In AddSupervisedUserActivity, guest users are not prevented from starting the activity due to missing permissions checks. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
{ "vanir_signatures": [ { "digest": { "length": 307.0, "function_hash": "152032311291223134051207966755248074620" }, "id": "ASB-A-249057848-37f021ed", "source": "https://android.googlesource.com/platform/packages/apps/Settings/+/ee476cab1832f7aaa1b0dba429012ee7e15163b9", "deprecated": false, "signature_version": "v1", "target": { "file": "src/com/android/settings/users/AddSupervisedUserActivity.java", "function": "createUserAsync" }, "signature_type": "Function" }, { "digest": { "length": 372.0, "function_hash": "125448046524385430546644897797624735976" }, "id": "ASB-A-249057848-3e9977e7", "source": "https://android.googlesource.com/platform/packages/apps/Settings/+/ee476cab1832f7aaa1b0dba429012ee7e15163b9", "deprecated": false, "signature_version": "v1", "target": { "file": "src/com/android/settings/users/UserSettings.java", "function": "onAddSupervisedUserClicked" }, "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "79696630694058341520977792996687278567", "210224602416366609415369919527607943644", "20784868880650158563581677206695775308", "10675202281971526141278686275591364772", "57575771666957091292195481595775483083", "250183057479608523356918100036816802086", "121758150281084159141184460328217905460", "140620219488231434920834368405697736389" ] }, "id": "ASB-A-249057848-4e6837e2", "source": "https://android.googlesource.com/platform/packages/apps/Settings/+/ee476cab1832f7aaa1b0dba429012ee7e15163b9", "deprecated": false, "signature_version": "v1", "target": { "file": "src/com/android/settings/users/UserSettings.java" }, "signature_type": "Line" }, { "digest": { "length": 730.0, "function_hash": "222513770788736878613687022768572034034" }, "id": "ASB-A-249057848-8b4a5bbb", "source": "https://android.googlesource.com/platform/packages/apps/Settings/+/ee476cab1832f7aaa1b0dba429012ee7e15163b9", "deprecated": false, "signature_version": "v1", "target": { "file": "src/com/android/settings/users/AddSupervisedUserActivity.java", "function": "createUser" }, "signature_type": "Function" }, { "digest": { "length": 292.0, "function_hash": "268736349178251010256568304349474934258" }, "id": "ASB-A-249057848-b58409ba", "source": "https://android.googlesource.com/platform/packages/apps/Settings/+/ee476cab1832f7aaa1b0dba429012ee7e15163b9", "deprecated": false, "signature_version": "v1", "target": { "file": "src/com/android/settings/users/AddSupervisedUserActivity.java", "function": "onCreate" }, "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "305873569609393846976616465235695245990", "55138052067469463587091833971365160996", "295501762730910254957270930728965558374", "310447235855845337269600757385684865488", "316929078201520097648999636004306168312", "263336139629658685906512687479680636794", "119253055156991849443775449131393798094", "165024262257007326680262366270342439203", "286728897412480087728880212970477927480", "327360636722530481084654956531529983446", "124831910276810722588311809849406136998", "310761244311916668487102395423239396077", "285136906999233034898236810202282342786", "254087369534004667671163056790355454758", "240886723290893535789825438021994498998", "32020699032312066249858967478062568919", "318937117251383544559884429704677332209", "91635293276924158824521545354876235583", "116309551459179584818023529644986747148", "338935267596342727930650058580636542762", "154394391390259868051070678380187247823", "312276352317469461793232791149295250090", "259854547474692127951162518493643506446", "274227438741446204047444054290005117009", "301987041770641061430832879529083197642", "155437188570057364309689488068997234786", "171415879930543071547424728043069074183", "28070901752357985799957797377811542299", "186301567133147952765037437363013760713", "252971720685703378361053281434971953533", "299619311643994885376526179099972328998", "215984883274265393776894974127866280770", "61717884555751813200057634374613312471", "309439692483558489052802015358687542486", "273078863237475930825877701501525914421", "138204054951225578328461863910938816447", "237126774763249863889191768320048987719", "200240324290241502481761404164596526721", "135149538864745751837619296334549960606", "330075924151724677572669678234682604663", "6466666301955282490205082652925821154", "133955896147975316507061704885389211556", "217523373156665695230874744526583691999", "110151920042906070396915185523784718908", "323309029648952384507727870040631907263", "146616043827720205081856815355772846714", "216411984308718542887038292562589040297", "55122642808595003733947937090677864230", "62639341129858120831674500399011926031", "150908306846295010936230764330771784740", "228913705735766828537383401754552632579", "313578643251578201108126858367964752664", "46405445752877418809147913126693758040", "135088653753125215584179356624558428745", "289582253109813654505228092403789073626", "153639385889078851469780207637406655777", "244125084856819352952595829882912148068" ] }, "id": "ASB-A-249057848-e7d18a9b", "source": "https://android.googlesource.com/platform/packages/apps/Settings/+/ee476cab1832f7aaa1b0dba429012ee7e15163b9", "deprecated": false, "signature_version": "v1", "target": { "file": "src/com/android/settings/users/AddSupervisedUserActivity.java" }, "signature_type": "Line" } ], "fixes": [ "https://android.googlesource.com/platform/packages/apps/Settings/+/ee476cab1832f7aaa1b0dba429012ee7e15163b9" ], "spl": "2023-03-01", "severity": "High", "types": [ "EoP" ] }
