In several functions of SnoozeHelper.java, there is a possible way to grant notifications access due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
{ "vanir_signatures": [ { "digest": { "length": 821.0, "function_hash": "159457108802835939933204168598599082997" }, "id": "ASB-A-258422365-105e539a", "source": "https://android.googlesource.com/platform/frameworks/base/+/5c4acdccf4e452b627eeb26780310fdb75a75d1d", "deprecated": false, "signature_version": "v1", "target": { "file": "services/core/java/com/android/server/notification/SnoozeHelper.java", "function": "clearData" }, "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "206011746163297305132300104186084978784", "241539067283460964491270084693296296757", "191991451895106618924309496761116815890", "184287898546220317222157868761688745274", "275084031064875680992478290601659976867", "88443025620989396663654189866201888949", "112197717982825007225355787911216728149", "119321661562151055095244265562114422223", "55227118540929058058448814210942911754", "40404519076541977670016340564362917975", "1462691159536227245047796327170328582", "69865797419674982298301031894451876657", "107876745447396953226689947565208115345", "143578509994406488141997917364780156932", "257615567132102509993123458328202807797", "1462691159536227245047796327170328582", "69865797419674982298301031894451876657", "107876745447396953226689947565208115345" ] }, "id": "ASB-A-258422365-1a8afed9", "source": "https://android.googlesource.com/platform/frameworks/base/+/5c4acdccf4e452b627eeb26780310fdb75a75d1d", "deprecated": false, "signature_version": "v1", "target": { "file": "services/core/java/com/android/server/notification/SnoozeHelper.java" }, "signature_type": "Line" }, { "digest": { "length": 749.0, "function_hash": "313894563926212627758564161787606785904" }, "id": "ASB-A-258422365-a0de5e5b", "source": "https://android.googlesource.com/platform/frameworks/base/+/5c4acdccf4e452b627eeb26780310fdb75a75d1d", "deprecated": false, "signature_version": "v1", "target": { "file": "services/core/java/com/android/server/notification/SnoozeHelper.java", "function": "clearData" }, "signature_type": "Function" }, { "digest": { "length": 161.0, "function_hash": "310474266240063358746554753379143854544" }, "id": "ASB-A-258422365-a9ab47ac", "source": "https://android.googlesource.com/platform/frameworks/base/+/5c4acdccf4e452b627eeb26780310fdb75a75d1d", "deprecated": false, "signature_version": "v1", "target": { "file": "services/core/java/com/android/server/notification/SnoozeHelper.java", "function": "getSnoozeContextForUnpostedNotification" }, "signature_type": "Function" }, { "digest": { "length": 215.0, "function_hash": "177388055190041962230635764117031089167" }, "id": "ASB-A-258422365-c8b7c387", "source": "https://android.googlesource.com/platform/frameworks/base/+/5c4acdccf4e452b627eeb26780310fdb75a75d1d", "deprecated": false, "signature_version": "v1", "target": { "file": "services/core/java/com/android/server/notification/SnoozeHelper.java", "function": "getSnoozeTimeForUnpostedNotification" }, "signature_type": "Function" } ], "fixes": [ "https://android.googlesource.com/platform/frameworks/base/+/5c4acdccf4e452b627eeb26780310fdb75a75d1d" ], "spl": "2023-05-01", "severity": "High", "types": [ "EoP" ] }
{ "vanir_signatures": [ { "digest": { "length": 298.0, "function_hash": "179712768751024727169228097046822972071" }, "id": "ASB-A-258422365-74e4cda8", "source": "https://android.googlesource.com/platform/frameworks/base/+/931093dfb41fc41659c9f2d6f76bd74e85cf1da8", "deprecated": false, "signature_version": "v1", "target": { "file": "services/core/java/com/android/server/notification/SnoozeHelper.java", "function": "getSnoozeTimeForUnpostedNotification" }, "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "188808557791150153303674507465884268646", "140647674100675573696495731562312454216", "249827259411598780524802110734816503169", "157487468691751015695604963054778856853", "879991788045211835303027405448232707", "214840239090