In SettingsHomepageActivity.java, there is a possible way to launch arbitrary activities via Settings due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
{ "vanir_signatures": [ { "digest": { "length": 134.0, "function_hash": "185356596428023858437853145324850024203" }, "id": "ASB-A-268193384-0e7a5ebd", "source": "https://android.googlesource.com/platform/packages/apps/Settings/+/5310c406400f71c2c540f23903a6766fbf58db1a", "deprecated": false, "signature_version": "v1", "target": { "file": "src/com/android/settings/homepage/SettingsHomepageActivity.java", "function": "isCallingAppPermitted" }, "signature_type": "Function" }, { "digest": { "length": 3157.0, "function_hash": "189423624913439060030129431963627975343" }, "id": "ASB-A-268193384-690faabb", "source": "https://android.googlesource.com/platform/packages/apps/Settings/+/5310c406400f71c2c540f23903a6766fbf58db1a", "deprecated": false, "signature_version": "v1", "target": { "file": "src/com/android/settings/homepage/SettingsHomepageActivity.java", "function": "launchDeepLinkIntentToRight" }, "signature_type": "Function" }, { "digest": { "length": 590.0, "function_hash": "67926581386142622117586339217099678821" }, "id": "ASB-A-268193384-714d18de", "source": "https://android.googlesource.com/platform/packages/apps/Settings/+/5310c406400f71c2c540f23903a6766fbf58db1a", "deprecated": false, "signature_version": "v1", "target": { "file": "src/com/android/settings/homepage/SettingsHomepageActivity.java", "function": "hasPrivilegedAccess" }, "signature_type": "Function" }, { "digest": { "length": 2050.0, "function_hash": "46093851110103747290941956612987539168" }, "id": "ASB-A-268193384-748b0152", "source": "https://android.googlesource.com/platform/packages/apps/Settings/+/5310c406400f71c2c540f23903a6766fbf58db1a", "deprecated": false, "signature_version": "v1", "target": { "file": "src/com/android/settings/homepage/SettingsHomepageActivity.java", "function": "onCreate" }, "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "132571774483529516609662099898951184434", "22041788483559470993617239323624207838", "181715653843028515298128163874925865060", "96853627072202321601979615406377984092", "35707833216403351988236272620752795354", "153103960569161125495775617616387482500", "128112262627555017465909835982632558041", "22423452510264765937188101476518394208", "201297567626026053054381410250468052344", "216828479439079589005912666973557691150", "194963451676720486624403772064159543447", "177033011641440959319418290636960314685", "240472492848038308928595045781178556736", "17874854355942956642492784558176459699", "285528923098192370315874689093587187660", "102835308541050052058603141002811192003", "19518904023656751986520291534943964808", "261965481524034096877717125562509900996", "286549850467148299944658512757471371988", "210616758342919391292852644640910818945", "161313718679188801231329825053011233453", "10949571485950084240958710614077174174", "264756585375075799154155909639102410332", "171102309486148321268116107523309079575", "331359271788712889245061329575260280265", "230596051586311103968818545896737972340", "267851419220027037165903148821914121770", "81495708825601022894960066669550446186", "297935819184373740089850799222408589935", "206113984682095361504639740730595505770", "238261011871627776422000255855005089885", "262646873950258666471571453293369551395", "102600391902106702682419807621370759860", "149149902581443407792017138648236229797", "264504737646111351620858886196789293252", "28618209267549212738061453449371712489", "29292609383751632768932919098468725842", "69622398026475285412081862090289296564", "316358683519114412917156991234380283875", "1342687973273497631998028962186828064", "133766636878104501056106899777835466889", "28930969451857573301108210190227089916", "86897469178698484236564527640357834031", "174276228665925202230280238338109409491", "295479141426973499879685745116584997188", "16098237895891796584290707411159125480", "156490140419115255749861271637773236662", "252771613810263997054874136950782560704", "144455493909789576720390225522068412758", "2211309132741963667446152772288893941", "314499818934102249274366590317605633445", "60127409765483707750429834818187857191", "110368322462016207763720308856230096551", "243085136989877707314293516460498842856", "181365322987999571023930814792525569420", "287963541367040651554239026872627822944", "6505783995889100234817473492811845294", "57400973875651212793008667707052487065", "88092049941283478625452086767286432575", "218175375021224294036182551920933626664", "64142922673509667989197016159781850431", "327898562147787758343382638938781560439", "285080588398437311645964231559474726463", "110147002580674932847094586965163761322", "332309879023952032712620437244913442529", "155946121083715331259485289821938407886", "96904116332509127359643814884701377241", "205872762650220297177931951087860379768", "1111029685143574040244856939887598991", "65312411719664685059535649062211493518", "209734434698796692112594121059955644955", "39408089645354374217261067310463496474", "85218950246176746123588492263417506057", "45736168974926315206028714276616155820", "220204543802436265336368280612683167089", "144328718532664173628615256486408231515", "180718939313278496677208509002453749131", "297249628106261305584859077725409549085", "282955144541307006166479346492291846955", "214965362890182111032528984216289857711", "81740386452741016550921618961424037607" ] }, "id": "ASB-A-268193384-82d11e40", "source": "https://android.googlesource.com/platform/packages/apps/Settings/+/5310c406400f71c2c540f23903a6766fbf58db1a", "deprecated": false, "signature_version": "v1", "target": { "file": "src/com/android/settings/homepage/SettingsHomepageActivity.java" }, "signature_type": "Line" } ], "fixes": [ "https://android.googlesource.com/platform/packages/apps/Settings/+/5310c406400f71c2c540f23903a6766fbf58db1a" ], "spl": "2023-07-01", "severity": "High", "types": [ "EoP" ] }
