In applySyncTransaction of WindowOrganizer.java, a missing permission check could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
{ "vanir_signatures": [ { "digest": { "threshold": 0.9, "line_hashes": [ "24167277397551134546542269956654826946", "59354035683255245686438663322948847719", "141436198444055060434533248862068064600", "71372327696440544856753655530964729435", "210089888014606679534144853351660770729" ] }, "id": "ASB-A-259938771-94e054c1", "source": "https://android.googlesource.com/platform/frameworks/base/+/65ac64c3476f42f8437481bff77485f53ab4f391", "deprecated": false, "signature_version": "v1", "target": { "file": "core/java/android/window/WindowOrganizer.java" }, "signature_type": "Line" } ], "fixes": [ "https://android.googlesource.com/platform/frameworks/base/+/65ac64c3476f42f8437481bff77485f53ab4f391" ], "spl": "2023-05-01", "severity": "High", "types": [ "ID" ] }
{ "vanir_signatures": [ { "digest": { "threshold": 0.9, "line_hashes": [ "94873515176354498119726965180125014759", "69134896768068446205333039147865737471", "43153660374862486007131981049621156825", "47773090083289433534609771822341692986" ] }, "id": "ASB-A-259938771-1d083d4d", "source": "https://android.googlesource.com/platform/frameworks/base/+/9a91f75d298a7fd81367ee89aef4bc2b7d27d80d", "deprecated": false, "signature_version": "v1", "target": { "file": "services/core/java/com/android/server/wm/WindowOrganizerController.java" }, "signature_type": "Line" }, { "digest": { "length": 146.0, "function_hash": "125141909306182988522930486158020411585" }, "id": "ASB-A-259938771-c37c9c70", "source": "https://android.googlesource.com/platform/frameworks/base/+/9a91f75d298a7fd81367ee89aef4bc2b7d27d80d", "deprecated": false, "signature_version": "v1", "target": { "file": "core/java/android/window/TaskFragmentOrganizer.java", "function": "applySyncTransaction" }, "signature_type": "Function" }, { "digest": { "length": 515.0, "function_hash": "85499661603049198270436623753962518799" }, "id": "ASB-A-259938771-dfe336fc", "source": "https://android.googlesource.com/platform/frameworks/base/+/9a91f75d298a7fd81367ee89aef4bc2b7d27d80d", "deprecated": false, "signature_version": "v1", "target": { "file": "services/core/java/com/android/server/wm/WindowOrganizerController.java", "function": "applySyncTransaction" }, "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "108595815495287482905946503145369390890", "273699918406182242923181054390688436475", "170937474303982607169189269718626162175", "133450629759479855441231124383360709263", "7496200274902299290492361216841137135", "156773150231249587012878326627470087874", "54067275844175185450265451145859420513", "139008005705741279889019115769842795249", "301954793450460953634022364525325029661", "244195558835990736426134245007675438194" ] }, "id": "ASB-A-259938771-e14366b9", "source": "https://android.googlesource.com/platform/frameworks/base/+/9a91f75d298a7fd81367ee89aef4bc2b7d27d80d", "deprecated": false, "signature_version": "v1", "target": { "file": "core/java/android/window/TaskFragmentOrganizer.java" }, "signature_type": "Line" }, { "digest": { "threshold": 0.9, "line_hashes": [ "24167277397551134546542269956654826946", "59354035683255245686438663322948847719", "141436198444055060434533248862068064600", "71372327696440544856753655530964729435", "210089888014606679534144853351660770729" ] }, "id": "ASB-A-259938771-edd0be08", "source": "https://android.googlesource.com/platform/frameworks/base/+/9a91f75d298a7fd81367ee89aef4bc2b7d27d80d", "deprecated": false, "signature_version": "v1", "target": { "file": "core/java/android/window/WindowOrganizer.java" }, "signature_type": "Line" } ], "fixes": [ "https://android.googlesource.com/platform/frameworks/base/+/9a91f75d298a7fd81367ee89aef4bc2b7d27d80d" ], "spl": "2023-05-01", "severity": "High", "types": [ "ID" ] }
{ "vanir_signatures": [ { "digest": { "threshold": 0.9, "line_hashes": [ "108595815495287482905946503145369390890", "273699918406182242923181054390688436475", "170937474303982607169189269718626162175", "133450629759479855441231124383360709263", "7496200274902299290492361216841137135", "156773150231249587012878326627470087874", "54067275844175185450265451145859420513", "139008005705741279889019115769842795249", "301954793450460953634022364525325029661", "244195558835990736426134245007675438194" ] }, "id": "ASB-A-259938771-56a13645", "source": "https://android.googlesource.com/platform/frameworks/base/+/6d848929eab6249b0ba1b8bd6d454744850b1718", "deprecated": false, "signature_version": "v1", "target": { "file": "core/java/android/window/TaskFragmentOrganizer.java" }, "signature_type": "Line" }, { "digest": { "length": 146.0, "function_hash": "125141909306182988522930486158020411585" }, "id": "ASB-A-259938771-817d648c", "source": "https://android.googlesource.com/platform/frameworks/base/+/6d848929eab6249b0ba1b8bd6d454744850b1718", "deprecated": false, "signature_version": "v1", "target": { "file": "core/java/android/window/TaskFragmentOrganizer.java", "function": "applySyncTransaction" }, "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "24167277397551134546542269956654826946", "59354035683255245686438663322948847719", "141436198444055060434533248862068064600", "71372327696440544856753655530964729435", "210089888014606679534144853351660770729" ] }, "id": "ASB-A-259938771-ad972a6d", "source": "https://android.googlesource.com/platform/frameworks/base/+/6d848929eab6249b0ba1b8bd6d454744850b1718", "deprecated": false, "signature_version": "v1", "target": { "file": "core/java/android/window/WindowOrganizer.java" }, "signature_type": "Line" }, { "digest": { "length": 909.0, "function_hash": "94972001688045139022611512129235857976" }, "id": "ASB-A-259938771-b416cfee", "source": "https://android.googlesource.com/platform/frameworks/base/+/6d848929eab6249b0ba1b8bd6d454744850b1718", "deprecated": false, "signature_version": "v1", "target": { "file": "services/core/java/com/android/server/wm/WindowOrganizerController.java", "function": "applySyncTransaction" }, "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "94873515176354498119726965180125014759", "69134896768068446205333039147865737471", "43153660374862486007131981049621156825", "47773090083289433534609771822341692986" ] }, "id": "ASB-A-259938771-c13d2766", "source": "https://android.googlesource.com/platform/frameworks/base/+/6d848929eab6249b0ba1b8bd6d454744850b1718", "deprecated": false, "signature_version": "v1", "target": { "file": "services/core/java/com/android/server/wm/WindowOrganizerController.java" }, "signature_type": "Line" } ], "fixes": [ "https://android.googlesource.com/platform/frameworks/base/+/6d848929eab6249b0ba1b8bd6d454744850b1718" ], "spl": "2023-05-01", "severity": "High", "types": [ "ID" ] }