ASB-A-293602317

See a problem?
Import Source
https://storage.googleapis.com/android-osv/ASB-A-293602317.json
JSON Data
https://api.osv.dev/v1/vulns/ASB-A-293602317
Aliases
  • A-293602317
  • CVE-2024-0024
Published
2024-05-01T00:00:00Z
Modified
2024-08-07T19:29:44.667928Z
Summary
[STS SDK Grant] Create and persist a new secondary user without any restrictions via a super large seed account type
Details

In multiple methods of UserManagerService.java, there is a possible failure to persist or enforce user restrictions due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

References

Affected packages

Android / platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
14-next:0
Fixed
14-next:2024-05-01

Affected versions

Other

14-next

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "9463191120944565777214923587569540280",
                    "122948831978021524892316983953446463325",
                    "92472102344881644431830790738066790673",
                    "167065115139944003153512953068553907891",
                    "340215464376248865824947300777503185264",
                    "221168945578021651559295763786183083054",
                    "131744847661277240634565311564085973108",
                    "103367733749084258736728368274322623346",
                    "179925580572788879788475130054462708914",
                    "196342960548204308401723679118648079086",
                    "290321685008039217998855658215928044591",
                    "75387723144994033401847672675012393388",
                    "67366564525647400157695413450827258220",
                    "272780187264705393032792419979498836551",
                    "238741401060336175638099375497740303177",
                    "259279927726206483199262694158630246435",
                    "183029252510547657779880201967699359444",
                    "195441015140250236884590713138112717388",
                    "154830493048076088366513224219833566639",
                    "292349649739903354519742504810837097269",
                    "74757550851833025026619482507635734368",
                    "335645142261224268762006381740052233188",
                    "109183959224805865307895779680093246307",
                    "320347336774733139136288916442402746975",
                    "153537896584459150438194966513331789145",
                    "290138044157543726570565097636556565394",
                    "94951731505717292874816718517677494937",
                    "212459908943937449820271126626157033223",
                    "143346065962046306861345672815340128659",
                    "39202483775613760801013793315159228727",
                    "223464662744292259328231130015590290691",
                    "243196525702888915879421091889262579799",
                    "222906682215279304745915779653792229664",
                    "2041196555325525214139183417421403394",
                    "188099220589577487798346861997025355777"
                ]
            },
            "id": "ASB-A-293602317-3607cff1",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/ad66666a7345f233e31f49445d42c74bd7767264",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/pm/UserManagerService.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 6218.0,
                "function_hash": "202562576093626664732976268044019536821"
            },
            "id": "ASB-A-293602317-603c018a",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/ad66666a7345f233e31f49445d42c74bd7767264",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/pm/UserManagerService.java",
                "function": "createUserInternalUncheckedNoTracing"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 3635.0,
                "function_hash": "144548358230426864873260022106430419425"
            },
            "id": "ASB-A-293602317-a9ea5d47",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/ad66666a7345f233e31f49445d42c74bd7767264",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/pm/UserManagerService.java",
                "function": "writeUserLP"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 527.0,
                "function_hash": "162974419970696908515454636762840654481"
            },
            "id": "ASB-A-293602317-bb4015b1",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/ad66666a7345f233e31f49445d42c74bd7767264",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/pm/UserManagerService.java",
                "function": "setSeedAccountDataNoChecks"
            },
            "signature_type": "Function"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/ad66666a7345f233e31f49445d42c74bd7767264"
    ],
    "spl": "2024-05-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}

Android / platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
12:0
Fixed
12:2024-05-01

Affected versions

Other

12

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "336770520496282681441314896640216048437",
                    "196318341949663620568384875019858555190",
                    "58551288301263779771889156118854047197",
                    "167065115139944003153512953068553907891",
                    "340215464376248865824947300777503185264",
                    "221168945578021651559295763786183083054",
                    "131744847661277240634565311564085973108",
                    "103367733749084258736728368274322623346",
                    "179925580572788879788475130054462708914",
                    "196342960548204308401723679118648079086",
                    "290321685008039217998855658215928044591",
                    "75387723144994033401847672675012393388",
                    "67366564525647400157695413450827258220",
                    "272780187264705393032792419979498836551",
                    "238741401060336175638099375497740303177",
                    "279577176035107001512934654237869507516",
                    "145880162779565741837819676483228499300",
                    "127809519349970645360697777428549622625",
                    "307980875257337246381009565866838557903",
                    "330212089550213811688452876207213689027",
                    "292349649739903354519742504810837097269",
                    "6127841152270119643958952414669350211",
                    "335645142261224268762006381740052233188",
                    "109183959224805865307895779680093246307",
                    "320347336774733139136288916442402746975",
                    "153537896584459150438194966513331789145",
                    "290138044157543726570565097636556565394",
                    "183149366999774343672822517647013108117",
                    "278675113163975809037263769056095463902",
                    "143346065962046306861345672815340128659",
                    "39202483775613760801013793315159228727",
                    "223464662744292259328231130015590290691",
                    "243196525702888915879421091889262579799",
                    "222906682215279304745915779653792229664",
                    "2041196555325525214139183417421403394",
                    "188099220589577487798346861997025355777"
                ]
            },
            "id": "ASB-A-293602317-3e8fc968",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/46caac641941f2e8865a8d53400f959b3bd98d88",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/pm/UserManagerService.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 565.0,
                "function_hash": "17478972632755109935792096038178691063"
            },
            "id": "ASB-A-293602317-eecf54bd",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/46caac641941f2e8865a8d53400f959b3bd98d88",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/pm/UserManagerService.java",
                "function": "setSeedAccountData"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 3298.0,
                "function_hash": "14431357685230850289420472586775119205"
            },
            "id": "ASB-A-293602317-f1299a83",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/46caac641941f2e8865a8d53400f959b3bd98d88",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/pm/UserManagerService.java",
                "function": "writeUserLP"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 5792.0,
                "function_hash": "272657188131738071713369073931175915923"
            },
            "id": "ASB-A-293602317-f4915321",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/46caac641941f2e8865a8d53400f959b3bd98d88",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/pm/UserManagerService.java",
                "function": "createUserInternalUncheckedNoTracing"
            },
            "signature_type": "Function"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/46caac641941f2e8865a8d53400f959b3bd98d88"
    ],
    "spl": "2024-05-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}

