In FillUi of FillUi.java, there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
{ "vanir_signatures": [ { "digest": { "length": 754.0, "function_hash": "49532191195551615746744837755912801092" }, "id": "ASB-A-281534749-5ab7af97", "source": "https://android.googlesource.com/platform/frameworks/base/+/bf7fbbccd920596e514d1559fb3feaca70e55e78", "deprecated": false, "signature_version": "v1", "target": { "file": "services/autofill/java/com/android/server/autofill/ui/DialogFillUi.java", "function": "initialAuthenticationLayout" }, "signature_type": "Function" }, { "digest": { "length": 498.0, "function_hash": "243658678464188710220306003597891618027" }, "id": "ASB-A-281534749-620d3a19", "source": "https://android.googlesource.com/platform/frameworks/base/+/bf7fbbccd920596e514d1559fb3feaca70e55e78", "deprecated": false, "signature_version": "v1", "target": { "file": "services/autofill/java/com/android/server/autofill/ui/DialogFillUi.java", "function": "setHeader" }, "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "195550187764114165661677033491385867525", "207939012160879388942929324645558281641", "197882718764834178866649541080794831380", "239233852245253813103569443623407063279", "44698807005793972678540295405764893919", "21183059188807409401714516310665780128", "300048194628243201263727493046361281547", "303844278245018911624601514776114041871", "229695913011207263233075675270896549026", "55169701512537227256118636456135333684", "198388733492753553705907241123091591212", "304920987658179113312826479999607115028", "269055928370450172860520757506759510794", "237757000885932752970060260599884987089", "33379483823330199745001603645193499184" ] }, "id": "ASB-A-281534749-641aa435", "source": "https://android.googlesource.com/platform/frameworks/base/+/bf7fbbccd920596e514d1559fb3feaca70e55e78", "deprecated": false, "signature_version": "v1", "target": { "file": "services/autofill/java/com/android/server/autofill/Helper.java" }, "signature_type": "Line" }, { "digest": { "threshold": 0.9, "line_hashes": [ "152706124914265209826722211813105497440", "122457438830031755697776489763091500155", "9557648870503328618362177008065891024", "21424190766785613237481844130356205668", "318743049332437221904056720756700357292", "19494396699293671953931356471127301788", "125685506690105876920915180744054100445", "193060436326013056668025233908441392097", "45525861848201633409686579962243666914", "247171390140834564838122080548466479325", "11417974425339281741084590764620266974", "63675271650473437443478445002199682738", "337643276294840670681719171796552205364", "120308007170846405930104003764350781053", "110491743816707019839998419656968232453", "290369119132319450297915760482112743456", "318831208973307593363994768019606516553", "118585930299939295491472408901765825976" ] }, "id": "ASB-A-281534749-77073142", "source": "https://android.googlesource.com/platform/frameworks/base/+/bf7fbbccd920596e514d1559fb3feaca70e55e78", "deprecated": false, "signature_version": "v1", "target": { "file": "services/autofill/java/com/android/server/autofill/ui/DialogFillUi.java" }, "signature_type": "Line" }, { "digest": { "threshold": 0.9, "line_hashes": [ "148303161279659643660660451501034279234", "125883638802437311423689325172088876430", "68109407143103339498063405506151933519", "141851605057521366089072764562061264673" ] }, "id": "ASB-A-281534749-843e33dd", "source": "https://android.googlesource.com/platform/frameworks/base/+/bf7fbbccd920596e514d1559fb3feaca70e55e78", "deprecated": false, "signature_version": "v1", "target": { "file": "services/autofill/java/com/android/server/autofill/ui/SaveUi.java" }, "signature_type": "Line" }, { "digest": { "length": 1677.0, "function_hash": "14933855057066592257347322952625317997" }, "id": "ASB-A-281534749-88e2601c", "source": "https://android.googlesource.com/platform/frameworks/base/+/bf7fbbccd920596e514d1559fb3feaca70e55e78", "deprecated": false, "signature_version": "v1", "target": { "file": "services/autofill/java/com/android/server/autofill/ui/DialogFillUi.java", "function": "createDatasetItems" }, "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "70384187207969473467724071990317729398", "320418546227076084465594181217435078892", "139034975296227356350451546793061696188", "198840029242654939539433467117586934531", "313245536086977364838236582966126120156", "9821241575628344625617058172907797661", "84864080468086762366722034388010268348", "321713212781640076910098641929018121181", "60835553322294116645322918846401089571", "194254830192584495059033577937727898134", "147075656553749944497531376143451541327", "11224255276186999251427813799537284016", "190000541700740439308365212289947348130" ] }, "id": "ASB-A-281534749-b507324c", "source": "https://android.googlesource.com/platform/frameworks/base/+/bf7fbbccd920596e514d1559fb3feaca70e55e78", "deprecated": false, "signature_version": "v1", "target": { "file": "services/autofill/java/com/android/server/autofill/ui/FillUi.java" }, "signature_type": "Line" }, { "digest": { "length": 