In writeApplicationRestrictionsLAr of UserManagerService.java, there is a possible overwrite of system files due to a path traversal error. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation.
{ "vanir_signatures": [ { "digest": { "threshold": 0.9, "line_hashes": [ "60676264421018491029098267007649352048", "96880129610797312730379785827976580551", "8916979314763594955163789788798071519", "190311535256337988751608138939726760505", "17941578793664301904950243975030905922", "197600117250010257420588618957093355606", "53797310922398388453958968680970082509", "17234656718489223855727244315471540302", "4494566512991468182257035036658827013", "308688002306591719534515716485546701452", "292882381086839317005526967849453008923" ] }, "id": "ASB-A-239701237-08a5238b", "source": "https://android.googlesource.com/platform/frameworks/base/+/cfcfe6ca8c545f78603c05e23687f8638fd4b51d", "deprecated": false, "signature_version": "v1", "target": { "file": "services/core/java/com/android/server/pm/UserManagerService.java" }, "signature_type": "Line" }, { "digest": { "length": 553.0, "function_hash": "3665991346729794305463037127088892183" }, "id": "ASB-A-239701237-8b04e4e2", "source": "https://android.googlesource.com/platform/frameworks/base/+/cfcfe6ca8c545f78603c05e23687f8638fd4b51d", "deprecated": false, "signature_version": "v1", "target": { "file": "services/core/java/com/android/server/pm/UserManagerService.java", "function": "setApplicationRestrictions" }, "signature_type": "Function" } ], "fixes": [ "https://android.googlesource.com/platform/frameworks/base/+/cfcfe6ca8c545f78603c05e23687f8638fd4b51d" ], "spl": "2022-12-01", "severity": "High", "types": [ "DoS" ] }
{ "vanir_signatures": [ { "digest": { "threshold": 0.9, "line_hashes": [ "60676264421018491029098267007649352048", "96880129610797312730379785827976580551", "8916979314763594955163789788798071519", "190311535256337988751608138939726760505", "17941578793664301904950243975030905922", "197600117250010257420588618957093355606", "53797310922398388453958968680970082509", "17234656718489223855727244315471540302", "4494566512991468182257035036658827013", "308688002306591719534515716485546701452", "292882381086839317005526967849453008923" ] }, "id": "ASB-A-239701237-5b74ef30", "source": "https://android.googlesource.com/platform/frameworks/base/+/cfcfe6ca8c545f78603c05e23687f8638fd4b51d", "deprecated": false, "signature_version": "v1", "target": { "file": "services/core/java/com/android/server/pm/UserManagerService.java" }, "signature_type": "Line" }, { "digest": { "length": 553.0, "function_hash": "3665991346729794305463037127088892183" }, "id": "ASB-A-239701237-feb6426a", "source": "https://android.googlesource.com/platform/frameworks/base/+/cfcfe6ca8c545f78603c05e23687f8638fd4b51d", "deprecated": false, "signature_version": "v1", "target": { "file": "services/core/java/com/android/server/pm/UserManagerService.java", "function": "setApplicationRestrictions" }, "signature_type": "Function" } ], "fixes": [ "https://android.googlesource.com/platform/frameworks/base/+/cfcfe6ca8c545f78603c05e23687f8638fd4b51d" ], "spl": "2022-12-01", "severity": "High", "types": [ "DoS" ] }
{ "vanir_signatures": [ { "digest": { "threshold": 0.9, "line_hashes": [ "8726669358009533754711768650652471102", "297095608694449044964208227087478768880", "328639330774714907100642728544503363204", "17852590006241573587183847420349458720", "180574211167961718387810598829512067092", "270447186769324840768603429604711616687", "291492784790979532703841348606774441797", "17234656718489223855727244315471540302", "4494566512991468182257035036658827013", "100067285054918524368057218554415546387", "211161732107471073183069677845043101530" ] }, "id": "ASB-A-239701237-f2c58b61", "source": "https://android.googlesource.com/platform/frameworks/base/+/1b9b59c63bffc675a042cba6cd666831abef2c3e", "deprecated": false, "signature_version": "v1", "target": { "file": "services/core/java/com/android/server/pm/UserManagerService.java" }, "signature_type": "Line" }, { "digest": { "length": 634.0, "function_hash": "23443127663564534087095444263018226139" }, "id": "ASB-A-239701237-f3d19096", "source": "https://android.googlesource.com/platform/frameworks/base/+/1b9b59c63bffc675a042cba6cd666831abef2c3e", "deprecated": false, "signature_version": "v1", "target": { "file": "services/core/java/com/android/server/pm/UserManagerService.java", "function": "setApplicationRestrictions" }, "signature_type": "Function" } ], "fixes": [ "https://android.googlesource.com/platform/frameworks/base/+/1b9b59c63bffc675a042cba6cd666831abef2c3e" ], "spl": "2022-12-01", "severity": "High", "types": [ "DoS" ] }
{ "vanir_signatures": [ { "digest": { "length": 634.0, "function_hash": "23443127663564534087095444263018226139" }, "id": "ASB-A-239701237-48c7650c", "source": "https://android.googlesource.com/platform/frameworks/base/+/1b9b59c63bffc675a042cba6cd666831abef2c3e", "deprecated": false, "signature_version": "v1", "target": { "file": "services/core/java/com/android/server/pm/UserManagerService.java", "function": "setApplicationRestrictions" }, "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "8726669358009533754711768650652471102", "297095608694449044964208227087478768880", "328639330774714907100642728544503363204", "17852590006241573587183847420349458720", "180574211167961718387810598829512067092", "270447186769324840768603429604711616687", "291492784790979532703841348606774441797", "17234656718489223855727244315471540302", "4494566512991468182257035036658827013", "100067285054918524368057218554415546387", "211161732107471073183069677845043101530" ] }, "id": "ASB-A-239701237-83f36119", "source": "https://android.googlesource.com/platform/frameworks/base/+/1b9b59c63bffc675a042cba6cd666831abef2c3e", "deprecated": false, "signature_version": "v1", "target": { "file": "services/core/java/com/android/server/pm/UserManagerService.java" }, "signature_type": "Line" } ], "fixes": [ "https://android.googlesource.com/platform/frameworks/base/+/1b9b59c63bffc675a042cba6cd666831abef2c3e" ], "spl": "2022-12-01", "severity": "High", "types": [ "DoS" ] }