Android / platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
12L:0
Fixed
12L:2024-05-01

Affected versions

Other

12L

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 565.0,
                "function_hash": "17478972632755109935792096038178691063"
            },
            "id": "ASB-A-293602317-05556f3a",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/59042a32c7e192d160c295ecb6477a09bb5da0bb",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/pm/UserManagerService.java",
                "function": "setSeedAccountData"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 3298.0,
                "function_hash": "14431357685230850289420472586775119205"
            },
            "id": "ASB-A-293602317-13d2e283",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/59042a32c7e192d160c295ecb6477a09bb5da0bb",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/pm/UserManagerService.java",
                "function": "writeUserLP"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 5792.0,
                "function_hash": "272657188131738071713369073931175915923"
            },
            "id": "ASB-A-293602317-2050492b",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/59042a32c7e192d160c295ecb6477a09bb5da0bb",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/pm/UserManagerService.java",
                "function": "createUserInternalUncheckedNoTracing"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "336770520496282681441314896640216048437",
                    "196318341949663620568384875019858555190",
                    "58551288301263779771889156118854047197",
                    "167065115139944003153512953068553907891",
                    "340215464376248865824947300777503185264",
                    "221168945578021651559295763786183083054",
                    "131744847661277240634565311564085973108",
                    "103367733749084258736728368274322623346",
                    "179925580572788879788475130054462708914",
                    "196342960548204308401723679118648079086",
                    "290321685008039217998855658215928044591",
                    "75387723144994033401847672675012393388",
                    "67366564525647400157695413450827258220",
                    "272780187264705393032792419979498836551",
                    "238741401060336175638099375497740303177",
                    "279577176035107001512934654237869507516",
                    "145880162779565741837819676483228499300",
                    "127809519349970645360697777428549622625",
                    "307980875257337246381009565866838557903",
                    "330212089550213811688452876207213689027",
                    "292349649739903354519742504810837097269",
                    "6127841152270119643958952414669350211",
                    "335645142261224268762006381740052233188",
                    "109183959224805865307895779680093246307",
                    "320347336774733139136288916442402746975",
                    "153537896584459150438194966513331789145",
                    "290138044157543726570565097636556565394",
                    "183149366999774343672822517647013108117",
                    "278675113163975809037263769056095463902",
                    "143346065962046306861345672815340128659",
                    "39202483775613760801013793315159228727",
                    "223464662744292259328231130015590290691",
                    "243196525702888915879421091889262579799",
                    "222906682215279304745915779653792229664",
                    "2041196555325525214139183417421403394",
                    "188099220589577487798346861997025355777"
                ]
            },
            "id": "ASB-A-293602317-a1d3211d",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/59042a32c7e192d160c295ecb6477a09bb5da0bb",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/pm/UserManagerService.java"
            },
            "signature_type": "Line"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/59042a32c7e192d160c295ecb6477a09bb5da0bb"
    ],
    "spl": "2024-05-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}

Android / platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
13:0
Fixed
13:2024-05-01

