ASB-A-250576066

See a problem?
Import Source
https://storage.googleapis.com/android-osv/ASB-A-250576066.json
JSON Data
https://api.osv.dev/v1/vulns/ASB-A-250576066
Aliases
  • A-250576066
  • CVE-2023-20930
Published
2023-05-01T00:00:00Z
Modified
2024-08-07T19:29:43.990615Z
Summary
PDoS by using dynamic shortcuts to exhaust memory
Details

In pushDynamicShortcut of ShortcutPackage.java, there is a possible way to get the device into a boot loop due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

References

Affected packages

Android / platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
13-next:0
Fixed
13-next:2023-05-01

Affected versions

Other

13-next

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "263319105436304544669465896104837762292",
                    "209433139401287827018802582806077355352",
                    "87903803937766089760555569733262964194",
                    "176777970042277569770102167999729227598",
                    "318293070038876033060965832004201044489",
                    "220930443646617294108905458302761787011",
                    "317626222385978607443868078557241336954",
                    "66687373854084663651112606406651461070",
                    "173971672301406110322133855611485683397",
                    "336404952339228199475508797695935597283",
                    "86974169324915387921699013212513577618",
                    "315191164901161336847818578323290075880",
                    "317862923198000710319511510430566844411",
                    "8308687824363671500918457600922454598",
                    "201429495463495163230532660688924447305",
                    "164883290371370547310355437226293042824",
                    "255443617585254975062586346019909869731"
                ]
            },
            "id": "ASB-A-250576066-3b2ea84b",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/a6e7958ab84edbd9e5f4653d4d1f56a7438cd7dc",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/pm/ShortcutService.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "112819135667818622446167179094097966434",
                    "305443486794261425947495537347947738044",
                    "52496095293216530187806415669181992772",
                    "273294942800010947632445066696433199181",
                    "182039256878973102887855388334708670016",
                    "213712598735335796825173873896994422015",
                    "226013295120343190781462209522498665875",
                    "68876529634684499168618134949861631031",
                    "146675904964950339001636685030019199363",
                    "193324184626042728143722075020275764",
                    "23038817158246762162577687466723167446",
                    "74235277546563375252276512014703583595",
                    "292124414530965314300501740429402732744",
                    "159891601196343205709917921063675260670",
                    "243874798345107531105067913894287967099",
                    "313530287294025289666857944009157029531",
                    "2707482573143663031893681920786570239",
                    "134894423297946876213991423773651345330",
                    "65452582583506499115640090295345008438",
                    "38257340611505229403524659553585825240",
                    "46396027059303578089109893954900213043",
                    "127447808061736971444819786883721833855",
                    "128733845685596833468573023789068192609",
                    "22607210886048257108461673154602897390",
                    "176380756201037962097357587604007030118",
                    "145473821102774981767364482628189524482",
                    "205973053757258408909553876029435734269",
                    "251152543086343203274031177235164608745",
                    "187872204431872691416818133930619955739"
                ]
            },
            "id": "ASB-A-250576066-8379bd43",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/a6e7958ab84edbd9e5f4653d4d1f56a7438cd7dc",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/pm/ShortcutPackage.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 1435.0,
                "function_hash": "219633561347647050194707406149672564765"
            },
            "id": "ASB-A-250576066-e838ea21",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/a6e7958ab84edbd9e5f4653d4d1f56a7438cd7dc",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/pm/ShortcutService.java",
                "function": "updateConfigurationLocked"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 2064.0,
                "function_hash": "138504845774840384346845059392139743860"
            },
            "id": "ASB-A-250576066-f3677138",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/a6e7958ab84edbd9e5f4653d4d1f56a7438cd7dc",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/pm/ShortcutPackage.java",
                "function": "pushDynamicShortcut"
            },
            "signature_type": "Function"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/a6e7958ab84edbd9e5f4653d4d1f56a7438cd7dc"
    ],
    "spl": "2023-05-01",
    "severity": "High",
    "types": [
        "DoS"
    ]
}

Android / platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
11:0
Fixed
11:2023-05-01

