ASB-A-287640400

See a problem?
Import Source
https://storage.googleapis.com/android-osv/ASB-A-287640400.json
JSON Data
https://api.osv.dev/v1/vulns/ASB-A-287640400
Aliases
  • A-287640400
  • CVE-2023-40073
Published
2023-12-01T00:00:00Z
Modified
2024-08-07T19:29:07.413286Z
Summary
Enumerating other users' photos by posting important conversation Notifications with a message sender person
Details

In visitUris of Notification.java, there is a possible cross-user media read due to Confused Deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

References

Affected packages

Android / platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
14-next:0
Fixed
14-next:2023-12-01

Affected versions

Other

14-next

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 2769.0,
                "function_hash": "201985218415011711560751470036948186349"
            },
            "id": "ASB-A-287640400-0132a93e",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/f681073d91a5f1461324d829b6cd6c1b56ae71bd",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "core/java/android/app/Notification.java",
                "function": "visitUris"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "147145125135629588391615947816063029025",
                    "281732678064438727946495070623556209283",
                    "142686402721790116739280597824549437236",
                    "85278780104695710719872825570651375143",
                    "7417117942208748972418722929560296056",
                    "43131416255491976861669527594031932808",
                    "108905658301692973882570739318435011551",
                    "108587633537507210242609878158511307392",
                    "209214712958229127365277677898883133842",
                    "4422083245898015211383055637752888781",
                    "103552041863994905675684917208281704433",
                    "37632166122149386811223787386280723680",
                    "73849403225311842655267071472360173532",
                    "291957484433081372285600943892667379318",
                    "66861139576724940568902264861670360430",
                    "244669392767242786024723497502983957733",
                    "17517019758488840952545588009142151325"
                ]
            },
            "id": "ASB-A-287640400-604655c7",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/f681073d91a5f1461324d829b6cd6c1b56ae71bd",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "core/java/android/app/Notification.java"
            },
            "signature_type": "Line"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/f681073d91a5f1461324d829b6cd6c1b56ae71bd"
    ],
    "spl": "2023-12-01",
    "severity": "High",
    "types": [
        "ID"
    ]
}

Android / platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
11:0
Fixed
11:2023-12-01

Affected versions

Other

11

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "17209269953019172130702873434132132722",
                    "273011446949303099690139840038706141544",
                    "87619567163106936680864857850098689141",
                    "220635192558347618428557710966537549630",
                    "147390288046710788454631021817366760429",
                    "227971850139857560975030153672215940307",
                    "187870482558217037897344299771329252057",
                    "108587633537507210242609878158511307392",
                    "238482942521325421166953426418539953961",
                    "336609230544111782529988548778564228079",
                    "173394939516140047102879135056767743279",
                    "54400578888695249090798415271074078221"
                ]
            },
            "id": "ASB-A-287640400-c28387b8",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/a7e0c6585fd155d5bd9354b8b15516f4788c33a7",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "core/java/android/app/Notification.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 2581.0,
                "function_hash": "262132017175392463767878872766108479421"
            },
            "id": "ASB-A-287640400-eca5c718",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/a7e0c6585fd155d5bd9354b8b15516f4788c33a7",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "core/java/android/app/Notification.java",
                "function": "visitUris"
            },
            "signature_type": "Function"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/a7e0c6585fd155d5bd9354b8b15516f4788c33a7"
    ],
    "spl": "2023-12-01",
    "severity": "High",
    "types": [
        "ID"
    ]
}

Android / platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
12:0
Fixed
12:2023-12-01

Affected versions

Other

12

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 2904.0,
                "function_hash": "330302221767727683507046250836261280812"
            },
            "id": "ASB-A-287640400-96c98107",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/87db980ca1270083a2ba3c7317402a0cd289fd65",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "core/java/android/app/Notification.java",
                "function": "visitUris"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "149682647126246980450813888265983878136",
                    "139268105701371031712134097557714266014",
                    "197585125163988185987062498860316791841",
                    "293871498699140096628809383344655540256",
                    "157168360506007279060120465614609954899",
                    "227971850139857560975030153672215940307",
                    "187870482558217037897344299771329252057",
                    "108587633537507210242609878158511307392",
                    "209214712958229127365277677898883133842",
                    "247274710125108089918752834510465687719",
                    "275420439690197521529143529770472213140",
                    "90544060682381301178915754424100445601",
                    "234444926472905264221245843932327875381",
                    "249140699872570335116461996548423358221",
                    "101803455055234848959300302164930637449",
                    "160755499569831398663180417212296914663",
                    "173820567809165489649736099919517038060"
                ]
            },
            "id": "ASB-A-287640400-d8921592",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/87db980ca1270083a2ba3c7317402a0cd289fd65",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "core/java/android/app/Notification.java"
            },
            "signature_type": "Line"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/87db980ca1270083a2ba3c7317402a0cd289fd65"
    ],
    "spl": "2023-12-01",
    "severity": "High",
    "types": [
        "ID"
    ]
}

Android / platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
12L:0
Fixed
12L:2023-12-01

