ASB-A-285645039

See a problem?
Import Source
https://storage.googleapis.com/android-osv/ASB-A-285645039.json
JSON Data
https://api.osv.dev/v1/vulns/ASB-A-285645039
Aliases
  • A-285645039
  • CVE-2023-40115
Published
2023-11-01T00:00:00Z
Modified
2024-08-07T19:29:09.407139Z
Summary
[AIDL] statsd_service_fuzzer crashes on startup
Details

In readLogs of StatsService.cpp, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

References

Affected packages

Android / platform/packages/modules/StatsD

Affected ranges

Type
ECOSYSTEM
Events
Introduced
14-next:0
Fixed
14-next:2023-11-01

Affected versions

Other

14-next

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 222.0,
                "function_hash": "190139916014078794201190441593495255888"
            },
            "id": "ASB-A-285645039-2321da57",
            "source": "https://android.googlesource.com/platform/packages/modules/StatsD/+/3937ea3cdcf531a14cdba4ef176d8aa89d9d6066",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "statsd/src/StatsService.cpp",
                "function": "StatsService::readLogs"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 2525.0,
                "function_hash": "170025933828175594194721604275166181251"
            },
            "id": "ASB-A-285645039-9bfacc48",
            "source": "https://android.googlesource.com/platform/packages/modules/StatsD/+/3937ea3cdcf531a14cdba4ef176d8aa89d9d6066",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "statsd/src/StatsService.cpp",
                "function": "mInitEventDelaySecs"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "24938293731554636473098398205316056354",
                    "18944739092555810520413270013999179633",
                    "62673561178611369184800734059699398735",
                    "107651199482235546255415669659835414516",
                    "15664087137759784019850001285856476293",
                    "52788991262695293056646716387794235053"
                ]
            },
            "id": "ASB-A-285645039-bfd554da",
            "source": "https://android.googlesource.com/platform/packages/modules/StatsD/+/3937ea3cdcf531a14cdba4ef176d8aa89d9d6066",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "statsd/src/StatsService.h"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "284175425589097230727147656800977346044",
                    "334369693926564463613608742465654614201",
                    "288223269456115365291245602458738083098",
                    "148667828061323797183185443430761605895",
                    "283245882279883015538077767184721125668",
                    "91011422154839185681590367440624013254",
                    "228991447056343218450583282699753578122",
                    "200991055704848072321835649022205081417",
                    "314445733331473514438239458627334934923",
                    "290215494774479982526444497481484572928",
                    "150837300128228537133125342259255129700",
                    "158274056577435042297687633569209542541",
                    "299056411393582019832200088668149889192",
                    "108587633537507210242609878158511307392",
                    "108587633537507210242609878158511307392"
                ]
            },
            "id": "ASB-A-285645039-d3caf925",
            "source": "https://android.googlesource.com/platform/packages/modules/StatsD/+/3937ea3cdcf531a14cdba4ef176d8aa89d9d6066",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "statsd/src/StatsService.cpp"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 37.0,
                "function_hash": "290532900627309439606711308425738821162"
            },
            "id": "ASB-A-285645039-efd083d9",
            "source": "https://android.googlesource.com/platform/packages/modules/StatsD/+/3937ea3cdcf531a14cdba4ef176d8aa89d9d6066",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "statsd/src/StatsService.cpp",
                "function": "StatsService::~StatsService"
            },
            "signature_type": "Function"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/packages/modules/StatsD/+/3937ea3cdcf531a14cdba4ef176d8aa89d9d6066"
    ],
    "spl": "2023-11-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}

Android / platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
11:0
Fixed
11:2023-11-01

