In setMimeGroup of PackageManagerService.java, there is a possible crash loop due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
{ "vanir_signatures": [ { "digest": { "length": 317.0, "function_hash": "31294280568095720688979848123695635954" }, "id": "ASB-A-237291548-689c4142", "source": "https://android.googlesource.com/platform/frameworks/base/+/3ae3406b9706163073c282a8c4081faa32b606b2", "deprecated": false, "signature_version": "v1", "target": { "file": "services/core/java/com/android/server/pm/PackageSetting.java", "function": "setMimeGroup" }, "signature_type": "Function" }, { "digest": { "length": 316.0, "function_hash": "202065779681697887785813066323970793223" }, "id": "ASB-A-237291548-ba2b806d", "source": "https://android.googlesource.com/platform/frameworks/base/+/3ae3406b9706163073c282a8c4081faa32b606b2", "deprecated": false, "signature_version": "v1", "target": { "file": "core/java/android/content/pm/parsing/ParsingPackageImpl.java", "function": "addMimeGroupsFromComponent" }, "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "210117540197020962776174345141686794756", "51948642604148014640836092643697507414", "205660664688970755346070621134153847103", "324953582019310280159648579909534960723", "168716818758968046758879954649936712896", "263769921199745771593932276872398587482", "138999065848375296537325993490030824046", "18609215631312155583475013314785796946", "45662474198648549860772589265018421783" ] }, "id": "ASB-A-237291548-c71da7fd", "source": "https://android.googlesource.com/platform/frameworks/base/+/3ae3406b9706163073c282a8c4081faa32b606b2", "deprecated": false, "signature_version": "v1", "target": { "file": "services/core/java/com/android/server/pm/PackageSetting.java" }, "signature_type": "Line" }, { "digest": { "threshold": 0.9, "line_hashes": [ "268500064949724540646062464114540390285", "26624114904077745128475869533242173201", "92274285989282330413503189164061015917", "299560997409615174173387235143639540568" ] }, "id": "ASB-A-237291548-d786b0db", "source": "https://android.googlesource.com/platform/frameworks/base/+/3ae3406b9706163073c282a8c4081faa32b606b2", "deprecated": false, "signature_version": "v1", "target": { "file": "core/java/android/content/pm/parsing/ParsingPackageImpl.java" }, "signature_type": "Line" } ], "fixes": [ "https://android.googlesource.com/platform/frameworks/base/+/3ae3406b9706163073c282a8c4081faa32b606b2" ], "spl": "2023-01-01", "severity": "High", "types": [ "DoS" ] }
{ "vanir_signatures": [ { "digest": { "length": 317.0, "function_hash": "31294280568095720688979848123695635954" }, "id": "ASB-A-237291548-a7eb5b93", "source": "https://android.googlesource.com/platform/frameworks/base/+/3ae3406b9706163073c282a8c4081faa32b606b2", "deprecated": false, "signature_version": "v1", "target": { "file": "services/core/java/com/android/server/pm/PackageSetting.java", "function": "setMimeGroup" }, "signature_type": "Function" }, { "digest": { "length": 316.0, "function_hash": "202065779681697887785813066323970793223" }, "id": "ASB-A-237291548-ed09d6bb", "source": "https://android.googlesource.com/platform/frameworks/base/+/3ae3406b9706163073c282a8c4081faa32b606b2", "deprecated": false, "signature_version": "v1", "target": { "file": "core/java/android/content/pm/parsing/ParsingPackageImpl.java", "function": "addMimeGroupsFromComponent" }, "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "210117540197020962776174345141686794756", "51948642604148014640836092643697507414", "205660664688970755346070621134153847103", "324953582019310280159648579909534960723", "168716818758968046758879954649936712896", "263769921199745771593932276872398587482", "138999065848375296537325993490030824046", "18609215631312155583475013314785796946", "45662474198648549860772589265018421783" ] }, "id": "ASB-A-237291548-f3d932d4", "source": "https://android.googlesource.com/platform/frameworks/base/+/3ae3406b9706163073c282a8c4081faa32b606b2", "deprecated": false, "signature_version": "v1", "target": { "file": "services/core/java/com/android/server/pm/PackageSetting.java" }, "signature_type": "Line" }, { "digest": { "threshold": 0.9, "line_hashes": [ "268500064949724540646062464114540390285", "26624114904077745128475869533242173201", "92274285989282330413503189164061015917", "299560997409615174173387235143639540568" ] }, "id": "ASB-A-237291548-f4880bde", "source": "https://android.googlesource.com/platform/frameworks/base/+/3ae3406b9706163073c282a8c4081faa32b606b2", "deprecated": false, "signature_version": "v1", "target": { "file": "core/java/android/content/pm/parsing/ParsingPackageImpl.java" }, "signature_type": "Line" } ], "fixes": [ "https://android.googlesource.com/platform/frameworks/base/+/3ae3406b9706163073c282a8c4081faa32b606b2" ], "spl": "2023-01-01", "severity": "High", "types": [ "DoS" ] }
