ASB-A-279902472

See a problem?
Import Source
https://storage.googleapis.com/android-osv/ASB-A-279902472.json
JSON Data
https://api.osv.dev/v1/vulns/ASB-A-279902472
Aliases
  • A-279902472
  • CVE-2023-40125
Published
2023-10-01T00:00:00Z
Modified
2024-08-07T19:29:49.268295Z
Summary
Modifying global APN settings as an unprivileged secondary user
Details

In onCreate of ApnEditor.java, there is a possible way for a Guest user to change the APN due to a permission bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

References

Affected packages

Android / platform/packages/apps/Settings

Affected ranges

Type
ECOSYSTEM
Events
Introduced
14-next:0
Fixed
14-next:2023-10-01

Affected versions

Other

14-next

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 2063.0,
                "function_hash": "152610087046714648780611739448265895775"
            },
            "id": "ASB-A-279902472-0f7bedb2",
            "source": "https://android.googlesource.com/platform/packages/apps/Settings/+/4e18e7414c674a1c5bc69961c03499849b4aefd2",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/com/android/settings/network/apn/ApnEditor.java",
                "function": "onCreate"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "100041008446260560396476630504279122632",
                    "197440316143246402731199565354473608321",
                    "70840163502051476079726514185892266905",
                    "244617952890001118372071042936428388011",
                    "253967541776609911089824468622285267085",
                    "162574523912741452380634460621824356014",
                    "45614435444533552429023121767383526343",
                    "271285628984379760273372622606079034026",
                    "220136755168173347836623543778097906037",
                    "127548030616501896579967466812780655682",
                    "226212641881934404685962328827268654771",
                    "6291049940031259618325275032442921755"
                ]
            },
            "id": "ASB-A-279902472-4c8f9454",
            "source": "https://android.googlesource.com/platform/packages/apps/Settings/+/4e18e7414c674a1c5bc69961c03499849b4aefd2",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/com/android/settings/network/apn/ApnEditor.java"
            },
            "signature_type": "Line"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/packages/apps/Settings/+/4e18e7414c674a1c5bc69961c03499849b4aefd2"
    ],
    "spl": "2023-10-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}

Android / platform/packages/apps/Settings

Affected ranges

Type
ECOSYSTEM
Events
Introduced
11:0
Fixed
11:2023-10-01

Affected versions

Other

11

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "100041008446260560396476630504279122632",
                    "197440316143246402731199565354473608321",
                    "70840163502051476079726514185892266905",
                    "244617952890001118372071042936428388011",
                    "38196262269454676375805172647623459301",
                    "162574523912741452380634460621824356014",
                    "45614435444533552429023121767383526343",
                    "271285628984379760273372622606079034026",
                    "257647301880991909851187323489183030391",
                    "302527794259696103092579999911948872205",
                    "249004662640481674558636069371120830480"
                ]
            },
            "id": "ASB-A-279902472-a461a250",
            "source": "https://android.googlesource.com/platform/packages/apps/Settings/+/5c2d727b8f9198bf758a4896eda7c9e5385435ff",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/com/android/settings/network/ApnEditor.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 1839.0,
                "function_hash": "34987420686896681253052769836241055652"
            },
            "id": "ASB-A-279902472-e9ff669e",
            "source": "https://android.googlesource.com/platform/packages/apps/Settings/+/5c2d727b8f9198bf758a4896eda7c9e5385435ff",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/com/android/settings/network/ApnEditor.java",
                "function": "onCreate"
            },
            "signature_type": "Function"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/packages/apps/Settings/+/5c2d727b8f9198bf758a4896eda7c9e5385435ff"
    ],
    "spl": "2023-10-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}