Affected versions

Other

11

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 222.0,
                "function_hash": "190139916014078794201190441593495255888"
            },
            "id": "ASB-A-285645039-5abb01b1",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/03de4e4f1a0546fdd3b002651851bee9ffe0e11b",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "cmds/statsd/src/StatsService.cpp",
                "function": "StatsService::readLogs"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "9560257399028977192882822136888446391",
                    "6814727255881169936930416864601371522",
                    "95344555408575203031917538580592384557",
                    "131440157779380392246526055656246270484",
                    "208613213791790390267597640934962107644",
                    "94612942637015893079560201185174185719",
                    "149102618012575246417676794546503739423"
                ]
            },
            "id": "ASB-A-285645039-73a84601",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/03de4e4f1a0546fdd3b002651851bee9ffe0e11b",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "cmds/statsd/src/StatsService.h"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "162094486690609551357265491806306373800",
                    "21343630666638973742897342745690999120",
                    "288223269456115365291245602458738083098",
                    "148667828061323797183185443430761605895",
                    "283245882279883015538077767184721125668",
                    "91011422154839185681590367440624013254",
                    "228991447056343218450583282699753578122",
                    "200991055704848072321835649022205081417",
                    "314445733331473514438239458627334934923",
                    "290215494774479982526444497481484572928",
                    "150837300128228537133125342259255129700",
                    "158274056577435042297687633569209542541",
                    "335343134791047350178012205680999322642",
                    "191751358642596428187797542992949197800",
                    "108587633537507210242609878158511307392"
                ]
            },
            "id": "ASB-A-285645039-797889bb",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/03de4e4f1a0546fdd3b002651851bee9ffe0e11b",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "cmds/statsd/src/StatsService.cpp"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 37.0,
                "function_hash": "290532900627309439606711308425738821162"
            },
            "id": "ASB-A-285645039-8fa418a0",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/03de4e4f1a0546fdd3b002651851bee9ffe0e11b",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "cmds/statsd/src/StatsService.cpp",
                "function": "StatsService::~StatsService"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 1584.0,
                "function_hash": "74176117800312312752666027285333827045"
            },
            "id": "ASB-A-285645039-ad3d2575",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/03de4e4f1a0546fdd3b002651851bee9ffe0e11b",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "cmds/statsd/src/StatsService.cpp",
                "function": "mStatsCompanionServiceDeathRecipient"
            },
            "signature_type": "Function"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/03de4e4f1a0546fdd3b002651851bee9ffe0e11b"
    ],
    "spl": "2023-11-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}

Android / platform/packages/modules/StatsD

Affected ranges

Type
ECOSYSTEM
Events
Introduced
12:0
Fixed
12:2023-11-01

Affected versions

Other

12

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "9560257399028977192882822136888446391",
                    "6814727255881169936930416864601371522",
                    "95344555408575203031917538580592384557",
                    "208613213791790390267597640934962107644",
                    "94612942637015893079560201185174185719",
                    "149102618012575246417676794546503739423"
                ]
            },
            "id": "ASB-A-285645039-09dc6373",
            "source": "https://android.googlesource.com/platform/packages/modules/StatsD/+/e67695fae80d3164f5cd5237ebf1b7a0dbfed6f4",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "statsd/src/StatsService.h"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "162094486690609551357265491806306373800",
                    "21343630666638973742897342745690999120",
                    "288223269456115365291245602458738083098",
                    "148667828061323797183185443430761605895",
                    "283245882279883015538077767184721125668",
                    "91011422154839185681590367440624013254",
                    "228991447056343218450583282699753578122",
                    "200991055704848072321835649022205081417",
                    "314445733331473514438239458627334934923",
                    "290215494774479982526444497481484572928",
                    "150837300128228537133125342259255129700",
                    "158274056577435042297687633569209542541",
                    "335343134791047350178012205680999322642",
                    "191751358642596428187797542992949197800",
                    "108587633537507210242609878158511307392"
                ]
            },
            "id": "ASB-A-285645039-38a49bba",
            "source": "https://android.googlesource.com/platform/packages/modules/StatsD/+/e67695fae80d3164f5cd5237ebf1b7a0dbfed6f4",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "statsd/src/StatsService.cpp"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 222.0,
                "function_hash": "190139916014078794201190441593495255888"
            },
            "id": "ASB-A-285645039-a22d4b2a",
            "source": "https://android.googlesource.com/platform/packages/modules/StatsD/+/e67695fae80d3164f5cd5237ebf1b7a0dbfed6f4",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "statsd/src/StatsService.cpp",
                "function": "StatsService::readLogs"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 1584.0,
                "function_hash": "74176117800312312752666027285333827045"
            },
            "id": "ASB-A-285645039-c654231e",
            "source": "https://android.googlesource.com/platform/packages/modules/StatsD/+/e67695fae80d3164f5cd5237ebf1b7a0dbfed6f4",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "statsd/src/StatsService.cpp",
                "function": "mStatsCompanionServiceDeathRecipient"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 37.0,
                "function_hash": "290532900627309439606711308425738821162"
            },
            "id": "ASB-A-285645039-e6cbc6f9",
            "source": "https://android.googlesource.com/platform/packages/modules/StatsD/+/e67695fae80d3164f5cd5237ebf1b7a0dbfed6f4",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "statsd/src/StatsService.cpp",
                "function": "StatsService::~StatsService"
            },
            "signature_type": "Function"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/packages/modules/StatsD/+/e67695fae80d3164f5cd5237ebf1b7a0dbfed6f4"
    ],
    "spl": "2023-11-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}