3696.0, "function_hash": "110995354895912650465302359732992851334" }, "id": "ASB-A-281534749-da39f1f8", "source": "https://android.googlesource.com/platform/frameworks/base/+/bf7fbbccd920596e514d1559fb3feaca70e55e78", "deprecated": false, "signature_version": "v1", "target": { "file": "services/autofill/java/com/android/server/autofill/ui/SaveUi.java", "function": "applyCustomDescription" }, "signature_type": "Function" }, { "digest": { "length": 6510.0, "function_hash": "31646391903980341277154471442477253944" }, "id": "ASB-A-281534749-eda948f9", "source": "https://android.googlesource.com/platform/frameworks/base/+/bf7fbbccd920596e514d1559fb3feaca70e55e78", "deprecated": false, "signature_version": "v1", "target": { "file": "services/autofill/java/com/android/server/autofill/ui/FillUi.java", "function": "FillUi" }, "signature_type": "Function" } ], "fixes": [ "https://android.googlesource.com/platform/frameworks/base/+/bf7fbbccd920596e514d1559fb3feaca70e55e78" ], "spl": "2023-10-01", "severity": "High", "types": [ "ID" ] }
{ "vanir_signatures": [ { "digest": { "length": 6466.0, "function_hash": "155518773178166328024443815934004657924" }, "id": "ASB-A-281534749-2eaee6b1", "source": "https://android.googlesource.com/platform/frameworks/base/+/26beceb9a252a50374d056b162fa7e8ea55051b3", "deprecated": false, "signature_version": "v1", "target": { "file": "services/autofill/java/com/android/server/autofill/ui/FillUi.java", "function": "FillUi" }, "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "206563368113645024653705304061605275981", "197882718764834178866649541080794831380", "239233852245253813103569443623407063279", "44698807005793972678540295405764893919", "21183059188807409401714516310665780128", "300048194628243201263727493046361281547", "200644165688969314273219891189461360855", "1533552725838892988904021190204807092", "24868220839740881984862838880748668578", "150704527154317727477530934568826194535", "199961918734733418034626543626299241461", "299745589297796933467607047619440155784", "269055928370450172860520757506759510794", "237757000885932752970060260599884987089", "33379483823330199745001603645193499184" ] }, "id": "ASB-A-281534749-333bfa1f", "source": "https://android.googlesource.com/platform/frameworks/base/+/26beceb9a252a50374d056b162fa7e8ea55051b3", "deprecated": false, "signature_version": "v1", "target": { "file": "services/autofill/java/com/android/server/autofill/Helper.java" }, "signature_type": "Line" }, { "digest": { "length": 3696.0, "function_hash": "110995354895912650465302359732992851334" }, "id": "ASB-A-281534749-9de44644", "source": "https://android.googlesource.com/platform/frameworks/base/+/26beceb9a252a50374d056b162fa7e8ea55051b3", "deprecated": false, "signature_version": "v1", "target": { "file": "services/autofill/java/com/android/server/autofill/ui/SaveUi.java", "function": "applyCustomDescription" }, "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "70384187207969473467724071990317729398", "320418546227076084465594181217435078892", "139034975296227356350451546793061696188", "198840029242654939539433467117586934531", "313245536086977364838236582966126120156", "9821241575628344625617058172907797661", "84864080468086762366722034388010268348", "321713212781640076910098641929018121181", "60835553322294116645322918846401089571", "194254830192584495059033577937727898134", "147075656553749944497531376143451541327", "11224255276186999251427813799537284016", "190000541700740439308365212289947348130" ] }, "id": "ASB-A-281534749-a6bb3cd1", "source": "https://android.googlesource.com/platform/frameworks/base/+/26beceb9a252a50374d056b162fa7e8ea55051b3", "deprecated": false, "signature_version": "v1", "target": { "file": "services/autofill/java/com/android/server/autofill/ui/FillUi.java" }, "signature_type": "Line" }, { "digest": { "threshold": 0.9, "line_hashes": [ "148303161279659643660660451501034279234", "125883638802437311423689325172088876430", "68109407143103339498063405506151933519", "141851605057521366089072764562061264673" ] }, "id": "ASB-A-281534749-be201291", "source": "https://android.googlesource.com/platform/frameworks/base/+/26beceb9a252a50374d056b162fa7e8ea55051b3", "deprecated": false, "signature_version": "v1", "target": { "file": "services/autofill/java/com/android/server/autofill/ui/SaveUi.java" }, "signature_type": "Line" } ], "fixes": [ "https://android.googlesource.com/platform/frameworks/base/+/26beceb9a252a50374d056b162fa7e8ea55051b3" ], "spl": "2023-10-01", "severity": "High", "types": [ "ID" ] }