Affected versions

Other

11

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 1118.0,
                "function_hash": "97531938974707997750877757211182068554"
            },
            "id": "ASB-A-250576066-a0d978d5",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/2296ccfde0678b86f22e1da7bd57518f3bfafbba",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/pm/ShortcutPackage.java",
                "function": "pushDynamicShortcut"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "139863919492038479745206774863257480367",
                    "206323315581079548946504532864036965495",
                    "320713686089525601840439796260115321844",
                    "54504074822801364046197543760070336546",
                    "112819135667818622446167179094097966434",
                    "305443486794261425947495537347947738044",
                    "52496095293216530187806415669181992772",
                    "90043954721652029395247301710681832898",
                    "2583973546731652273985425307414353193",
                    "41405625506682932809210278687386351834",
                    "226013295120343190781462209522498665875",
                    "68876529634684499168618134949861631031",
                    "273923886341444755969076375559086187882",
                    "284616085952041963968440058155756522585",
                    "65452582583506499115640090295345008438",
                    "172532342879144110601374080233970417022",
                    "324374432826698901441158664862637118462",
                    "127447808061736971444819786883721833855",
                    "128733845685596833468573023789068192609",
                    "153163077706541616796376872791441618058",
                    "307294065339775968206176423023106608104",
                    "162029462156746683458273888147080494042",
                    "205973053757258408909553876029435734269",
                    "251152543086343203274031177235164608745",
                    "187872204431872691416818133930619955739"
                ]
            },
            "id": "ASB-A-250576066-c98524be",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/2296ccfde0678b86f22e1da7bd57518f3bfafbba",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/pm/ShortcutPackage.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 1435.0,
                "function_hash": "219633561347647050194707406149672564765"
            },
            "id": "ASB-A-250576066-db402f94",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/2296ccfde0678b86f22e1da7bd57518f3bfafbba",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/pm/ShortcutService.java",
                "function": "updateConfigurationLocked"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "263319105436304544669465896104837762292",
                    "209433139401287827018802582806077355352",
                    "87903803937766089760555569733262964194",
                    "176777970042277569770102167999729227598",
                    "318293070038876033060965832004201044489",
                    "220930443646617294108905458302761787011",
                    "317626222385978607443868078557241336954",
                    "249012837729439389713894278016821472567",
                    "173971672301406110322133855611485683397",
                    "336404952339228199475508797695935597283",
                    "86974169324915387921699013212513577618",
                    "315191164901161336847818578323290075880",
                    "317862923198000710319511510430566844411",
                    "8308687824363671500918457600922454598",
                    "241253404296607784736844515963210454506",
                    "4533706422710046450914612664722107183",
                    "81775421182764501649966897227256281070"
                ]
            },
            "id": "ASB-A-250576066-dbd33f79",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/2296ccfde0678b86f22e1da7bd57518f3bfafbba",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/pm/ShortcutService.java"
            },
            "signature_type": "Line"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/2296ccfde0678b86f22e1da7bd57518f3bfafbba"
    ],
    "spl": "2023-05-01",
    "severity": "High",
    "types": [
        "DoS"
    ]
}

Android / platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
12:0
Fixed
12:2023-05-01