Android / platform/packages/modules/StatsD

Affected ranges

Type
ECOSYSTEM
Events
Introduced
12L:0
Fixed
12L:2023-11-01

Affected versions

Other

12L

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 1584.0,
                "function_hash": "74176117800312312752666027285333827045"
            },
            "id": "ASB-A-285645039-3ae10a1a",
            "source": "https://android.googlesource.com/platform/packages/modules/StatsD/+/d3bee21e053401c30a1a5cee5a7ddd2d9fa0463e",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "statsd/src/StatsService.cpp",
                "function": "mStatsCompanionServiceDeathRecipient"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 37.0,
                "function_hash": "290532900627309439606711308425738821162"
            },
            "id": "ASB-A-285645039-5cd93382",
            "source": "https://android.googlesource.com/platform/packages/modules/StatsD/+/d3bee21e053401c30a1a5cee5a7ddd2d9fa0463e",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "statsd/src/StatsService.cpp",
                "function": "StatsService::~StatsService"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 222.0,
                "function_hash": "190139916014078794201190441593495255888"
            },
            "id": "ASB-A-285645039-6335df16",
            "source": "https://android.googlesource.com/platform/packages/modules/StatsD/+/d3bee21e053401c30a1a5cee5a7ddd2d9fa0463e",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "statsd/src/StatsService.cpp",
                "function": "StatsService::readLogs"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "162094486690609551357265491806306373800",
                    "21343630666638973742897342745690999120",
                    "288223269456115365291245602458738083098",
                    "148667828061323797183185443430761605895",
                    "283245882279883015538077767184721125668",
                    "91011422154839185681590367440624013254",
                    "228991447056343218450583282699753578122",
                    "200991055704848072321835649022205081417",
                    "314445733331473514438239458627334934923",
                    "290215494774479982526444497481484572928",
                    "150837300128228537133125342259255129700",
                    "158274056577435042297687633569209542541",
                    "335343134791047350178012205680999322642",
                    "191751358642596428187797542992949197800",
                    "108587633537507210242609878158511307392"
                ]
            },
            "id": "ASB-A-285645039-b24378a7",
            "source": "https://android.googlesource.com/platform/packages/modules/StatsD/+/d3bee21e053401c30a1a5cee5a7ddd2d9fa0463e",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "statsd/src/StatsService.cpp"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "9560257399028977192882822136888446391",
                    "6814727255881169936930416864601371522",
                    "95344555408575203031917538580592384557",
                    "208613213791790390267597640934962107644",
                    "94612942637015893079560201185174185719",
                    "149102618012575246417676794546503739423"
                ]
            },
            "id": "ASB-A-285645039-baaf2c19",
            "source": "https://android.googlesource.com/platform/packages/modules/StatsD/+/d3bee21e053401c30a1a5cee5a7ddd2d9fa0463e",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "statsd/src/StatsService.h"
            },
            "signature_type": "Line"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/packages/modules/StatsD/+/d3bee21e053401c30a1a5cee5a7ddd2d9fa0463e"
    ],
    "spl": "2023-11-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}