764637954836017524842681540", "51496534472853483632034086534350144859", "224160875825442884728438083523667813340", "176235277049659247156135101294893859055", "34356618568430150796548339378553317807", "44583487309391159226351237753630801099", "231674074763218260270626935860265178589", "3036404489624116030570827699641379165", "133299138022547582026598222106355741418", "31401440915287203432696824453957196662", "337805581300870083762567328134254150049", "125281737638142811648441759182910960271", "285036999310139410942968040362157021577", "290602891257173545752238467139289915371", "294664921174415678229912484905515898893", "74279495458936760821609821329788655163", "252526685655093636312019913422936573375", "338578860196150984499846657091454351207", "219013295355096366763938351619815311009", "297524077185614968785878626764790631484", "75354462513111889104519551698780150970", "299836337748063808446164496556756088509", "53498460906247200945096950147860597530", "148410791997027194435562706885463602364", "6399668413602991100508848105403689796", "68367167882388386044168338213239908334", "148189913035040877105542052331892778733", "25520128510059115042013909881488464365" ] }, "id": "ASB-A-258422365-8c35c685", "source": "https://android.googlesource.com/platform/frameworks/base/+/931093dfb41fc41659c9f2d6f76bd74e85cf1da8", "deprecated": false, "signature_version": "v1", "target": { "file": "services/core/java/com/android/server/notification/SnoozeHelper.java" }, "signature_type": "Line" }, { "digest": { "length": 384.0, "function_hash": "68234399032875519848256920986336492113" }, "id": "ASB-A-258422365-be633837", "source": "https://android.googlesource.com/platform/frameworks/base/+/931093dfb41fc41659c9f2d6f76bd74e85cf1da8", "deprecated": false, "signature_version": "v1", "target": { "file": "services/core/java/com/android/server/notification/SnoozeHelper.java", "function": "snooze" }, "signature_type": "Function" }, { "digest": { "length": 303.0, "function_hash": "99311278616326413012635839657250076055" }, "id": "ASB-A-258422365-cb6afd48", "source": "https://android.googlesource.com/platform/frameworks/base/+/931093dfb41fc41659c9f2d6f76bd74e85cf1da8", "deprecated": false, "signature_version": "v1", "target": { "file": "services/core/java/com/android/server/notification/SnoozeHelper.java", "function": "snooze" }, "signature_type": "Function" }, { "digest": { "length": 258.0, "function_hash": "297298476576690380993301502056350580831" }, "id": "ASB-A-258422365-d37b5fef", "source": "https://android.googlesource.com/platform/frameworks/base/+/931093dfb41fc41659c9f2d6f76bd74e85cf1da8", "deprecated": false, "signature_version": "v1", "target": { "file": "services/core/java/com/android/server/notification/SnoozeHelper.java", "function": "getSnoozeContextForUnpostedNotification" }, "signature_type": "Function" }, { "digest": { "length": 854.0, "function_hash": "116020863117182769389189458339551242870" }, "id": "ASB-A-258422365-e02120bf", "source": "https://android.googlesource.com/platform/frameworks/base/+/931093dfb41fc41659c9f2d6f76bd74e85cf1da8", "deprecated": false, "signature_version": "v1", "target": { "file": "services/core/java/com/android/server/notification/SnoozeHelper.java", "function": "repost" }, "signature_type": "Function" } ], "fixes": [ "https://android.googlesource.com/platform/frameworks/base/+/931093dfb41fc41659c9f2d6f76bd74e85cf1da8" ], "spl": "2023-05-01", "severity": "High", "types": [ "EoP" ] }