{ "vanir_signatures": [ { "digest": { "threshold": 0.9, "line_hashes": [ "70384187207969473467724071990317729398", "320418546227076084465594181217435078892", "139034975296227356350451546793061696188", "198840029242654939539433467117586934531", "313245536086977364838236582966126120156", "9821241575628344625617058172907797661", "84864080468086762366722034388010268348", "321713212781640076910098641929018121181", "60835553322294116645322918846401089571", "194254830192584495059033577937727898134", "147075656553749944497531376143451541327", "11224255276186999251427813799537284016", "190000541700740439308365212289947348130" ] }, "id": "ASB-A-281534749-2dc36069", "source": "https://android.googlesource.com/platform/frameworks/base/+/73fa082a7202100da107ae14dd7742ecd86da053", "deprecated": false, "signature_version": "v1", "target": { "file": "services/autofill/java/com/android/server/autofill/ui/FillUi.java" }, "signature_type": "Line" }, { "digest": { "threshold": 0.9, "line_hashes": [ "148303161279659643660660451501034279234", "125883638802437311423689325172088876430", "68109407143103339498063405506151933519", "141851605057521366089072764562061264673" ] }, "id": "ASB-A-281534749-5fd457db", "source": "https://android.googlesource.com/platform/frameworks/base/+/73fa082a7202100da107ae14dd7742ecd86da053", "deprecated": false, "signature_version": "v1", "target": { "file": "services/autofill/java/com/android/server/autofill/ui/SaveUi.java" }, "signature_type": "Line" }, { "digest": { "length": 6466.0, "function_hash": "155518773178166328024443815934004657924" }, "id": "ASB-A-281534749-651ccb46", "source": "https://android.googlesource.com/platform/frameworks/base/+/73fa082a7202100da107ae14dd7742ecd86da053", "deprecated": false, "signature_version": "v1", "target": { "file": "services/autofill/java/com/android/server/autofill/ui/FillUi.java", "function": "FillUi" }, "signature_type": "Function" }, { "digest": { "length": 3696.0, "function_hash": "110995354895912650465302359732992851334" }, "id": "ASB-A-281534749-73416289", "source": "https://android.googlesource.com/platform/frameworks/base/+/73fa082a7202100da107ae14dd7742ecd86da053", "deprecated": false, "signature_version": "v1", "target": { "file": "services/autofill/java/com/android/server/autofill/ui/SaveUi.java", "function": "applyCustomDescription" }, "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "206563368113645024653705304061605275981", "197882718764834178866649541080794831380", "239233852245253813103569443623407063279", "44698807005793972678540295405764893919", "21183059188807409401714516310665780128", "300048194628243201263727493046361281547", "200644165688969314273219891189461360855", "77496428704198062703578586753481553588", "55169701512537227256118636456135333684", "198388733492753553705907241123091591212", "304920987658179113312826479999607115028", "269055928370450172860520757506759510794", "237757000885932752970060260599884987089", "33379483823330199745001603645193499184" ] }, "id": "ASB-A-281534749-e1dfcf23", "source": "https://android.googlesource.com/platform/frameworks/base/+/73fa082a7202100da107ae14dd7742ecd86da053", "deprecated": false, "signature_version": "v1", "target": { "file": "services/autofill/java/com/android/server/autofill/Helper.java" }, "signature_type": "Line" } ], "fixes": [ "https://android.googlesource.com/platform/frameworks/base/+/73fa082a7202100da107ae14dd7742ecd86da053" ], "spl": "2023-10-01", "severity": "High", "types": [ "ID" ] }