Android / platform/packages/modules/StatsD

Affected ranges

Type
ECOSYSTEM
Events
Introduced
13:0
Fixed
13:2023-11-01

Affected versions

Other

13

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "9560257399028977192882822136888446391",
                    "6814727255881169936930416864601371522",
                    "95344555408575203031917538580592384557",
                    "208613213791790390267597640934962107644",
                    "94612942637015893079560201185174185719",
                    "149102618012575246417676794546503739423"
                ]
            },
            "id": "ASB-A-285645039-24b1ceba",
            "source": "https://android.googlesource.com/platform/packages/modules/StatsD/+/8dca7a8e0f241a041ac2e061c0070839aee560ff",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "statsd/src/StatsService.h"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 1932.0,
                "function_hash": "150911719169882205645024166510874957982"
            },
            "id": "ASB-A-285645039-2a98aade",
            "source": "https://android.googlesource.com/platform/packages/modules/StatsD/+/8dca7a8e0f241a041ac2e061c0070839aee560ff",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "statsd/src/StatsService.cpp",
                "function": "mStatsCompanionServiceDeathRecipient"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 37.0,
                "function_hash": "290532900627309439606711308425738821162"
            },
            "id": "ASB-A-285645039-a7518c2f",
            "source": "https://android.googlesource.com/platform/packages/modules/StatsD/+/8dca7a8e0f241a041ac2e061c0070839aee560ff",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "statsd/src/StatsService.cpp",
                "function": "StatsService::~StatsService"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 222.0,
                "function_hash": "190139916014078794201190441593495255888"
            },
            "id": "ASB-A-285645039-b4c7688d",
            "source": "https://android.googlesource.com/platform/packages/modules/StatsD/+/8dca7a8e0f241a041ac2e061c0070839aee560ff",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "statsd/src/StatsService.cpp",
                "function": "StatsService::readLogs"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "162094486690609551357265491806306373800",
                    "21343630666638973742897342745690999120",
                    "288223269456115365291245602458738083098",
                    "148667828061323797183185443430761605895",
                    "283245882279883015538077767184721125668",
                    "91011422154839185681590367440624013254",
                    "228991447056343218450583282699753578122",
                    "200991055704848072321835649022205081417",
                    "314445733331473514438239458627334934923",
                    "290215494774479982526444497481484572928",
                    "150837300128228537133125342259255129700",
                    "158274056577435042297687633569209542541",
                    "335343134791047350178012205680999322642",
                    "191751358642596428187797542992949197800",
                    "108587633537507210242609878158511307392"
                ]
            },
            "id": "ASB-A-285645039-d7c42036",
            "source": "https://android.googlesource.com/platform/packages/modules/StatsD/+/8dca7a8e0f241a041ac2e061c0070839aee560ff",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "statsd/src/StatsService.cpp"
            },
            "signature_type": "Line"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/packages/modules/StatsD/+/8dca7a8e0f241a041ac2e061c0070839aee560ff"
    ],
    "spl": "2023-11-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}

Android / platform/packages/modules/StatsD

Affected ranges

Type
ECOSYSTEM
Events
Introduced
14:0
Fixed
14:2023-11-01

Affected versions

Other

14

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "162094486690609551357265491806306373800",
                    "21343630666638973742897342745690999120",
                    "288223269456115365291245602458738083098",
                    "148667828061323797183185443430761605895",
                    "283245882279883015538077767184721125668",
                    "91011422154839185681590367440624013254",
                    "228991447056343218450583282699753578122",
                    "200991055704848072321835649022205081417",
                    "314445733331473514438239458627334934923",
                    "290215494774479982526444497481484572928",
                    "150837300128228537133125342259255129700",
                    "158274056577435042297687633569209542541",
                    "299056411393582019832200088668149889192",
                    "108587633537507210242609878158511307392",
                    "108587633537507210242609878158511307392"
                ]
            },
            "id": "ASB-A-285645039-02c1fe38",
            "source": "https://android.googlesource.com/platform/packages/modules/StatsD/+/c578fa427fea745fd4555ee23d5642a1d2cd0ce3",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "statsd/src/StatsService.cpp"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 2510.0,
                "function_hash": "122149015475048257650068008049466191562"
            },
            "id": "ASB-A-285645039-225fa4c3",
            "source": "https://android.googlesource.com/platform/packages/modules/StatsD/+/c578fa427fea745fd4555ee23d5642a1d2cd0ce3",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "statsd/src/StatsService.cpp",
                "function": "mInitEventDelaySecs"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "24938293731554636473098398205316056354",
                    "18944739092555810520413270013999179633",
                    "62673561178611369184800734059699398735",
                    "107651199482235546255415669659835414516",
                    "15664087137759784019850001285856476293",
                    "52788991262695293056646716387794235053"
                ]
            },
            "id": "ASB-A-285645039-4a816df9",
            "source": "https://android.googlesource.com/platform/packages/modules/StatsD/+/c578fa427fea745fd4555ee23d5642a1d2cd0ce3",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "statsd/src/StatsService.h"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 37.0,
                "function_hash": "290532900627309439606711308425738821162"
            },
            "id": "ASB-A-285645039-537165a9",
            "source": "https://android.googlesource.com/platform/packages/modules/StatsD/+/c578fa427fea745fd4555ee23d5642a1d2cd0ce3",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "statsd/src/StatsService.cpp",
                "function": "StatsService::~StatsService"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 222.0,
                "function_hash": "190139916014078794201190441593495255888"
            },
            "id": "ASB-A-285645039-f8e3caeb",
            "source": "https://android.googlesource.com/platform/packages/modules/StatsD/+/c578fa427fea745fd4555ee23d5642a1d2cd0ce3",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "statsd/src/StatsService.cpp",
                "function": "StatsService::readLogs"
            },
            "signature_type": "Function"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/packages/modules/StatsD/+/c578fa427fea745fd4555ee23d5642a1d2cd0ce3"
    ],
    "spl": "2023-11-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}