In checkSlicePermission of SliceManagerService.java, it is possible to access any slice URI due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
{ "vanir_signatures": [ { "digest": { "threshold": 0.9, "line_hashes": [ "226760433165813380990153619519066009195", "198238097207668302298535804286695971443", "747526148792920550608566485759371786", "194663801245171228071477207088008390990" ] }, "id": "ASB-A-179699767-0b3f8e3a", "source": "https://android.googlesource.com/platform/frameworks/base/+/3c92d74d7d74e1d781ae1b071da97b3b2cbc6be9", "deprecated": false, "signature_version": "v1", "target": { "file": "services/core/java/com/android/server/slice/SliceManagerService.java" }, "signature_type": "Line" }, { "digest": { "length": 1170.0, "function_hash": "170738253548447665571067266136931173848" }, "id": "ASB-A-179699767-5eb47681", "source": "https://android.googlesource.com/platform/frameworks/base/+/3c92d74d7d74e1d781ae1b071da97b3b2cbc6be9", "deprecated": false, "signature_version": "v1", "target": { "file": "services/core/java/com/android/server/slice/SliceManagerService.java", "function": "checkSlicePermission" }, "signature_type": "Function" } ], "fixes": [ "https://android.googlesource.com/platform/frameworks/base/+/3c92d74d7d74e1d781ae1b071da97b3b2cbc6be9" ], "spl": "2022-05-01", "severity": "High", "types": [ "EoP" ] }
{ "vanir_signatures": [ { "digest": { "threshold": 0.9, "line_hashes": [ "226760433165813380990153619519066009195", "198238097207668302298535804286695971443", "747526148792920550608566485759371786", "194663801245171228071477207088008390990" ] }, "id": "ASB-A-179699767-502ce88c", "source": "https://android.googlesource.com/platform/frameworks/base/+/3c92d74d7d74e1d781ae1b071da97b3b2cbc6be9", "deprecated": false, "signature_version": "v1", "target": { "file": "services/core/java/com/android/server/slice/SliceManagerService.java" }, "signature_type": "Line" }, { "digest": { "length": 1170.0, "function_hash": "170738253548447665571067266136931173848" }, "id": "ASB-A-179699767-ce57a002", "source": "https://android.googlesource.com/platform/frameworks/base/+/3c92d74d7d74e1d781ae1b071da97b3b2cbc6be9", "deprecated": false, "signature_version": "v1", "target": { "file": "services/core/java/com/android/server/slice/SliceManagerService.java", "function": "checkSlicePermission" }, "signature_type": "Function" } ], "fixes": [ "https://android.googlesource.com/platform/frameworks/base/+/3c92d74d7d74e1d781ae1b071da97b3b2cbc6be9" ], "spl": "2022-05-01", "severity": "High", "types": [ "EoP" ] }
{ "vanir_signatures": [ { "digest": { "length": 1170.0, "function_hash": "170738253548447665571067266136931173848" }, "id": "ASB-A-179699767-85f258bf", "source": "https://android.googlesource.com/platform/frameworks/base/+/3c92d74d7d74e1d781ae1b071da97b3b2cbc6be9", "deprecated": false, "signature_version": "v1", "target": { "file": "services/core/java/com/android/server/slice/SliceManagerService.java", "function": "checkSlicePermission" }, "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "226760433165813380990153619519066009195", "198238097207668302298535804286695971443", "747526148792920550608566485759371786", "194663801245171228071477207088008390990" ] }, "id": "ASB-A-179699767-f0c53c2f", "source": "https://android.googlesource.com/platform/frameworks/base/+/3c92d74d7d74e1d781ae1b071da97b3b2cbc6be9", "deprecated": false, "signature_version": "v1", "target": { "file": "services/core/java/com/android/server/slice/SliceManagerService.java" }, "signature_type": "Line" } ], "fixes": [ "https://android.googlesource.com/platform/frameworks/base/+/3c92d74d7d74e1d781ae1b071da97b3b2cbc6be9" ], "spl": "2022-05-01", "severity": "High", "types": [ "EoP" ] }
{ "vanir_signatures": [ { "digest": { "length": 1170.0, "function_hash": "170738253548447665571067266136931173848" }, "id": "ASB-A-179699767-226df259", "source": "https://android.googlesource.com/platform/frameworks/base/+/3c92d74d7d74e1d781ae1b071da97b3b2cbc6be9", "deprecated": false, "signature_version": "v1", "target": { "file": "services/core/java/com/android/server/slice/SliceManagerService.java", "function": "checkSlicePermission" }, "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "226760433165813380990153619519066009195", "198238097207668302298535804286695971443", "747526148792920550608566485759371786", "194663801245171228071477207088008390990" ] }, "id": "ASB-A-179699767-5d4522b2", "source": "https://android.googlesource.com/platform/frameworks/base/+/3c92d74d7d74e1d781ae1b071da97b3b2cbc6be9", "deprecated": false, "signature_version": "v1", "target": { "file": "services/core/java/com/android/server/slice/SliceManagerService.java" }, "signature_type": "Line" } ], "fixes": [ "https://android.googlesource.com/platform/frameworks/base/+/3c92d74d7d74e1d781ae1b071da97b3b2cbc6be9" ], "spl": "2022-05-01", "severity": "High", "types": [ "EoP" ] }