{ "vanir_signatures": [ { "digest": { "length": 303.0, "function_hash": "99311278616326413012635839657250076055" }, "id": "ASB-A-258422365-49c5c8aa", "source": "https://android.googlesource.com/platform/frameworks/base/+/b8a07871459ed895fc814730e198df4a0b5860dc", "deprecated": false, "signature_version": "v1", "target": { "file": "services/core/java/com/android/server/notification/SnoozeHelper.java", "function": "snooze" }, "signature_type": "Function" }, { "digest": { "length": 298.0, "function_hash": "179712768751024727169228097046822972071" }, "id": "ASB-A-258422365-791ec02a", "source": "https://android.googlesource.com/platform/frameworks/base/+/b8a07871459ed895fc814730e198df4a0b5860dc", "deprecated": false, "signature_version": "v1", "target": { "file": "services/core/java/com/android/server/notification/SnoozeHelper.java", "function": "getSnoozeTimeForUnpostedNotification" }, "signature_type": "Function" }, { "digest": { "length": 384.0, "function_hash": "68234399032875519848256920986336492113" }, "id": "ASB-A-258422365-df8014c2", "source": "https://android.googlesource.com/platform/frameworks/base/+/b8a07871459ed895fc814730e198df4a0b5860dc", "deprecated": false, "signature_version": "v1", "target": { "file": "services/core/java/com/android/server/notification/SnoozeHelper.java", "function": "snooze" }, "signature_type": "Function" }, { "digest": { "length": 258.0, "function_hash": "297298476576690380993301502056350580831" }, "id": "ASB-A-258422365-e4745f16", "source": "https://android.googlesource.com/platform/frameworks/base/+/b8a07871459ed895fc814730e198df4a0b5860dc", "deprecated": false, "signature_version": "v1", "target": { "file": "services/core/java/com/android/server/notification/SnoozeHelper.java", "function": "getSnoozeContextForUnpostedNotification" }, "signature_type": "Function" }, { "digest": { "length": 854.0, "function_hash": "116020863117182769389189458339551242870" }, "id": "ASB-A-258422365-ed7a33dc", "source": "https://android.googlesource.com/platform/frameworks/base/+/b8a07871459ed895fc814730e198df4a0b5860dc", "deprecated": false, "signature_version": "v1", "target": { "file": "services/core/java/com/android/server/notification/SnoozeHelper.java", "function": "repost" }, "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "268038216406559524402887156480391118308", "269456018888989736138252755403548005507", "249827259411598780524802110734816503169", "157487468691751015695604963054778856853", "879991788045211835303027405448232707", "214840239090764637954836017524842681540", "51496534472853483632034086534350144859", "224160875825442884728438083523667813340", "176235277049659247156135101294893859055", "34356618568430150796548339378553317807", "44583487309391159226351237753630801099", "231674074763218260270626935860265178589", "3036404489624116030570827699641379165", "133299138022547582026598222106355741418", "31401440915287203432696824453957196662", "337805581300870083762567328134254150049", "125281737638142811648441759182910960271", "285036999310139410942968040362157021577", "290602891257173545752238467139289915371", "294664921174415678229912484905515898893", "74279495458936760821609821329788655163", "252526685655093636312019913422936573375", "338578860196150984499846657091454351207", "219013295355096366763938351619815311009", "297524077185614968785878626764790631484", "75354462513111889104519551698780150970", "299836337748063808446164496556756088509", "53498460906247200945096950147860597530", "148410791997027194435562706885463602364", "6399668413602991100508848105403689796", "68367167882388386044168338213239908334", "148189913035040877105542052331892778733", "25520128510059115042013909881488464365" ] }, "id": "ASB-A-258422365-fff9be76", "source": "https://android.googlesource.com/platform/frameworks/base/+/b8a07871459ed895fc814730e198df4a0b5860dc", "deprecated": false, "signature_version": "v1", "target": { "file": "services/core/java/com/android/server/notification/SnoozeHelper.java" }, "signature_type": "Line" } ], "fixes": [ "https://android.googlesource.com/platform/frameworks/base/+/b8a07871459ed895fc814730e198df4a0b5860dc" ], "spl": "2023-05-01", "severity": "High", "types": [ "EoP" ] }
