In multiple methods of UserManagerService.java, there is a possible failure to persist or enforce user restrictions due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
{ "vanir_signatures": [ { "digest": { "threshold": 0.9, "line_hashes": [ "9463191120944565777214923587569540280", "122948831978021524892316983953446463325", "92472102344881644431830790738066790673", "167065115139944003153512953068553907891", "340215464376248865824947300777503185264", "221168945578021651559295763786183083054", "131744847661277240634565311564085973108", "103367733749084258736728368274322623346", "179925580572788879788475130054462708914", "196342960548204308401723679118648079086", "290321685008039217998855658215928044591", "75387723144994033401847672675012393388", "67366564525647400157695413450827258220", "272780187264705393032792419979498836551", "238741401060336175638099375497740303177", "259279927726206483199262694158630246435", "183029252510547657779880201967699359444", "195441015140250236884590713138112717388", "154830493048076088366513224219833566639", "292349649739903354519742504810837097269", "74757550851833025026619482507635734368", "335645142261224268762006381740052233188", "109183959224805865307895779680093246307", "320347336774733139136288916442402746975", "153537896584459150438194966513331789145", "290138044157543726570565097636556565394", "94951731505717292874816718517677494937", "212459908943937449820271126626157033223", "143346065962046306861345672815340128659", "39202483775613760801013793315159228727", "223464662744292259328231130015590290691", "243196525702888915879421091889262579799", "222906682215279304745915779653792229664", "2041196555325525214139183417421403394", "188099220589577487798346861997025355777" ] }, "id": "ASB-A-293602317-3607cff1", "source": "https://android.googlesource.com/platform/frameworks/base/+/ad66666a7345f233e31f49445d42c74bd7767264", "deprecated": false, "signature_version": "v1", "target": { "file": "services/core/java/com/android/server/pm/UserManagerService.java" }, "signature_type": "Line" }, { "digest": { "length": 6218.0, "function_hash": "202562576093626664732976268044019536821" }, "id": "ASB-A-293602317-603c018a", "source": "https://android.googlesource.com/platform/frameworks/base/+/ad66666a7345f233e31f49445d42c74bd7767264", "deprecated": false, "signature_version": "v1", "target": { "file": "services/core/java/com/android/server/pm/UserManagerService.java", "function": "createUserInternalUncheckedNoTracing" }, "signature_type": "Function" }, { "digest": { "length": 3635.0, "function_hash": "144548358230426864873260022106430419425" }, "id": "ASB-A-293602317-a9ea5d47", "source": "https://android.googlesource.com/platform/frameworks/base/+/ad66666a7345f233e31f49445d42c74bd7767264", "deprecated": false, "signature_version": "v1", "target": { "file": "services/core/java/com/android/server/pm/UserManagerService.java", "function": "writeUserLP" }, "signature_type": "Function" }, { "digest": { "length": 527.0, "function_hash": "162974419970696908515454636762840654481" }, "id": "ASB-A-293602317-bb4015b1", "source": "https://android.googlesource.com/platform/frameworks/base/+/ad66666a7345f233e31f49445d42c74bd7767264", "deprecated": false, "signature_version": "v1", "target": { "file": "services/core/java/com/android/server/pm/UserManagerService.java", "function": "setSeedAccountDataNoChecks" }, "signature_type": "Function" } ], "fixes": [ "https://android.googlesource.com/platform/frameworks/base/+/ad66666a7345f233e31f49445d42c74bd7767264" ], "spl": "2024-05-01", "severity": "High", "types": [ "EoP" ] }
{ "vanir_signatures": [ { "digest": { "threshold": 0.9, "line_hashes": [ "336770520496282681441314896640216048437", "196318341949663620568384875019858555190", "58551288301263779771889156118854047197", "167065115139944003153512953068553907891", "340215464376248865824947300777503185264", "221168945578021651559295763786183083054", "131744847661277240634565311564085973108", "103367733749084258736728368274322623346", "179925580572788879788475130054462708914", "196342960548204308401723679118648079086", "290321685008039217998855658215928044591", "75387723144994033401847672675012393388", "67366564525647400157695413450827258220", "272780187264705393032792419979498836551", "238741401060336175638099375497740303177", "279577176035107001