ASB-A-288896339

See a problem?
Import Source
https://storage.googleapis.com/android-osv/ASB-A-288896339.json
JSON Data
https://api.osv.dev/v1/vulns/ASB-A-288896339
Aliases
  • A-288896339
  • CVE-2023-40094
Published
2023-12-01T00:00:00Z
Modified
2024-08-07T19:29:46.881332Z
Summary
No permission checks on ActivityTaskManagerService#keyguardGoingAway
Details

In keyguardGoingAway of ActivityTaskManagerService.java, there is a possible lock screen bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

References

Affected packages

Android / platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
14-next:0
Fixed
14-next:2023-12-01

Affected versions

Other

14-next

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 618.0,
                "function_hash": "18450793016039751882161471123903104771"
            },
            "id": "ASB-A-288896339-1c661055",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/bd2aa5d309c5bf8e73161975bd5aba7945b25e84",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/wm/ActivityTaskManagerService.java",
                "function": "keyguardGoingAway"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "130489095145400917776813713537007795442",
                    "278193841134142408998192934093106006356",
                    "330932791736218819777175471699729872299",
                    "56211969826742766420930325550656389895",
                    "127224605848258698820843035590132556834",
                    "264741881997647552184624361309976979613",
                    "101117958547520561979416695057660209376"
                ]
            },
            "id": "ASB-A-288896339-2a158430",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/bd2aa5d309c5bf8e73161975bd5aba7945b25e84",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/wm/ActivityTaskManagerService.java"
            },
            "signature_type": "Line"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/bd2aa5d309c5bf8e73161975bd5aba7945b25e84"
    ],
    "spl": "2023-12-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}

Android / platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
11:0
Fixed
11:2023-12-01

Affected versions

Other

11

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "130489095145400917776813713537007795442",
                    "104423481067330968789877443750909090044",
                    "23336195211901233531059176708158255384",
                    "56211969826742766420930325550656389895",
                    "127224605848258698820843035590132556834",
                    "264741881997647552184624361309976979613",
                    "101117958547520561979416695057660209376"
                ]
            },
            "id": "ASB-A-288896339-10749946",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/ad8e7e3b1db22684988a179e23639567a4096ca6",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/wm/ActivityTaskManagerService.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 235.0,
                "function_hash": "220605962547549702920589314919307302123"
            },
            "id": "ASB-A-288896339-6bf98c35",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/ad8e7e3b1db22684988a179e23639567a4096ca6",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/wm/ActivityTaskManagerService.java",
                "function": "keyguardGoingAway"
            },
            "signature_type": "Function"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/ad8e7e3b1db22684988a179e23639567a4096ca6"
    ],
    "spl": "2023-12-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}

Android / platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
12:0
Fixed
12:2023-12-01

Affected versions

Other

12

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "130489095145400917776813713537007795442",
                    "104423481067330968789877443750909090044",
                    "23336195211901233531059176708158255384",
                    "56211969826742766420930325550656389895",
                    "127224605848258698820843035590132556834",
                    "264741881997647552184624361309976979613",
                    "101117958547520561979416695057660209376"
                ]
            },
            "id": "ASB-A-288896339-2cffc941",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/7f28e3eaaf7c91c6b22ef89a9f18bfe081ba5b1e",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/wm/ActivityTaskManagerService.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 235.0,
                "function_hash": "220605962547549702920589314919307302123"
            },
            "id": "ASB-A-288896339-79f795f4",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/7f28e3eaaf7c91c6b22ef89a9f18bfe081ba5b1e",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/wm/ActivityTaskManagerService.java",
                "function": "keyguardGoingAway"
            },
            "signature_type": "Function"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/7f28e3eaaf7c91c6b22ef89a9f18bfe081ba5b1e"
    ],
    "spl": "2023-12-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}

Android / platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
12L:0
Fixed
12L:2023-12-01

Affected versions

Other

12L

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 235.0,
                "function_hash": "220605962547549702920589314919307302123"
            },
            "id": "ASB-A-288896339-026a0854",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/6568e40be92a15def8e0b6da9c3a18633a71cc3b",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/wm/ActivityTaskManagerService.java",
                "function": "keyguardGoingAway"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "130489095145400917776813713537007795442",
                    "104423481067330968789877443750909090044",
                    "23336195211901233531059176708158255384",
                    "56211969826742766420930325550656389895",
                    "127224605848258698820843035590132556834",
                    "264741881997647552184624361309976979613",
                    "101117958547520561979416695057660209376"
                ]
            },
            "id": "ASB-A-288896339-38c5aaf8",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/6568e40be92a15def8e0b6da9c3a18633a71cc3b",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/wm/ActivityTaskManagerService.java"
            },
            "signature_type": "Line"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/6568e40be92a15def8e0b6da9c3a18633a71cc3b"
    ],
    "spl": "2023-12-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}

Android / platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
13:0
Fixed
13:2023-12-01

Affected versions

Other

13

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 463.0,
                "function_hash": "305551150509788336900740638482705596740"
            },
            "id": "ASB-A-288896339-18d69855",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/41bc7c0042f1dd004179f32376f72a8811d83c6e",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/wm/ActivityTaskManagerService.java",
                "function": "keyguardGoingAway"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "130489095145400917776813713537007795442",
                    "104423481067330968789877443750909090044",
                    "23336195211901233531059176708158255384",
                    "56211969826742766420930325550656389895",
                    "127224605848258698820843035590132556834",
                    "264741881997647552184624361309976979613",
                    "101117958547520561979416695057660209376"
                ]
            },
            "id": "ASB-A-288896339-a8923c81",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/41bc7c0042f1dd004179f32376f72a8811d83c6e",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/wm/ActivityTaskManagerService.java"
            },
            "signature_type": "Line"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/41bc7c0042f1dd004179f32376f72a8811d83c6e"
    ],
    "spl": "2023-12-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}

Android / platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
14:0
Fixed
14:2023-12-01

Affected versions

Other

14

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "130489095145400917776813713537007795442",
                    "278193841134142408998192934093106006356",
                    "330932791736218819777175471699729872299",
                    "56211969826742766420930325550656389895",
                    "127224605848258698820843035590132556834",
                    "264741881997647552184624361309976979613",
                    "101117958547520561979416695057660209376"
                ]
            },
            "id": "ASB-A-288896339-c635eb41",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/d41eb87422d238a5c854e67ef73d300c9d1caf0c",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/wm/ActivityTaskManagerService.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 618.0,
                "function_hash": "18450793016039751882161471123903104771"
            },
            "id": "ASB-A-288896339-fe32f71d",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/d41eb87422d238a5c854e67ef73d300c9d1caf0c",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/wm/ActivityTaskManagerService.java",
                "function": "keyguardGoingAway"
            },
            "signature_type": "Function"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/d41eb87422d238a5c854e67ef73d300c9d1caf0c"
    ],
    "spl": "2023-12-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}