{ "vanir_signatures": [ { "digest": { "threshold": 0.9, "line_hashes": [ "268500064949724540646062464114540390285", "26624114904077745128475869533242173201", "92274285989282330413503189164061015917", "299560997409615174173387235143639540568" ] }, "id": "ASB-A-237291548-8a2dd490", "source": "https://android.googlesource.com/platform/frameworks/base/+/3ae3406b9706163073c282a8c4081faa32b606b2", "deprecated": false, "signature_version": "v1", "target": { "file": "core/java/android/content/pm/parsing/ParsingPackageImpl.java" }, "signature_type": "Line" }, { "digest": { "threshold": 0.9, "line_hashes": [ "210117540197020962776174345141686794756", "51948642604148014640836092643697507414", "205660664688970755346070621134153847103", "324953582019310280159648579909534960723", "168716818758968046758879954649936712896", "263769921199745771593932276872398587482", "138999065848375296537325993490030824046", "18609215631312155583475013314785796946", "45662474198648549860772589265018421783" ] }, "id": "ASB-A-237291548-b3915c0c", "source": "https://android.googlesource.com/platform/frameworks/base/+/3ae3406b9706163073c282a8c4081faa32b606b2", "deprecated": false, "signature_version": "v1", "target": { "file": "services/core/java/com/android/server/pm/PackageSetting.java" }, "signature_type": "Line" }, { "digest": { "length": 316.0, "function_hash": "202065779681697887785813066323970793223" }, "id": "ASB-A-237291548-c4ab7d17", "source": "https://android.googlesource.com/platform/frameworks/base/+/3ae3406b9706163073c282a8c4081faa32b606b2", "deprecated": false, "signature_version": "v1", "target": { "file": "core/java/android/content/pm/parsing/ParsingPackageImpl.java", "function": "addMimeGroupsFromComponent" }, "signature_type": "Function" }, { "digest": { "length": 317.0, "function_hash": "31294280568095720688979848123695635954" }, "id": "ASB-A-237291548-f4cabb5a", "source": "https://android.googlesource.com/platform/frameworks/base/+/3ae3406b9706163073c282a8c4081faa32b606b2", "deprecated": false, "signature_version": "v1", "target": { "file": "services/core/java/com/android/server/pm/PackageSetting.java", "function": "setMimeGroup" }, "signature_type": "Function" } ], "fixes": [ "https://android.googlesource.com/platform/frameworks/base/+/3ae3406b9706163073c282a8c4081faa32b606b2" ], "spl": "2023-01-01", "severity": "High", "types": [ "DoS" ] }
{ "vanir_signatures": [ { "digest": { "threshold": 0.9, "line_hashes": [ "30191055480106049056194993607327286067", "235517960090223571636718062440552614181", "216759619484409388256620291861940690518", "104557313668973816637947214172574763342", "103285123252883016128370700089612069848", "40422005414379151854055239047501645629", "142335569646864487747916674092376756427", "72148826583482198240471094835286963418" ] }, "id": "ASB-A-237291548-01fae89c", "source": "https://android.googlesource.com/platform/frameworks/base/+/9bdd9d274ac4ce77c0e8d649141ceea115b1ddbe", "deprecated": false, "signature_version": "v1", "target": { "file": "services/core/java/com/android/server/pm/PackageManagerService.java" }, "signature_type": "Line" }, { "digest": { "length": 331.0, "function_hash": "148266663536872324377172180670057155510" }, "id": "ASB-A-237291548-47429be2", "source": "https://android.googlesource.com/platform/frameworks/base/+/9bdd9d274ac4ce77c0e8d649141ceea115b1ddbe", "deprecated": false, "signature_version": "v1", "target": { "file": "services/core/java/com/android/server/pm/pkg/parsing/ParsingPackageImpl.java", "function": "addMimeGroupsFromComponent" }, "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "137761287683874598681207440966679683877", "76808855365938853381443151439566633942", "196329875820618050054266383821986722653", "299560997409615174173387235143639540568" ] }, "id": "ASB-A-237291548-4d32c240", "source": "https://android.googlesource.com/platform/frameworks/base/+/9bdd9d274ac4ce77c0e8d649141ceea115b1ddbe", "deprecated": false, "signature_version": "v1", "target": { "file": "services/core/java/com/android/server/pm/pkg/parsing/ParsingPackageImpl.java" }, "signature_type": "Line" }, { "digest": { "length": 820.0, "function_hash": "90756472752520483266498494755315935828" }, "id": "ASB-A-237291548-b780fc64", "source": "https://android.googlesource.com/platform/frameworks/base/+/9bdd9d274ac4ce77c0e8d649141ceea115b1ddbe", "deprecated": false, "signature_version": "v1", "target": { "file": "services/core/java/com/android/server/pm/PackageManagerService.java", "function": "setMimeGroup" }, "signature_type": "Function" } ], "fixes": [ "https://android.googlesource.com/platform/frameworks/base/+/9bdd9d274ac4ce77c0e8d649141ceea115b1ddbe" ], "spl": "2023-01-01", "severity": "High", "types": [ "DoS" ] }