{ "vanir_signatures": [ { "digest": { "threshold": 0.9, "line_hashes": [ "268038216406559524402887156480391118308", "269456018888989736138252755403548005507", "249827259411598780524802110734816503169", "157487468691751015695604963054778856853", "879991788045211835303027405448232707", "214840239090764637954836017524842681540", "51496534472853483632034086534350144859", "224160875825442884728438083523667813340", "176235277049659247156135101294893859055", "34356618568430150796548339378553317807", "44583487309391159226351237753630801099", "231674074763218260270626935860265178589", "3036404489624116030570827699641379165", "133299138022547582026598222106355741418", "31401440915287203432696824453957196662", "337805581300870083762567328134254150049", "125281737638142811648441759182910960271", "285036999310139410942968040362157021577", "290602891257173545752238467139289915371", "294664921174415678229912484905515898893", "74279495458936760821609821329788655163", "252526685655093636312019913422936573375", "338578860196150984499846657091454351207", "219013295355096366763938351619815311009", "297524077185614968785878626764790631484", "75354462513111889104519551698780150970", "299836337748063808446164496556756088509", "53498460906247200945096950147860597530", "148410791997027194435562706885463602364", "6399668413602991100508848105403689796", "68367167882388386044168338213239908334", "148189913035040877105542052331892778733", "25520128510059115042013909881488464365" ] }, "id": "ASB-A-258422365-39b6dfa1", "source": "https://android.googlesource.com/platform/frameworks/base/+/2a01a489c10c80f96a4291b0c901ce1e65cd4c42", "deprecated": false, "signature_version": "v1", "target": { "file": "services/core/java/com/android/server/notification/SnoozeHelper.java" }, "signature_type": "Line" }, { "digest": { "length": 384.0, "function_hash": "68234399032875519848256920986336492113" }, "id": "ASB-A-258422365-69f45313", "source": "https://android.googlesource.com/platform/frameworks/base/+/2a01a489c10c80f96a4291b0c901ce1e65cd4c42", "deprecated": false, "signature_version": "v1", "target": { "file": "services/core/java/com/android/server/notification/SnoozeHelper.java", "function": "snooze" }, "signature_type": "Function" }, { "digest": { "length": 298.0, "function_hash": "179712768751024727169228097046822972071" }, "id": "ASB-A-258422365-9b95a9c8", "source": "https://android.googlesource.com/platform/frameworks/base/+/2a01a489c10c80f96a4291b0c901ce1e65cd4c42", "deprecated": false, "signature_version": "v1", "target": { "file": "services/core/java/com/android/server/notification/SnoozeHelper.java", "function": "getSnoozeTimeForUnpostedNotification" }, "signature_type": "Function" }, { "digest": { "length": 258.0, "function_hash": "297298476576690380993301502056350580831" }, "id": "ASB-A-258422365-a919f0bc", "source": "https://android.googlesource.com/platform/frameworks/base/+/2a01a489c10c80f96a4291b0c901ce1e65cd4c42", "deprecated": false, "signature_version": "v1", "target": { "file": "services/core/java/com/android/server/notification/SnoozeHelper.java", "function": "getSnoozeContextForUnpostedNotification" }, "signature_type": "Function" }, { "digest": { "length": 854.0, "function_hash": "116020863117182769389189458339551242870" }, "id": "ASB-A-258422365-bfaedc1b", "source": "https://android.googlesource.com/platform/frameworks/base/+/2a01a489c10c80f96a4291b0c901ce1e65cd4c42", "deprecated": false, "signature_version": "v1", "target": { "file": "services/core/java/com/android/server/notification/SnoozeHelper.java", "function": "repost" }, "signature_type": "Function" }, { "digest": { "length": 303.0, "function_hash": "99311278616326413012635839657250076055" }, "id": "ASB-A-258422365-ee956237", "source": "https://android.googlesource.com/platform/frameworks/base/+/2a01a489c10c80f96a4291b0c901ce1e65cd4c42", "deprecated": false, "signature_version": "v1", "target": { "file": "services/core/java/com/android/server/notification/SnoozeHelper.java", "function": "snooze" }, "signature_type": "Function" } ], "fixes": [ "https://android.googlesource.com/platform/frameworks/base/+/2a01a489c10c80f96a4291b0c901ce1e65cd4c42" ], "spl": "2023-05-01", "severity": "High", "types": [ "EoP" ] }
