOSYSTEM
Events: Introduced

15-next:0

Fixed

15-next:2025-01-01

Affected versions

Other

15-next

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 1207.0,
                "function_hash": "42654008527931611799120307175659008934"
            },
            "id": "ASB-A-360846772-63362f19",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/cde345a7ee06db716e613e12a2c218ce248ad1c4",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/accounts/AccountManagerService.java",
                "function": "checkKeyIntent"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "219089530623713499049496334902847425327",
                    "329309075025768325897709312986591659778",
                    "220527672182167888631904577245241154123",
                    "90971935209824799136032281832678323089",
                    "310134665289348019573443295776207167908",
                    "183727665741911375382933532227263560216",
                    "87588912116976547789634249972198598754",
                    "99698422038306338887459501266826190699",
                    "67356492251881173511098466201218255798",
                    "231996928353105831418507088913135399289",
                    "299964627292181737175367433814372302732",
                    "34854065536878502073828532078471614500",
                    "74682427995452075934116984985639812723",
                    "141524746528183037349349507410879969815",
                    "218184317616380031805766499810722778887"
                ]
            },
            "id": "ASB-A-360846772-d8faf8dc",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/cde345a7ee06db716e613e12a2c218ce248ad1c4",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/accounts/AccountManagerService.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 801.0,
                "function_hash": "48969121463080201235741379148890330042"
            },
            "id": "ASB-A-360846772-ef4cf5ef",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/cde345a7ee06db716e613e12a2c218ce248ad1c4",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/accounts/AccountManagerService.java",
                "function": "checkKeyIntentParceledCorrectly"
            },
            "signature_type": "Function"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/cde345a7ee06db716e613e12a2c218ce248ad1c4"
    ],
    "spl": "2025-01-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}

Android / platform/frameworks/base

Package

Name: platform/frameworks/base

Affected ranges

Type: ECOSYSTEM
Events: Introduced

12:0

Fixed

12:2025-01-01

Affected versions

Other

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 769.0,
                "function_hash": "203911748403559997956553553172550632524"
            },
            "id": "ASB-A-360846772-00aa2992",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/185048041e6f9d43c38829c09965e7a4740d2a6a",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/accounts/AccountManagerService.java",
                "function": "checkKeyIntentParceledCorrectly"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "219089530623713499049496334902847425327",
                    "329309075025768325897709312986591659778",
                    "220527672182167888631904577245241154123",
                    "90971935209824799136032281832678323089",
                    "285758355853553288136460222232517894852",
                    "249520830598242276603421062396672184894",
                    "118063220515672952178012219922957877184",
                    "251037986107376490436749930810932620865",
                    "235947357003513208336137268846037427206",
                    "180001126956828727498349687249486793193",
                    "303804394362158910449280446315020349913",
                    "74682427995452075934116984985639812723",
                    "141524746528183037349349507410879969815",
                    "218184317616380031805766499810722778887"
                ]
            },
            "id": "ASB-A-360846772-9a77ef56",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/185048041e6f9d43c38829c09965e7a4740d2a6a",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/accounts/AccountManagerService.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 1224.0,
                "function_hash": "300299237621674426887142308862585341570"
            },
            "id": "ASB-A-360846772-edb07268",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/185048041e6f9d43c38829c09965e7a4740d2a6a",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/accounts/AccountManagerService.java",
                "function": "checkKeyIntent"
            },
            "signature_type": "Function"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/185048041e6f9d43c38829c09965e7a4740d2a6a"
    ],
    "spl": "2025-01-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}

Android / platform/frameworks/base

Package

Name: platform/frameworks/base

Affected ranges

Type: ECOSYSTEM
Events: Introduced

12L:0

Fixed

12L:2025-01-01

Affected versions

Other

12L

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "219089530623713499049496334902847425327",
                    "329309075025768325897709312986591659778",
                    "220527672182167888631904577245241154123",
                    "90971935209824799136032281832678323089",
                    "285758355853553288136460222232517894852",
                    "249520830598242276603421062396672184894",
                    "118063220515672952178012219922957877184",
                    "251037986107376490436749930810932620865",
                    "235947357003513208336137268846037427206",
                    "180001126956828727498349687249486793193",
                    "303804394362158910449280446315020349913",
                    "74682427995452075934116984985639812723",
                    "141524746528183037349349507410879969815",
                    "218184317616380031805766499810722778887"
                ]
            },
            "id": "ASB-A-360846772-18b2f808",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/185048041e6f9d43c38829c09965e7a4740d2a6a",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/accounts/AccountManagerService.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 1224.0,
                "function_hash": "300299237621674426887142308862585341570"
            },
            "id": "ASB-A-360846772-d1a98bee",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/185048041e6f9d43c38829c09965e7a4740d2a6a",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/accounts/AccountManagerService.java",
                "function": "checkKeyIntent"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 769.0,
                "function_hash": "203911748403559997956553553172550632524"
            },
            "id": "ASB-A-360846772-fef51d74",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/185048041e6f9d43c38829c09965e7a4740d2a6a",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/accounts/AccountManagerService.java",
                "function": "checkKeyIntentParceledCorrectly"
            },
            "signature_type": "Function"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/185048041e6f9d43c38829c09965e7a4740d2a6a"
    ],
    "spl": "2025-01-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}