{ "vanir_signatures": [ { "digest": { "threshold": 0.9, "line_hashes": [ "132571774483529516609662099898951184434", "22041788483559470993617239323624207838", "181715653843028515298128163874925865060", "96853627072202321601979615406377984092", "35707833216403351988236272620752795354", "153103960569161125495775617616387482500", "128112262627555017465909835982632558041", "22423452510264765937188101476518394208", "201297567626026053054381410250468052344", "216828479439079589005912666973557691150", "238201893559485299729845259349358622390", "184937996436821298166663766140330792695", "91438180961365072401019075459094006759", "17874854355942956642492784558176459699", "285528923098192370315874689093587187660", "102835308541050052058603141002811192003", "19518904023656751986520291534943964808", "261965481524034096877717125562509900996", "286549850467148299944658512757471371988", "210616758342919391292852644640910818945", "161313718679188801231329825053011233453", "10949571485950084240958710614077174174", "264756585375075799154155909639102410332", "148923847263898729800592870768811317475", "179806985211862734438686131839236963825", "230596051586311103968818545896737972340", "267851419220027037165903148821914121770", "81495708825601022894960066669550446186", "297935819184373740089850799222408589935", "206113984682095361504639740730595505770", "238261011871627776422000255855005089885", "262646873950258666471571453293369551395", "102600391902106702682419807621370759860", "149149902581443407792017138648236229797", "264504737646111351620858886196789293252", "28618209267549212738061453449371712489", "29292609383751632768932919098468725842", "69622398026475285412081862090289296564", "316358683519114412917156991234380283875", "1342687973273497631998028962186828064", "133766636878104501056106899777835466889", "28930969451857573301108210190227089916", "86897469178698484236564527640357834031", "174276228665925202230280238338109409491", "295479141426973499879685745116584997188", "16098237895891796584290707411159125480", "156490140419115255749861271637773236662", "252771613810263997054874136950782560704", "144455493909789576720390225522068412758", "2211309132741963667446152772288893941", "314499818934102249274366590317605633445", "292474684822825910988116189062914156737", "234946925786154710883389226056493191815", "243085136989877707314293516460498842856", "181365322987999571023930814792525569420", "287963541367040651554239026872627822944", "6505783995889100234817473492811845294", "57400973875651212793008667707052487065", "88092049941283478625452086767286432575", "218175375021224294036182551920933626664", "64142922673509667989197016159781850431", "327898562147787758343382638938781560439", "285080588398437311645964231559474726463", "110147002580674932847094586965163761322", "332309879023952032712620437244913442529", "155946121083715331259485289821938407886", "96904116332509127359643814884701377241", "205872762650220297177931951087860379768", "1111029685143574040244856939887598991", "65312411719664685059535649062211493518", "209734434698796692112594121059955644955", "39408089645354374217261067310463496474", "85218950246176746123588492263417506057", "45736168974926315206028714276616155820", "220204543802436265336368280612683167089", "144328718532664173628615256486408231515", "180718939313278496677208509002453749131", "297249628106261305584859077725409549085", "282955144541307006166479346492291846955", "214965362890182111032528984216289857711", "81740386452741016550921618961424037607" ] }, "id": "ASB-A-268193384-2a885791", "source": "https://android.googlesource.com/platform/packages/apps/Settings/+/0f13f70655099543ba34eb8aeaa74b34a3993a3b", "deprecated": false, "signature_version": "v1", "target": { "file": "src/com/android/settings/homepage/SettingsHomepageActivity.java" }, "signature_type": "Line" }, { "digest": { "length": 3147.0, "function_hash": "73505647024693645132513539336734096974" }, "id": "ASB-A-268193384-8dcb998e", "source": "https://android.googlesource.com/platform/packages/apps/Settings/+/0f13f70655099543ba34eb8aeaa74b34a3993a3b", "deprecated": false, "signature_version": "v1", "target": { "file": "src/com/android/settings/homepage/SettingsHomepageActivity.java", "function": "launchDeepLinkIntentToRight" }, "signature_type": "Function" }, { "digest": { "length": 590.0, "function_hash": "67926581386142622117586339217099678821" }, "id": "ASB-A-268193384-952a8813", "source": "https://android.googlesource.com/platform/packages/apps/Settings/+/0f13f70655099543ba34eb8aeaa74b34a3993a3b", "deprecated": false, "signature_version": "v1", "target": { "file": "src/com/android/settings/homepage/SettingsHomepageActivity.java", "function": "hasPrivilegedAccess" }, "signature_type": "Function" }, { "digest": { "length": 1818.0, "function_hash": "323717327403809139241625132155155745191" }, "id": "ASB-A-268193384-bf6dc4b4", "source": "https://android.googlesource.com/platform/packages/apps/Settings/+/0f13f70655099543ba34eb8aeaa74b34a3993a3b", "deprecated": false, "signature_version": "v1", "target": { "file": "src/com/android/settings/homepage/SettingsHomepageActivity.java", "function": "onCreate" }, "signature_type": "Function" }, { "digest": { "length": 134.0, "function_hash": "185356596428023858437853145324850024203" }, "id": "ASB-A-268193384-fedcba1a", "source": "https://android.googlesource.com/platform/packages/apps/Settings/+/0f13f70655099543ba34eb8aeaa74b34a3993a3b", "deprecated": false, "signature_version": "v1", "target": { "file": "src/com/android/settings/homepage/SettingsHomepageActivity.java", "function": "isCallingAppPermitted" }, "signature_type": "Function" } ], "fixes": [ "https://android.googlesource.com/platform/packages/apps/Settings/+/0f13f70655099543ba34eb8aeaa74b34a3993a3b" ], "spl": "2023-07-01", "severity": "High", "types": [ "EoP" ] }