Android / platform/packages/apps/Settings

Affected ranges

Type
ECOSYSTEM
Events
Introduced
12:0
Fixed
12:2023-10-01

Affected versions

Other

12

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "100041008446260560396476630504279122632",
                    "197440316143246402731199565354473608321",
                    "70840163502051476079726514185892266905",
                    "244617952890001118372071042936428388011",
                    "38196262269454676375805172647623459301",
                    "162574523912741452380634460621824356014",
                    "45614435444533552429023121767383526343",
                    "271285628984379760273372622606079034026",
                    "220136755168173347836623543778097906037",
                    "127548030616501896579967466812780655682",
                    "226212641881934404685962328827268654771",
                    "6291049940031259618325275032442921755"
                ]
            },
            "id": "ASB-A-279902472-705f3b72",
            "source": "https://android.googlesource.com/platform/packages/apps/Settings/+/e3b554b29674ef20946451d0b46d3213838e753d",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/com/android/settings/network/apn/ApnEditor.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 1839.0,
                "function_hash": "34987420686896681253052769836241055652"
            },
            "id": "ASB-A-279902472-b33a7cd2",
            "source": "https://android.googlesource.com/platform/packages/apps/Settings/+/e3b554b29674ef20946451d0b46d3213838e753d",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/com/android/settings/network/apn/ApnEditor.java",
                "function": "onCreate"
            },
            "signature_type": "Function"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/packages/apps/Settings/+/e3b554b29674ef20946451d0b46d3213838e753d"
    ],
    "spl": "2023-10-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}

Android / platform/packages/apps/Settings

Affected ranges

Type
ECOSYSTEM
Events
Introduced
12L:0
Fixed
12L:2023-10-01

Affected versions

Other

12L

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "100041008446260560396476630504279122632",
                    "197440316143246402731199565354473608321",
                    "70840163502051476079726514185892266905",
                    "244617952890001118372071042936428388011",
                    "38196262269454676375805172647623459301",
                    "162574523912741452380634460621824356014",
                    "45614435444533552429023121767383526343",
                    "271285628984379760273372622606079034026",
                    "220136755168173347836623543778097906037",
                    "127548030616501896579967466812780655682",
                    "226212641881934404685962328827268654771",
                    "6291049940031259618325275032442921755"
                ]
            },
            "id": "ASB-A-279902472-11806294",
            "source": "https://android.googlesource.com/platform/packages/apps/Settings/+/6afcad76262ff87e0dd7c6d0394e00fcff0c1c6b",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/com/android/settings/network/apn/ApnEditor.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 1839.0,
                "function_hash": "34987420686896681253052769836241055652"
            },
            "id": "ASB-A-279902472-87e4430d",
            "source": "https://android.googlesource.com/platform/packages/apps/Settings/+/6afcad76262ff87e0dd7c6d0394e00fcff0c1c6b",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/com/android/settings/network/apn/ApnEditor.java",
                "function": "onCreate"
            },
            "signature_type": "Function"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/packages/apps/Settings/+/6afcad76262ff87e0dd7c6d0394e00fcff0c1c6b"
    ],
    "spl": "2023-10-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}

Android / platform/packages/apps/Settings

Affected ranges

Type
ECOSYSTEM
Events
Introduced
13:0
Fixed
13:2023-10-01

Affected versions

Other

13

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "100041008446260560396476630504279122632",
                    "197440316143246402731199565354473608321",
                    "70840163502051476079726514185892266905",
                    "244617952890001118372071042936428388011",
                    "253967541776609911089824468622285267085",
                    "162574523912741452380634460621824356014",
                    "45614435444533552429023121767383526343",
                    "271285628984379760273372622606079034026",
                    "220136755168173347836623543778097906037",
                    "127548030616501896579967466812780655682",
                    "226212641881934404685962328827268654771",
                    "6291049940031259618325275032442921755"
                ]
            },
            "id": "ASB-A-279902472-a257f136",
            "source": "https://android.googlesource.com/platform/packages/apps/Settings/+/ef2fd5b7cd74426568e8e82fb0dcddbfdaa943bf",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/com/android/settings/network/apn/ApnEditor.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 2050.0,
                "function_hash": "120011954125153054742972270375951367173"
            },
            "id": "ASB-A-279902472-d54cf6db",
            "source": "https://android.googlesource.com/platform/packages/apps/Settings/+/ef2fd5b7cd74426568e8e82fb0dcddbfdaa943bf",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/com/android/settings/network/apn/ApnEditor.java",
                "function": "onCreate"
            },
            "signature_type": "Function"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/packages/apps/Settings/+/ef2fd5b7cd74426568e8e82fb0dcddbfdaa943bf"
    ],
    "spl": "2023-10-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}