Affected versions

Other

12L

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 2904.0,
                "function_hash": "330302221767727683507046250836261280812"
            },
            "id": "ASB-A-287640400-19572b02",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/87db980ca1270083a2ba3c7317402a0cd289fd65",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "core/java/android/app/Notification.java",
                "function": "visitUris"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "149682647126246980450813888265983878136",
                    "139268105701371031712134097557714266014",
                    "197585125163988185987062498860316791841",
                    "293871498699140096628809383344655540256",
                    "157168360506007279060120465614609954899",
                    "227971850139857560975030153672215940307",
                    "187870482558217037897344299771329252057",
                    "108587633537507210242609878158511307392",
                    "209214712958229127365277677898883133842",
                    "247274710125108089918752834510465687719",
                    "275420439690197521529143529770472213140",
                    "90544060682381301178915754424100445601",
                    "234444926472905264221245843932327875381",
                    "249140699872570335116461996548423358221",
                    "101803455055234848959300302164930637449",
                    "160755499569831398663180417212296914663",
                    "173820567809165489649736099919517038060"
                ]
            },
            "id": "ASB-A-287640400-8b070e85",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/87db980ca1270083a2ba3c7317402a0cd289fd65",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "core/java/android/app/Notification.java"
            },
            "signature_type": "Line"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/87db980ca1270083a2ba3c7317402a0cd289fd65"
    ],
    "spl": "2023-12-01",
    "severity": "High",
    "types": [
        "ID"
    ]
}

Android / platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
13:0
Fixed
13:2023-12-01

Affected versions

Other

13

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 2952.0,
                "function_hash": "218611055744708306518163908548631465702"
            },
            "id": "ASB-A-287640400-63958040",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/3c2ebb81ff064cdf1fbe58c15920f44d343e9391",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "core/java/android/app/Notification.java",
                "function": "visitUris"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "155754717432209013017543167464952632511",
                    "114249688477433304223182082335439108100",
                    "22721810471636571311748513428527171493",
                    "209530810119055766998990867496632062624",
                    "781225146328105575814677055182072393",
                    "201520778652802430645411465180549161940",
                    "275031627355662767670014368247287897901",
                    "281732678064438727946495070623556209283",
                    "119091735977763546063692168043607642164",
                    "250638055627944970047384174701610575040",
                    "88299794168774314635044546257261857265",
                    "180262050703456585785769205171919383845",
                    "108905658301692973882570739318435011551",
                    "108587633537507210242609878158511307392",
                    "209214712958229127365277677898883133842",
                    "247274710125108089918752834510465687719",
                    "275420439690197521529143529770472213140",
                    "90544060682381301178915754424100445601",
                    "174773538391543390547072899090801225263",
                    "208846296421393991542105520785753736042",
                    "16915267631876370560627816182013625710",
                    "37169510279397837687069754429310609330",
                    "239494160250163390723174443656735345545",
                    "183671867846423336259288113830564499130",
                    "234444926472905264221245843932327875381",
                    "249140699872570335116461996548423358221",
                    "101803455055234848959300302164930637449",
                    "160755499569831398663180417212296914663",
                    "173820567809165489649736099919517038060",
                    "149572172347206097383450124856241791941",
                    "216047209128885008134994698672488946183",
                    "230604067347090329615129250887209897007",
                    "34747155296587682055564506055647708681",
                    "216543036933530589877677361988555716890"
                ]
            },
            "id": "ASB-A-287640400-adfe55c7",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/3c2ebb81ff064cdf1fbe58c15920f44d343e9391",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "core/java/android/app/Notification.java"
            },
            "signature_type": "Line"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/3c2ebb81ff064cdf1fbe58c15920f44d343e9391"
    ],
    "spl": "2023-12-01",
    "severity": "High",
    "types": [
        "ID"
    ]
}

Android / platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
14:0
Fixed
14:2023-12-01

Affected versions

Other

14

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "275031627355662767670014368247287897901",
                    "281732678064438727946495070623556209283",
                    "119091735977763546063692168043607642164",
                    "250638055627944970047384174701610575040",
                    "88299794168774314635044546257261857265",
                    "180262050703456585785769205171919383845",
                    "108905658301692973882570739318435011551",
                    "108587633537507210242609878158511307392",
                    "209214712958229127365277677898883133842",
                    "4422083245898015211383055637752888781",
                    "103552041863994905675684917208281704433",
                    "37632166122149386811223787386280723680",
                    "73849403225311842655267071472360173532",
                    "291957484433081372285600943892667379318",
                    "66861139576724940568902264861670360430",
                    "244669392767242786024723497502983957733",
                    "46092162532536089214777198820882741896"
                ]
            },
            "id": "ASB-A-287640400-12e5860a",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/3054c3ba40319490281562bdd2adb1456f5b1dc9",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "core/java/android/app/Notification.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 3048.0,
                "function_hash": "16480000897640145369319295520833400692"
            },
            "id": "ASB-A-287640400-b6d5660a",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/3054c3ba40319490281562bdd2adb1456f5b1dc9",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "core/java/android/app/Notification.java",
                "function": "visitUris"
            },
            "signature_type": "Function"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/3054c3ba40319490281562bdd2adb1456f5b1dc9"
    ],
    "spl": "2023-12-01",
    "severity": "High",
    "types": [
        "ID"
    ]
}