Affected versions

Other

12

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "112819135667818622446167179094097966434",
                    "305443486794261425947495537347947738044",
                    "52496095293216530187806415669181992772",
                    "273294942800010947632445066696433199181",
                    "182039256878973102887855388334708670016",
                    "213712598735335796825173873896994422015",
                    "226013295120343190781462209522498665875",
                    "68876529634684499168618134949861631031",
                    "273923886341444755969076375559086187882",
                    "284616085952041963968440058155756522585",
                    "65452582583506499115640090295345008438",
                    "172532342879144110601374080233970417022",
                    "324374432826698901441158664862637118462",
                    "127447808061736971444819786883721833855",
                    "128733845685596833468573023789068192609",
                    "22607210886048257108461673154602897390",
                    "176380756201037962097357587604007030118",
                    "170383425406217083133573192457904054039",
                    "205973053757258408909553876029435734269",
                    "251152543086343203274031177235164608745",
                    "187872204431872691416818133930619955739"
                ]
            },
            "id": "ASB-A-250576066-1eb47114",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/94437e989c0391b2dbf28d33120fdc28a4ce8d4d",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/pm/ShortcutPackage.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 1475.0,
                "function_hash": "121852738350275285628229651759622807722"
            },
            "id": "ASB-A-250576066-6184fe10",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/94437e989c0391b2dbf28d33120fdc28a4ce8d4d",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/pm/ShortcutPackage.java",
                "function": "pushDynamicShortcut"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 1435.0,
                "function_hash": "219633561347647050194707406149672564765"
            },
            "id": "ASB-A-250576066-e28c9ff4",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/94437e989c0391b2dbf28d33120fdc28a4ce8d4d",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/pm/ShortcutService.java",
                "function": "updateConfigurationLocked"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "263319105436304544669465896104837762292",
                    "209433139401287827018802582806077355352",
                    "87903803937766089760555569733262964194",
                    "176777970042277569770102167999729227598",
                    "318293070038876033060965832004201044489",
                    "220930443646617294108905458302761787011",
                    "317626222385978607443868078557241336954",
                    "66687373854084663651112606406651461070",
                    "173971672301406110322133855611485683397",
                    "336404952339228199475508797695935597283",
                    "86974169324915387921699013212513577618",
                    "315191164901161336847818578323290075880",
                    "317862923198000710319511510430566844411",
                    "8308687824363671500918457600922454598",
                    "241253404296607784736844515963210454506",
                    "4533706422710046450914612664722107183",
                    "81775421182764501649966897227256281070"
                ]
            },
            "id": "ASB-A-250576066-ee21804b",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/94437e989c0391b2dbf28d33120fdc28a4ce8d4d",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/pm/ShortcutService.java"
            },
            "signature_type": "Line"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/94437e989c0391b2dbf28d33120fdc28a4ce8d4d"
    ],
    "spl": "2023-05-01",
    "severity": "High",
    "types": [
        "DoS"
    ]
}

Android / platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
12L:0
Fixed
12L:2023-05-01

Affected versions

Other

12L

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 1475.0,
                "function_hash": "121852738350275285628229651759622807722"
            },
            "id": "ASB-A-250576066-29557bcc",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/94437e989c0391b2dbf28d33120fdc28a4ce8d4d",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/pm/ShortcutPackage.java",
                "function": "pushDynamicShortcut"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "263319105436304544669465896104837762292",
                    "209433139401287827018802582806077355352",
                    "87903803937766089760555569733262964194",
                    "176777970042277569770102167999729227598",
                    "318293070038876033060965832004201044489",
                    "220930443646617294108905458302761787011",
                    "317626222385978607443868078557241336954",
                    "66687373854084663651112606406651461070",
                    "173971672301406110322133855611485683397",
                    "336404952339228199475508797695935597283",
                    "86974169324915387921699013212513577618",
                    "315191164901161336847818578323290075880",
                    "317862923198000710319511510430566844411",
                    "8308687824363671500918457600922454598",
                    "241253404296607784736844515963210454506",
                    "4533706422710046450914612664722107183",
                    "81775421182764501649966897227256281070"
                ]
            },
            "id": "ASB-A-250576066-50e13619",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/94437e989c0391b2dbf28d33120fdc28a4ce8d4d",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/pm/ShortcutService.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 1435.0,
                "function_hash": "219633561347647050194707406149672564765"
            },
            "id": "ASB-A-250576066-cb7e0b20",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/94437e989c0391b2dbf28d33120fdc28a4ce8d4d",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/pm/ShortcutService.java",
                "function": "updateConfigurationLocked"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "112819135667818622446167179094097966434",
                    "305443486794261425947495537347947738044",
                    "52496095293216530187806415669181992772",
                    "273294942800010947632445066696433199181",
                    "182039256878973102887855388334708670016",
                    "213712598735335796825173873896994422015",
                    "226013295120343190781462209522498665875",
                    "68876529634684499168618134949861631031",
                    "273923886341444755969076375559086187882",
                    "284616085952041963968440058155756522585",
                    "65452582583506499115640090295345008438",
                    "172532342879144110601374080233970417022",
                    "324374432826698901441158664862637118462",
                    "127447808061736971444819786883721833855",
                    "128733845685596833468573023789068192609",
                    "22607210886048257108461673154602897390",
                    "176380756201037962097357587604007030118",
                    "170383425406217083133573192457904054039",
                    "205973053757258408909553876029435734269",
                    "251152543086343203274031177235164608745",
                    "187872204431872691416818133930619955739"
                ]
            },
            "id": "ASB-A-250576066-d05f9c7d",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/94437e989c0391b2dbf28d33120fdc28a4ce8d4d",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/pm/ShortcutPackage.java"
            },
            "signature_type": "Line"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/94437e989c0391b2dbf28d33120fdc28a4ce8d4d"
    ],
    "spl": "2023-05-01",
    "severity": "High",
    "types": [
        "DoS"
    ]
}