{ "vanir_signatures": [ { "digest": { "threshold": 0.9, "line_hashes": [ "206563368113645024653705304061605275981", "197882718764834178866649541080794831380", "239233852245253813103569443623407063279", "44698807005793972678540295405764893919", "21183059188807409401714516310665780128", "300048194628243201263727493046361281547", "200644165688969314273219891189461360855", "77496428704198062703578586753481553588", "55169701512537227256118636456135333684", "198388733492753553705907241123091591212", "304920987658179113312826479999607115028", "269055928370450172860520757506759510794", "237757000885932752970060260599884987089", "33379483823330199745001603645193499184" ] }, "id": "ASB-A-281534749-37434a56", "source": "https://android.googlesource.com/platform/frameworks/base/+/f7ca136c514dc975c3f46d95c53fd6b3752c577a", "deprecated": false, "signature_version": "v1", "target": { "file": "services/autofill/java/com/android/server/autofill/Helper.java" }, "signature_type": "Line" }, { "digest": { "threshold": 0.9, "line_hashes": [ "70384187207969473467724071990317729398", "320418546227076084465594181217435078892", "139034975296227356350451546793061696188", "198840029242654939539433467117586934531", "313245536086977364838236582966126120156", "9821241575628344625617058172907797661", "84864080468086762366722034388010268348", "321713212781640076910098641929018121181", "60835553322294116645322918846401089571", "194254830192584495059033577937727898134", "147075656553749944497531376143451541327", "11224255276186999251427813799537284016", "190000541700740439308365212289947348130" ] }, "id": "ASB-A-281534749-880cea92", "source": "https://android.googlesource.com/platform/frameworks/base/+/f7ca136c514dc975c3f46d95c53fd6b3752c577a", "deprecated": false, "signature_version": "v1", "target": { "file": "services/autofill/java/com/android/server/autofill/ui/FillUi.java" }, "signature_type": "Line" }, { "digest": { "length": 6466.0, "function_hash": "155518773178166328024443815934004657924" }, "id": "ASB-A-281534749-96e46865", "source": "https://android.googlesource.com/platform/frameworks/base/+/f7ca136c514dc975c3f46d95c53fd6b3752c577a", "deprecated": false, "signature_version": "v1", "target": { "file": "services/autofill/java/com/android/server/autofill/ui/FillUi.java", "function": "FillUi" }, "signature_type": "Function" }, { "digest": { "length": 3696.0, "function_hash": "110995354895912650465302359732992851334" }, "id": "ASB-A-281534749-dc231278", "source": "https://android.googlesource.com/platform/frameworks/base/+/f7ca136c514dc975c3f46d95c53fd6b3752c577a", "deprecated": false, "signature_version": "v1", "target": { "file": "services/autofill/java/com/android/server/autofill/ui/SaveUi.java", "function": "applyCustomDescription" }, "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "148303161279659643660660451501034279234", "125883638802437311423689325172088876430", "68109407143103339498063405506151933519", "141851605057521366089072764562061264673" ] }, "id": "ASB-A-281534749-fb650d9f", "source": "https://android.googlesource.com/platform/frameworks/base/+/f7ca136c514dc975c3f46d95c53fd6b3752c577a", "deprecated": false, "signature_version": "v1", "target": { "file": "services/autofill/java/com/android/server/autofill/ui/SaveUi.java" }, "signature_type": "Line" } ], "fixes": [ "https://android.googlesource.com/platform/frameworks/base/+/f7ca136c514dc975c3f46d95c53fd6b3752c577a" ], "spl": "2023-10-01", "severity": "High", "types": [ "ID" ] }
{ "vanir_signatures": [ { "digest": { "threshold": 0.9, "line_hashes": [ "70384187207969473467724071990317729398", "320418546227076084465594181217435078892", "139034975296227356350451546793061696188", "198840029242654939539433467117586934531", "313245536086977364838236582966126120156", "9821241575628344625617058172907797661", "84864080468086762366722034388010268348", "321713212781640076910098641929018121181", "60835553322294116645322918846401089571", "194254830192584495059033577937727898134", "147075656553749944497531376143451541327", "11224255276186999251427813799537284016", "190000541700740439308365212289947348130" ] }, "id": "ASB-A-281534749-0905b66f", "source": "https://android.googlesource.com/platform/frameworks/base/+/93810ba1c0a4d31f49adbf9454731e2b7defdfc0", "deprecated": false, "signature_version": "v1", "target": { "file": "services/autofill/java/com/android/server/autofill/ui/FillUi.java" }, "signature_type": "Line" }, { "digest": { "threshold": 0.9, "line_hashes": [ "152706124914265209826722211813105497440", "122457438830031755697776489763091500155", "9557648870503328618362177008065891024", "21424190766785613237481844130356205668", "318743049332437221904056720756700357292", "19494396699293671953931356471127301788", "125685506690105876920915180744054100445", "193060436326013056668025233908441392097", "45525861848201633409686579962243666914", "247171390140834564838122080548466479325", "11417974425339281741084590764620266974", "63675271650473437443478445002199682738", "337643276294840670681719171796552205364", "120308007170846405930104003764350781053", "110491743816707019839998419656968232453", "290369119132319450297915760482112743456", "318831208973307593363994768019606516553", "118585930299939295491472408901765825976" ] }, "id": "ASB-A-281534749-09f01123", "source": "https://android.googlesource.com/platform/frameworks/base/+/93810ba1c0a4d31f49adbf9454731e2b7defdfc0", "deprecated": false, "signature_version": "v1", "target": { "file": "services/autofill/java/com/android/server/autofill/ui/DialogFillUi.java" }, "signature_type": "Line" }, { "digest": { "threshold": 0.9, "line_hashes": [ "148303161279659643660660451501034279234", "125883638802437311423689325172088876430", "68109407143103339498063405506151933519", "141851605057521366089072764562061264673" ] }, "id": "ASB-A-281534749-0c36bf76", "source": "https://android.googlesource.com/platform/frameworks/base/+/93810ba1c0a4d31f49adbf9454731e2b7defdfc0", "deprecated": false, "signature_version": "v1", "target": { "file": "services/autofill/java/com/android/server/autofill/ui/SaveUi.java" }, "signature_type": "Line" }, { "digest": { "length": 6466.0, "function_hash": "155518773178166328024443815934004657924" }, "id": "ASB-A-281534749-1cccc2fd", "source": "https://android.googlesource.com/platform/frameworks/base/+/93810ba1c0a4d31f49adbf9454731e2b7defdfc0", "deprecated": false, "signature_version": "v1", "target": { "file": "services/autofill/java/com/android/server/autofill/ui/FillUi.java", "function": "FillUi" }, "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "206563368113645024653705304061605275981", "197882718764834178866649541080794831380", "239233852245253813103569443623407063279", "44698807005793972678540295405764893919", "21183059188807409401714516310665780128", "300048194628243201263727493046361281547", "200644165688969314273219891189461360855", "77496428704198062703578586753481553588", "55169701512537227256118636456135333684", "198388733492753553705907241123091591212", "304920987658179113312826479999607115028", "269055928370450172860520757506759510794", "237757000885932752970060260599884987089", "33379483823330199745001603645193499184" ] }, "id": "ASB-A-281534749-4f86347b", "source": "https://android.googlesource.com/platform/frameworks/base/+/93810ba1c0a4d31f49adbf9454731e2b7defdfc0", "deprecated": false, "signature_version": "v1", "target": { "file": "services/autofill/java/com/android/server/autofill/Helper.java" }, "signature_type": "Line" }, { "digest": { "length": 754.0, "function_hash": "49532191195551615746744837755912801092" }, "id": "ASB-A-281534749-79b6b446", "source": "https://android.googlesource.com/platform/frameworks/base/+/93810ba1c0a4d31f49adbf9454731e2b7defdfc0", "deprecated": false, "signature_version": "v1", "target": { "file": "services/autofill/java/com/android/server/autofill/ui/DialogFillUi.java", "function": "initialAuthenticationLayout" }, "signature_type": "Function" }, { "digest": { "length": 498.0, "function_hash": "243658678464188710220306003597891618027" }, "id": "ASB-A-281534749-86686078", "source": "https://android.googlesource.com/platform/frameworks/base/+/93810ba1c0a4d31f49adbf9454731e2b7defdfc0", "deprecated": false, "signature_version": "v1", "target": { "file": "services/autofill/java/com/android/server/autofill/ui/DialogFillUi.java", "function": "setHeader" }, "signature_type": "Function" }, { "digest": { "length": 3696.0, "function_hash": "110995354895912650465302359732992851334" }, "id": "ASB-A-281534749-8935f0ef", "source": "https://android.googlesource.com/platform/frameworks/base/+/93810ba1c0a4d31f49adbf9454731e2b7defdfc0", "deprecated": false, "signature_version": "v1", "target": { "file": "services/autofill/java/com/android/server/autofill/ui/SaveUi.java", "function": "applyCustomDescription" }, "signature_type": "Function" }, { "digest": { "length": 1677.0, "function_hash": "14933855057066592257347322952625317997" }, "id": "ASB-A-281534749-8fa0831f", "source": "https://android.googlesource.com/platform/frameworks/base/+/93810ba1c0a4d31f49adbf9454731e2b7defdfc0", "deprecated": false, "signature_version": "v1", "target": { "file": "services/autofill/java/com/android/server/autofill/ui/DialogFillUi.java", "function": "createDatasetItems" }, "signature_type": "Function" } ], "fixes": [ "https://android.googlesource.com/platform/frameworks/base/+/93810ba1c0a4d31f49adbf9454731e2b7defdfc0" ], "spl": "2023-10-01", "severity": "High", "types": [ "ID" ] }