{ "vanir_signatures": [ { "digest": { "length": 298.0, "function_hash": "179712768751024727169228097046822972071" }, "id": "ASB-A-258422365-31ed8742", "source": "https://android.googlesource.com/platform/frameworks/base/+/37e748ab8a38b3e1ada63ee6321eb01d264229ec", "deprecated": false, "signature_version": "v1", "target": { "file": "services/core/java/com/android/server/notification/SnoozeHelper.java", "function": "getSnoozeTimeForUnpostedNotification" }, "signature_type": "Function" }, { "digest": { "length": 384.0, "function_hash": "68234399032875519848256920986336492113" }, "id": "ASB-A-258422365-48098931", "source": "https://android.googlesource.com/platform/frameworks/base/+/37e748ab8a38b3e1ada63ee6321eb01d264229ec", "deprecated": false, "signature_version": "v1", "target": { "file": "services/core/java/com/android/server/notification/SnoozeHelper.java", "function": "snooze" }, "signature_type": "Function" }, { "digest": { "length": 303.0, "function_hash": "99311278616326413012635839657250076055" }, "id": "ASB-A-258422365-5186adb9", "source": "https://android.googlesource.com/platform/frameworks/base/+/37e748ab8a38b3e1ada63ee6321eb01d264229ec", "deprecated": false, "signature_version": "v1", "target": { "file": "services/core/java/com/android/server/notification/SnoozeHelper.java", "function": "snooze" }, "signature_type": "Function" }, { "digest": { "length": 854.0, "function_hash": "116020863117182769389189458339551242870" }, "id": "ASB-A-258422365-7a4199ac", "source": "https://android.googlesource.com/platform/frameworks/base/+/37e748ab8a38b3e1ada63ee6321eb01d264229ec", "deprecated": false, "signature_version": "v1", "target": { "file": "services/core/java/com/android/server/notification/SnoozeHelper.java", "function": "repost" }, "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "268038216406559524402887156480391118308", "269456018888989736138252755403548005507", "249827259411598780524802110734816503169", "157487468691751015695604963054778856853", "879991788045211835303027405448232707", "214840239090764637954836017524842681540", "51496534472853483632034086534350144859", "224160875825442884728438083523667813340", "176235277049659247156135101294893859055", "34356618568430150796548339378553317807", "44583487309391159226351237753630801099", "231674074763218260270626935860265178589", "3036404489624116030570827699641379165", "133299138022547582026598222106355741418", "31401440915287203432696824453957196662", "337805581300870083762567328134254150049", "125281737638142811648441759182910960271", "285036999310139410942968040362157021577", "290602891257173545752238467139289915371", "294664921174415678229912484905515898893", "74279495458936760821609821329788655163", "252526685655093636312019913422936573375", "338578860196150984499846657091454351207", "219013295355096366763938351619815311009", "297524077185614968785878626764790631484", "75354462513111889104519551698780150970", "299836337748063808446164496556756088509", "53498460906247200945096950147860597530", "148410791997027194435562706885463602364", "6399668413602991100508848105403689796", "68367167882388386044168338213239908334", "148189913035040877105542052331892778733", "25520128510059115042013909881488464365" ] }, "id": "ASB-A-258422365-8b38c1c0", "source": "https://android.googlesource.com/platform/frameworks/base/+/37e748ab8a38b3e1ada63ee6321eb01d264229ec", "deprecated": false, "signature_version": "v1", "target": { "file": "services/core/java/com/android/server/notification/SnoozeHelper.java" }, "signature_type": "Line" }, { "digest": { "length": 258.0, "function_hash": "297298476576690380993301502056350580831" }, "id": "ASB-A-258422365-e7e33c83", "source": "https://android.googlesource.com/platform/frameworks/base/+/37e748ab8a38b3e1ada63ee6321eb01d264229ec", "deprecated": false, "signature_version": "v1", "target": { "file": "services/core/java/com/android/server/notification/SnoozeHelper.java", "function": "getSnoozeContextForUnpostedNotification" }, "signature_type": "Function" } ], "fixes": [ "https://android.googlesource.com/platform/frameworks/base/+/37e748ab8a38b3e1ada63ee6321eb01d264229ec" ], "spl": "2023-05-01", "severity": "High", "types": [ "EoP" ] }