512934654237869507516", "145880162779565741837819676483228499300", "127809519349970645360697777428549622625", "307980875257337246381009565866838557903", "330212089550213811688452876207213689027", "292349649739903354519742504810837097269", "6127841152270119643958952414669350211", "335645142261224268762006381740052233188", "109183959224805865307895779680093246307", "320347336774733139136288916442402746975", "153537896584459150438194966513331789145", "290138044157543726570565097636556565394", "183149366999774343672822517647013108117", "278675113163975809037263769056095463902", "143346065962046306861345672815340128659", "39202483775613760801013793315159228727", "223464662744292259328231130015590290691", "243196525702888915879421091889262579799", "222906682215279304745915779653792229664", "2041196555325525214139183417421403394", "188099220589577487798346861997025355777" ] }, "id": "ASB-A-293602317-3e8fc968", "source": "https://android.googlesource.com/platform/frameworks/base/+/46caac641941f2e8865a8d53400f959b3bd98d88", "deprecated": false, "signature_version": "v1", "target": { "file": "services/core/java/com/android/server/pm/UserManagerService.java" }, "signature_type": "Line" }, { "digest": { "length": 565.0, "function_hash": "17478972632755109935792096038178691063" }, "id": "ASB-A-293602317-eecf54bd", "source": "https://android.googlesource.com/platform/frameworks/base/+/46caac641941f2e8865a8d53400f959b3bd98d88", "deprecated": false, "signature_version": "v1", "target": { "file": "services/core/java/com/android/server/pm/UserManagerService.java", "function": "setSeedAccountData" }, "signature_type": "Function" }, { "digest": { "length": 3298.0, "function_hash": "14431357685230850289420472586775119205" }, "id": "ASB-A-293602317-f1299a83", "source": "https://android.googlesource.com/platform/frameworks/base/+/46caac641941f2e8865a8d53400f959b3bd98d88", "deprecated": false, "signature_version": "v1", "target": { "file": "services/core/java/com/android/server/pm/UserManagerService.java", "function": "writeUserLP" }, "signature_type": "Function" }, { "digest": { "length": 5792.0, "function_hash": "272657188131738071713369073931175915923" }, "id": "ASB-A-293602317-f4915321", "source": "https://android.googlesource.com/platform/frameworks/base/+/46caac641941f2e8865a8d53400f959b3bd98d88", "deprecated": false, "signature_version": "v1", "target": { "file": "services/core/java/com/android/server/pm/UserManagerService.java", "function": "createUserInternalUncheckedNoTracing" }, "signature_type": "Function" } ], "fixes": [ "https://android.googlesource.com/platform/frameworks/base/+/46caac641941f2e8865a8d53400f959b3bd98d88" ], "spl": "2024-05-01", "severity": "High", "types": [ "EoP" ] }
{ "vanir_signatures": [ { "digest": { "length": 565.0, "function_hash": "17478972632755109935792096038178691063" }, "id": "ASB-A-293602317-05556f3a", "source": "https://android.googlesource.com/platform/frameworks/base/+/59042a32c7e192d160c295ecb6477a09bb5da0bb", "deprecated": false, "signature_version": "v1", "target": { "file": "services/core/java/com/android/server/pm/UserManagerService.java", "function": "setSeedAccountData" }, "signature_type": "Function" }, { "digest": { "length": 3298.0, "function_hash": "14431357685230850289420472586775119205" }, "id": "ASB-A-293602317-13d2e283", "source": "https://android.googlesource.com/platform/frameworks/base/+/59042a32c7e192d160c295ecb6477a09bb5da0bb", "deprecated": false, "signature_version": "v1", "target": { "file": "services/core/java/com/android/server/pm/UserManagerService.java", "function": "writeUserLP" }, "signature_type": "Function" }, { "digest": { "length": 5792.0, "function_hash": "272657188131738071713369073931175915923" }, "id": "ASB-A-293602317-2050492b", "source": "https://android.googlesource.com/platform/frameworks/base/+/59042a32c7e192d160c295ecb6477a09bb5da0bb", "deprecated": false, "signature_version": "v1", "target": { "file": "services/core/java/com/android/server/pm/UserManagerService.java", "function": "createUserInternalUncheckedNoTracing" }, "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "336770520496282681441314896640216048437", "196318341949663620568384875019858555190", "58551288301263779771889156118854047197", "167065115139944003153512953068553907891", "340215464376248865824947300777503185264