Android / platform/frameworks/base

Package

Name: platform/frameworks/base

Affected ranges

Type: ECOSYSTEM
Events: Introduced

15:0

Fixed

15:2025-01-01

Affected versions

Other

Ecosystem specific

{
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/0397dd35e6cc696b0ea3949c5d29f90b42a0ce59"
    ],
    "spl": "2025-01-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}

Android / platform/frameworks/base

Package

Name: platform/frameworks/base

Affected ranges

Type: ECOSYSTEM
Events: Introduced

13:0

Fixed

13:2025-01-01

Affected versions

Other

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 801.0,
                "function_hash": "48969121463080201235741379148890330042"
            },
            "id": "ASB-A-360846772-03161ec3",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/d04cea5ea08f91f55a14209c1e424e163e2d50ab",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/accounts/AccountManagerService.java",
                "function": "checkKeyIntentParceledCorrectly"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 1207.0,
                "function_hash": "42654008527931611799120307175659008934"
            },
            "id": "ASB-A-360846772-193c630f",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/d04cea5ea08f91f55a14209c1e424e163e2d50ab",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/accounts/AccountManagerService.java",
                "function": "checkKeyIntent"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "219089530623713499049496334902847425327",
                    "329309075025768325897709312986591659778",
                    "220527672182167888631904577245241154123",
                    "90971935209824799136032281832678323089",
                    "310134665289348019573443295776207167908",
                    "183727665741911375382933532227263560216",
                    "87588912116976547789634249972198598754",
                    "99698422038306338887459501266826190699",
                    "67356492251881173511098466201218255798",
                    "231996928353105831418507088913135399289",
                    "299964627292181737175367433814372302732",
                    "34854065536878502073828532078471614500",
                    "74682427995452075934116984985639812723",
                    "141524746528183037349349507410879969815",
                    "218184317616380031805766499810722778887"
                ]
            },
            "id": "ASB-A-360846772-ba26c1a8",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/d04cea5ea08f91f55a14209c1e424e163e2d50ab",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/accounts/AccountManagerService.java"
            },
            "signature_type": "Line"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/d04cea5ea08f91f55a14209c1e424e163e2d50ab"
    ],
    "spl": "2025-01-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}

Android / platform/frameworks/base

Package

Name: platform/frameworks/base

Affected ranges

Type: ECOSYSTEM
Events: Introduced

14:0

Fixed

14:2025-01-01

Affected versions

Other

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 801.0,
                "function_hash": "48969121463080201235741379148890330042"
            },
            "id": "ASB-A-360846772-2e9a1835",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/d04cea5ea08f91f55a14209c1e424e163e2d50ab",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/accounts/AccountManagerService.java",
                "function": "checkKeyIntentParceledCorrectly"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "219089530623713499049496334902847425327",
                    "329309075025768325897709312986591659778",
                    "220527672182167888631904577245241154123",
                    "90971935209824799136032281832678323089",
                    "310134665289348019573443295776207167908",
                    "183727665741911375382933532227263560216",
                    "87588912116976547789634249972198598754",
                    "99698422038306338887459501266826190699",
                    "67356492251881173511098466201218255798",
                    "231996928353105831418507088913135399289",
                    "299964627292181737175367433814372302732",
                    "34854065536878502073828532078471614500",
                    "74682427995452075934116984985639812723",
                    "141524746528183037349349507410879969815",
                    "218184317616380031805766499810722778887"
                ]
            },
            "id": "ASB-A-360846772-4454e2ac",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/d04cea5ea08f91f55a14209c1e424e163e2d50ab",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/accounts/AccountManagerService.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 1207.0,
                "function_hash": "42654008527931611799120307175659008934"
            },
            "id": "ASB-A-360846772-e0bed510",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/d04cea5ea08f91f55a14209c1e424e163e2d50ab",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/accounts/AccountManagerService.java",
                "function": "checkKeyIntent"
            },
            "signature_type": "Function"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/d04cea5ea08f91f55a14209c1e424e163e2d50ab"
    ],
    "spl": "2025-01-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}