Android / platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
13:0
Fixed
13:2023-05-01

Affected versions

Other

13

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 2064.0,
                "function_hash": "138504845774840384346845059392139743860"
            },
            "id": "ASB-A-250576066-65857391",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/be9d9c04db77c2ccd22ec98d257524102f2f16a5",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/pm/ShortcutPackage.java",
                "function": "pushDynamicShortcut"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "263319105436304544669465896104837762292",
                    "209433139401287827018802582806077355352",
                    "87903803937766089760555569733262964194",
                    "176777970042277569770102167999729227598",
                    "318293070038876033060965832004201044489",
                    "220930443646617294108905458302761787011",
                    "317626222385978607443868078557241336954",
                    "66687373854084663651112606406651461070",
                    "173971672301406110322133855611485683397",
                    "336404952339228199475508797695935597283",
                    "86974169324915387921699013212513577618",
                    "315191164901161336847818578323290075880",
                    "317862923198000710319511510430566844411",
                    "8308687824363671500918457600922454598",
                    "201429495463495163230532660688924447305",
                    "164883290371370547310355437226293042824",
                    "255443617585254975062586346019909869731"
                ]
            },
            "id": "ASB-A-250576066-8d7dd9b4",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/be9d9c04db77c2ccd22ec98d257524102f2f16a5",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/pm/ShortcutService.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 1435.0,
                "function_hash": "219633561347647050194707406149672564765"
            },
            "id": "ASB-A-250576066-9555501d",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/be9d9c04db77c2ccd22ec98d257524102f2f16a5",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/pm/ShortcutService.java",
                "function": "updateConfigurationLocked"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "112819135667818622446167179094097966434",
                    "305443486794261425947495537347947738044",
                    "52496095293216530187806415669181992772",
                    "273294942800010947632445066696433199181",
                    "182039256878973102887855388334708670016",
                    "213712598735335796825173873896994422015",
                    "226013295120343190781462209522498665875",
                    "68876529634684499168618134949861631031",
                    "146675904964950339001636685030019199363",
                    "193324184626042728143722075020275764",
                    "23038817158246762162577687466723167446",
                    "74235277546563375252276512014703583595",
                    "292124414530965314300501740429402732744",
                    "159891601196343205709917921063675260670",
                    "243874798345107531105067913894287967099",
                    "313530287294025289666857944009157029531",
                    "2707482573143663031893681920786570239",
                    "134894423297946876213991423773651345330",
                    "65452582583506499115640090295345008438",
                    "38257340611505229403524659553585825240",
                    "46396027059303578089109893954900213043",
                    "127447808061736971444819786883721833855",
                    "128733845685596833468573023789068192609",
                    "22607210886048257108461673154602897390",
                    "176380756201037962097357587604007030118",
                    "145473821102774981767364482628189524482",
                    "205973053757258408909553876029435734269",
                    "251152543086343203274031177235164608745",
                    "187872204431872691416818133930619955739"
                ]
            },
            "id": "ASB-A-250576066-b69a981a",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/be9d9c04db77c2ccd22ec98d257524102f2f16a5",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/pm/ShortcutPackage.java"
            },
            "signature_type": "Line"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/be9d9c04db77c2ccd22ec98d257524102f2f16a5"
    ],
    "spl": "2023-05-01",
    "severity": "High",
    "types": [
        "DoS"
    ]
}