{ "vanir_signatures": [ { "digest": { "length": 372.0, "function_hash": "125448046524385430546644897797624735976" }, "id": "ASB-A-249057848-28df6766", "source": "https://android.googlesource.com/platform/packages/apps/Settings/+/ee476cab1832f7aaa1b0dba429012ee7e15163b9", "deprecated": false, "signature_version": "v1", "target": { "file": "src/com/android/settings/users/UserSettings.java", "function": "onAddSupervisedUserClicked" }, "signature_type": "Function" }, { "digest": { "length": 730.0, "function_hash": "222513770788736878613687022768572034034" }, "id": "ASB-A-249057848-409c32b7", "source": "https://android.googlesource.com/platform/packages/apps/Settings/+/ee476cab1832f7aaa1b0dba429012ee7e15163b9", "deprecated": false, "signature_version": "v1", "target": { "file": "src/com/android/settings/users/AddSupervisedUserActivity.java", "function": "createUser" }, "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "305873569609393846976616465235695245990", "55138052067469463587091833971365160996", "295501762730910254957270930728965558374", "310447235855845337269600757385684865488", "316929078201520097648999636004306168312", "263336139629658685906512687479680636794", "119253055156991849443775449131393798094", "165024262257007326680262366270342439203", "286728897412480087728880212970477927480", "327360636722530481084654956531529983446", "124831910276810722588311809849406136998", "310761244311916668487102395423239396077", "285136906999233034898236810202282342786", "254087369534004667671163056790355454758", "240886723290893535789825438021994498998", "32020699032312066249858967478062568919", "318937117251383544559884429704677332209", "91635293276924158824521545354876235583", "116309551459179584818023529644986747148", "338935267596342727930650058580636542762", "154394391390259868051070678380187247823", "312276352317469461793232791149295250090", "259854547474692127951162518493643506446", "274227438741446204047444054290005117009", "301987041770641061430832879529083197642", "155437188570057364309689488068997234786", "171415879930543071547424728043069074183", "28070901752357985799957797377811542299", "186301567133147952765037437363013760713", "252971720685703378361053281434971953533", "299619311643994885376526179099972328998", "215984883274265393776894974127866280770", "61717884555751813200057634374613312471", "309439692483558489052802015358687542486", "273078863237475930825877701501525914421", "138204054951225578328461863910938816447", "237126774763249863889191768320048987719", "200240324290241502481761404164596526721", "135149538864745751837619296334549960606", "330075924151724677572669678234682604663", "6466666301955282490205082652925821154", "133955896147975316507061704885389211556", "217523373156665695230874744526583691999", "110151920042906070396915185523784718908", "323309029648952384507727870040631907263", "146616043827720205081856815355772846714", "216411984308718542887038292562589040297", "55122642808595003733947937090677864230", "62639341129858120831674500399011926031", "150908306846295010936230764330771784740", "228913705735766828537383401754552632579", "313578643251578201108126858367964752664", "46405445752877418809147913126693758040", "135088653753125215584179356624558428745", "289582253109813654505228092403789073626", "153639385889078851469780207637406655777", "244125084856819352952595829882912148068" ] }, "id": "ASB-A-249057848-4e4f292e", "source": "https://android.googlesource.com/platform/packages/apps/Settings/+/ee476cab1832f7aaa1b0dba429012ee7e15163b9", "deprecated": false, "signature_version": "v1", "target": { "file": "src/com/android/settings/users/AddSupervisedUserActivity.java" }, "signature_type": "Line" }, { "digest": { "threshold": 0.9, "line_hashes": [ "79696630694058341520977792996687278567", "210224602416366609415369919527607943644", "20784868880650158563581677206695775308", "10675202281971526141278686275591364772", "57575771666957091292195481595775483083", "250183057479608523356918100036816802086", "121758150281084159141184460328217905460", "140620219488231434920834368405697736389" ] }, "id": "ASB-A-249057848-9096ed5b", "source": "https://android.googlesource.com/platform/packages/apps/Settings/+/ee476cab1832f7aaa1b0dba429012ee7e15163b9", "deprecated": false, "signature_version": "v1", "target": { "file": "src/com/android/settings/users/UserSettings.java" }, "signature_type": "Line" }, { "digest": { "length": 292.0, "function_hash": "268736349178251010256568304349474934258" }, "id": "ASB-A-249057848-a0f083f2", "source": "https://android.googlesource.com/platform/packages/apps/Settings/+/ee476cab1832f7aaa1b0dba429012ee7e15163b9", "deprecated": false, "signature_version": "v1", "target": { "file": "src/com/android/settings/users/AddSupervisedUserActivity.java", "function": "onCreate" }, "signature_type": "Function" }, { "digest": { "length": 307.0, "function_hash": "152032311291223134051207966755248074620" }, "id": "ASB-A-249057848-f73bf1c9", "source": "https://android.googlesource.com/platform/packages/apps/Settings/+/ee476cab1832f7aaa1b0dba429012ee7e15163b9", "deprecated": false, "signature_version": "v1", "target": { "file": "src/com/android/settings/users/AddSupervisedUserActivity.java", "function": "createUserAsync" }, "signature_type": "Function" } ], "fixes": [ "https://android.googlesource.com/platform/packages/apps/Settings/+/ee476cab1832f7aaa1b0dba429012ee7e15163b9" ], "spl": "2023-03-01", "severity": "High", "types": [ "EoP" ] }