", "221168945578021651559295763786183083054", "131744847661277240634565311564085973108", "103367733749084258736728368274322623346", "179925580572788879788475130054462708914", "196342960548204308401723679118648079086", "290321685008039217998855658215928044591", "75387723144994033401847672675012393388", "67366564525647400157695413450827258220", "272780187264705393032792419979498836551", "238741401060336175638099375497740303177", "279577176035107001512934654237869507516", "145880162779565741837819676483228499300", "127809519349970645360697777428549622625", "307980875257337246381009565866838557903", "330212089550213811688452876207213689027", "292349649739903354519742504810837097269", "6127841152270119643958952414669350211", "335645142261224268762006381740052233188", "109183959224805865307895779680093246307", "320347336774733139136288916442402746975", "153537896584459150438194966513331789145", "290138044157543726570565097636556565394", "183149366999774343672822517647013108117", "278675113163975809037263769056095463902", "143346065962046306861345672815340128659", "39202483775613760801013793315159228727", "223464662744292259328231130015590290691", "243196525702888915879421091889262579799", "222906682215279304745915779653792229664", "2041196555325525214139183417421403394", "188099220589577487798346861997025355777" ] }, "id": "ASB-A-293602317-a1d3211d", "source": "https://android.googlesource.com/platform/frameworks/base/+/59042a32c7e192d160c295ecb6477a09bb5da0bb", "deprecated": false, "signature_version": "v1", "target": { "file": "services/core/java/com/android/server/pm/UserManagerService.java" }, "signature_type": "Line" } ], "fixes": [ "https://android.googlesource.com/platform/frameworks/base/+/59042a32c7e192d160c295ecb6477a09bb5da0bb" ], "spl": "2024-05-01", "severity": "High", "types": [ "EoP" ] }
{ "vanir_signatures": [ { "digest": { "length": 565.0, "function_hash": "17478972632755109935792096038178691063" }, "id": "ASB-A-293602317-2418bb06", "source": "https://android.googlesource.com/platform/frameworks/base/+/59042a32c7e192d160c295ecb6477a09bb5da0bb", "deprecated": false, "signature_version": "v1", "target": { "file": "services/core/java/com/android/server/pm/UserManagerService.java", "function": "setSeedAccountData" }, "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "336770520496282681441314896640216048437", "196318341949663620568384875019858555190", "58551288301263779771889156118854047197", "167065115139944003153512953068553907891", "340215464376248865824947300777503185264", "221168945578021651559295763786183083054", "131744847661277240634565311564085973108", "103367733749084258736728368274322623346", "179925580572788879788475130054462708914", "196342960548204308401723679118648079086", "290321685008039217998855658215928044591", "75387723144994033401847672675012393388", "67366564525647400157695413450827258220", "272780187264705393032792419979498836551", "238741401060336175638099375497740303177", "279577176035107001512934654237869507516", "145880162779565741837819676483228499300", "127809519349970645360697777428549622625", "307980875257337246381009565866838557903", "330212089550213811688452876207213689027", "292349649739903354519742504810837097269", "6127841152270119643958952414669350211", "335645142261224268762006381740052233188", "109183959224805865307895779680093246307", "320347336774733139136288916442402746975", "153537896584459150438194966513331789145", "290138044157543726570565097636556565394", "183149366999774343672822517647013108117", "278675113163975809037263769056095463902", "143346065962046306861345672815340128659", "39202483775613760801013793315159228727", "223464662744292259328231130015590290691", "243196525702888915879421091889262579799", "222906682215279304745915779653792229664", "2041196555325525214139183417421403394", "188099220589577487798346861997025355777" ] }, "id": "ASB-A-293602317-26d5e4b2", "source": "https://android.googlesource.com/platform/frameworks/base/+/59042a32c7e192d160c295ecb6477a09bb5da0bb", "deprecated": false, "signature_version": "v1", "target": { "file": "services/core/java/com/android/server/pm/UserManagerService.java" }, "signature_type": "Line" }, { "digest": { "length": 