Affected versions

Other

13

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 565.0,
                "function_hash": "17478972632755109935792096038178691063"
            },
            "id": "ASB-A-293602317-2418bb06",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/59042a32c7e192d160c295ecb6477a09bb5da0bb",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/pm/UserManagerService.java",
                "function": "setSeedAccountData"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "336770520496282681441314896640216048437",
                    "196318341949663620568384875019858555190",
                    "58551288301263779771889156118854047197",
                    "167065115139944003153512953068553907891",
                    "340215464376248865824947300777503185264",
                    "221168945578021651559295763786183083054",
                    "131744847661277240634565311564085973108",
                    "103367733749084258736728368274322623346",
                    "179925580572788879788475130054462708914",
                    "196342960548204308401723679118648079086",
                    "290321685008039217998855658215928044591",
                    "75387723144994033401847672675012393388",
                    "67366564525647400157695413450827258220",
                    "272780187264705393032792419979498836551",
                    "238741401060336175638099375497740303177",
                    "279577176035107001512934654237869507516",
                    "145880162779565741837819676483228499300",
                    "127809519349970645360697777428549622625",
                    "307980875257337246381009565866838557903",
                    "330212089550213811688452876207213689027",
                    "292349649739903354519742504810837097269",
                    "6127841152270119643958952414669350211",
                    "335645142261224268762006381740052233188",
                    "109183959224805865307895779680093246307",
                    "320347336774733139136288916442402746975",
                    "153537896584459150438194966513331789145",
                    "290138044157543726570565097636556565394",
                    "183149366999774343672822517647013108117",
                    "278675113163975809037263769056095463902",
                    "143346065962046306861345672815340128659",
                    "39202483775613760801013793315159228727",
                    "223464662744292259328231130015590290691",
                    "243196525702888915879421091889262579799",
                    "222906682215279304745915779653792229664",
                    "2041196555325525214139183417421403394",
                    "188099220589577487798346861997025355777"
                ]
            },
            "id": "ASB-A-293602317-26d5e4b2",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/59042a32c7e192d160c295ecb6477a09bb5da0bb",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/pm/UserManagerService.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 3298.0,
                "function_hash": "14431357685230850289420472586775119205"
            },
            "id": "ASB-A-293602317-6089c84d",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/59042a32c7e192d160c295ecb6477a09bb5da0bb",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/pm/UserManagerService.java",
                "function": "writeUserLP"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 5792.0,
                "function_hash": "272657188131738071713369073931175915923"
            },
            "id": "ASB-A-293602317-6b276ef8",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/59042a32c7e192d160c295ecb6477a09bb5da0bb",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/pm/UserManagerService.java",
                "function": "createUserInternalUncheckedNoTracing"
            },
            "signature_type": "Function"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/59042a32c7e192d160c295ecb6477a09bb5da0bb"
    ],
    "spl": "2024-05-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}

Android / platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
14:0
Fixed
14:2024-05-01

Affected versions

Other

14

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 527.0,
                "function_hash": "162974419970696908515454636762840654481"
            },
            "id": "ASB-A-293602317-380cc354",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/1bc8e28626843225b09b2b070685f81fbadefc08",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/pm/UserManagerService.java",
                "function": "setSeedAccountDataNoChecks"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "9463191120944565777214923587569540280",
                    "122948831978021524892316983953446463325",
                    "92472102344881644431830790738066790673",
                    "167065115139944003153512953068553907891",
                    "340215464376248865824947300777503185264",
                    "221168945578021651559295763786183083054",
                    "131744847661277240634565311564085973108",
                    "103367733749084258736728368274322623346",
                    "179925580572788879788475130054462708914",
                    "196342960548204308401723679118648079086",
                    "290321685008039217998855658215928044591",
                    "75387723144994033401847672675012393388",
                    "67366564525647400157695413450827258220",
                    "272780187264705393032792419979498836551",
                    "238741401060336175638099375497740303177",
                    "259279927726206483199262694158630246435",
                    "183029252510547657779880201967699359444",
                    "195441015140250236884590713138112717388",
                    "154830493048076088366513224219833566639",
                    "292349649739903354519742504810837097269",
                    "74757550851833025026619482507635734368",
                    "335645142261224268762006381740052233188",
                    "109183959224805865307895779680093246307",
                    "320347336774733139136288916442402746975",
                    "153537896584459150438194966513331789145",
                    "290138044157543726570565097636556565394",
                    "94951731505717292874816718517677494937",
                    "212459908943937449820271126626157033223",
                    "143346065962046306861345672815340128659",
                    "39202483775613760801013793315159228727",
                    "223464662744292259328231130015590290691",
                    "243196525702888915879421091889262579799",
                    "222906682215279304745915779653792229664",
                    "2041196555325525214139183417421403394",
                    "188099220589577487798346861997025355777"
                ]
            },
            "id": "ASB-A-293602317-591df365",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/1bc8e28626843225b09b2b070685f81fbadefc08",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/pm/UserManagerService.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 3635.0,
                "function_hash": "144548358230426864873260022106430419425"
            },
            "id": "ASB-A-293602317-59fe4ee5",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/1bc8e28626843225b09b2b070685f81fbadefc08",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/pm/UserManagerService.java",
                "function": "writeUserLP"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 5798.0,
                "function_hash": "137805121615530708957201457640858822254"
            },
            "id": "ASB-A-293602317-bb732334",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/1bc8e28626843225b09b2b070685f81fbadefc08",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/pm/UserManagerService.java",
                "function": "createUserInternalUncheckedNoTracing"
            },
            "signature_type": "Function"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/1bc8e28626843225b09b2b070685f81fbadefc08"
    ],
    "spl": "2024-05-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}