3298.0, "function_hash": "14431357685230850289420472586775119205" }, "id": "ASB-A-293602317-6089c84d", "source": "https://android.googlesource.com/platform/frameworks/base/+/59042a32c7e192d160c295ecb6477a09bb5da0bb", "deprecated": false, "signature_version": "v1", "target": { "file": "services/core/java/com/android/server/pm/UserManagerService.java", "function": "writeUserLP" }, "signature_type": "Function" }, { "digest": { "length": 5792.0, "function_hash": "272657188131738071713369073931175915923" }, "id": "ASB-A-293602317-6b276ef8", "source": "https://android.googlesource.com/platform/frameworks/base/+/59042a32c7e192d160c295ecb6477a09bb5da0bb", "deprecated": false, "signature_version": "v1", "target": { "file": "services/core/java/com/android/server/pm/UserManagerService.java", "function": "createUserInternalUncheckedNoTracing" }, "signature_type": "Function" } ], "fixes": [ "https://android.googlesource.com/platform/frameworks/base/+/59042a32c7e192d160c295ecb6477a09bb5da0bb" ], "spl": "2024-05-01", "severity": "High", "types": [ "EoP" ] }
{ "vanir_signatures": [ { "digest": { "length": 527.0, "function_hash": "162974419970696908515454636762840654481" }, "id": "ASB-A-293602317-380cc354", "source": "https://android.googlesource.com/platform/frameworks/base/+/1bc8e28626843225b09b2b070685f81fbadefc08", "deprecated": false, "signature_version": "v1", "target": { "file": "services/core/java/com/android/server/pm/UserManagerService.java", "function": "setSeedAccountDataNoChecks" }, "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "9463191120944565777214923587569540280", "122948831978021524892316983953446463325", "92472102344881644431830790738066790673", "167065115139944003153512953068553907891", "340215464376248865824947300777503185264", "221168945578021651559295763786183083054", "131744847661277240634565311564085973108", "103367733749084258736728368274322623346", "179925580572788879788475130054462708914", "196342960548204308401723679118648079086", "290321685008039217998855658215928044591", "75387723144994033401847672675012393388", "67366564525647400157695413450827258220", "272780187264705393032792419979498836551", "238741401060336175638099375497740303177", "259279927726206483199262694158630246435", "183029252510547657779880201967699359444", "195441015140250236884590713138112717388", "154830493048076088366513224219833566639", "292349649739903354519742504810837097269", "74757550851833025026619482507635734368", "335645142261224268762006381740052233188", "109183959224805865307895779680093246307", "320347336774733139136288916442402746975", "153537896584459150438194966513331789145", "290138044157543726570565097636556565394", "94951731505717292874816718517677494937", "212459908943937449820271126626157033223", "143346065962046306861345672815340128659", "39202483775613760801013793315159228727", "223464662744292259328231130015590290691", "243196525702888915879421091889262579799", "222906682215279304745915779653792229664", "2041196555325525214139183417421403394", "188099220589577487798346861997025355777" ] }, "id": "ASB-A-293602317-591df365", "source": "https://android.googlesource.com/platform/frameworks/base/+/1bc8e28626843225b09b2b070685f81fbadefc08", "deprecated": false, "signature_version": "v1", "target": { "file": "services/core/java/com/android/server/pm/UserManagerService.java" }, "signature_type": "Line" }, { "digest": { "length": 3635.0, "function_hash": "144548358230426864873260022106430419425" }, "id": "ASB-A-293602317-59fe4ee5", "source": "https://android.googlesource.com/platform/frameworks/base/+/1bc8e28626843225b09b2b070685f81fbadefc08", "deprecated": false, "signature_version": "v1", "target": { "file": "services/core/java/com/android/server/pm/UserManagerService.java", "function": "writeUserLP" }, "signature_type": "Function" }, { "digest": { "length": 5798.0, "function_hash": "137805121615530708957201457640858822254" }, "id": "ASB-A-293602317-bb732334", "source": "https://android.googlesource.com/platform/frameworks/base/+/1bc8e28626843225b09b2b070685f81fbadefc08", "deprecated": false, "signature_version": "v1", "target": { "file": "services/core/java/com/android/server/pm/UserManagerService.java", "function": "createUserInternalUncheckedNoTracing" }, "signature_type": "Function" } ], "fixes": [ "https://android.googlesource.com/platform/frameworks/base/+/1bc8e28626843225b09b2b070685f81fbadefc08" ], "spl": "2024-05-01", "severity": "High", "types": [ "EoP" ] }