In multiple functions of CompanionDeviceManagerService.java, there is a possible launch NotificationAccessConfirmationActivity of another user profile due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
{ "vanir_signatures": [ { "digest": { "threshold": 0.9, "line_hashes": [ "235055368570902509845368135688908912691", "46914772837610932699393074704245498036", "143965187811282397119853525869334576475", "207406646097850335216169154541288558099", "1541481414671566929650348865673721681", "198439889011393407708305208935883938336", "68434358367093740788027285675272473764", "36383238236546658061563661091805463698", "249300913198780888612584497119342926850", "258178459221036030024073464284086474097", "118788571807013244513436783750616737032", "213005690081425911274194467743767865198", "201408134120087323544393823627838966732" ] }, "id": "ASB-A-298635078-6657176a", "source": "https://android.googlesource.com/platform/frameworks/base/+/38e1e9fb0357a3d0af5551cac83ad9b0b1fd0be2", "deprecated": false, "signature_version": "v1", "target": { "file": "services/companion/java/com/android/server/companion/CompanionDeviceManagerService.java" }, "signature_type": "Line" }, { "digest": { "length": 324.0, "function_hash": "173029907314831969588352356730720748041" }, "id": "ASB-A-298635078-878367c8", "source": "https://android.googlesource.com/platform/frameworks/base/+/38e1e9fb0357a3d0af5551cac83ad9b0b1fd0be2", "deprecated": false, "signature_version": "v1", "target": { "file": "services/companion/java/com/android/server/companion/CompanionDeviceManagerService.java", "function": "checkCanCallNotificationApi" }, "signature_type": "Function" }, { "digest": { "length": 584.0, "function_hash": "82965898534591532984086544620584104426" }, "id": "ASB-A-298635078-af360e4f", "source": "https://android.googlesource.com/platform/frameworks/base/+/38e1e9fb0357a3d0af5551cac83ad9b0b1fd0be2", "deprecated": false, "signature_version": "v1", "target": { "file": "services/companion/java/com/android/server/companion/CompanionDeviceManagerService.java", "function": "requestNotificationAccess" }, "signature_type": "Function" }, { "digest": { "length": 183.0, "function_hash": "43095038762511238101975353702976297412" }, "id": "ASB-A-298635078-eb43ac84", "source": "https://android.googlesource.com/platform/frameworks/base/+/38e1e9fb0357a3d0af5551cac83ad9b0b1fd0be2", "deprecated": false, "signature_version": "v1", "target": { "file": "services/companion/java/com/android/server/companion/CompanionDeviceManagerService.java", "function": "hasNotificationAccess" }, "signature_type": "Function" } ], "fixes": [ "https://android.googlesource.com/platform/frameworks/base/+/38e1e9fb0357a3d0af5551cac83ad9b0b1fd0be2" ], "spl": "2024-04-01", "severity": "High", "types": [ "ID" ] }
{ "vanir_signatures": [ { "digest": { "length": 324.0, "function_hash": "173029907314831969588352356730720748041" }, "id": "ASB-A-298635078-09511614", "source": "https://android.googlesource.com/platform/frameworks/base/+/15eec4872d7b0fdfead3a8f5b4a1bb4d9ad82a0c", "deprecated": false, "signature_version": "v1", "target": { "file": "services/companion/java/com/android/server/companion/CompanionDeviceManagerService.java", "function": "checkCanCallNotificationApi" }, "signature_type": "Function" }, { "digest": { "length": 584.0, "function_hash": "82965898534591532984086544620584104426" }, "id": "ASB-A-298635078-5870c43e", "source": "https://android.googlesource.com/platform/frameworks/base/+/15eec4872d7b0fdfead3a8f5b4a1bb4d9ad82a0c", "deprecated": false, "signature_version": "v1", "target": { "file": "services/companion/java/com/android/server/companion/CompanionDeviceManagerService.java", "function": "requestNotificationAccess" }, "signature_type": "Function" }, { "digest": { "length": 183.0, "function_hash": "43095038762511238101975353702976297412" }, "id": "ASB-A-298635078-bd83d046", "source": "https://android.googlesource.com/platform/frameworks/base/+/15eec4872d7b0fdfead3a8f5b4a1bb4d9ad82a0c", "deprecated": false, "signature_version": "v1", "target": { "file": "services/companion/java/com/android/server/companion/CompanionDeviceManagerService.java", "function": "hasNotificationAccess" }, "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "235055368570902509845368135688908912691", "46914772837610932699393074704245498036", "143965187811282397119853525869334576475", "207406646097850335216169154541288558099", "1541481414671566929650348865673721681", "198439889011393407708305208935883938336", "68434358367093740788027285675272473764", "36383238236546658061563661091805463698", "114977226342569734230072593037231426736", "68725759236570820763792637467364251579", "118788571807013244513436783750616737032", "213005690081425911274194467743767865198", "201408134120087323544393823627838966732" ] }, "id": "ASB-A-298635078-fb811839", "source": "https://android.googlesource.com/platform/frameworks/base/+/15eec4872d7b0fdfead3a8f5b4a1bb4d9ad82a0c", "deprecated": false, "signature_version": "v1", "target": { "file": "services/companion/java/com/android/server/companion/CompanionDeviceManagerService.java" }, "signature_type": "Line" } ], "fixes": [ "https://android.googlesource.com/platform/frameworks/base/+/15eec4872d7b0fdfead3a8f5b4a1bb4d9ad82a0c" ], "spl": "2024-04-01", "severity": "High", "types": [ "ID" ] }
{ "vanir_signatures": [ { "digest": { "length": 584.0, "function_hash": "82965898534591532984086544620584104426" }, "id": "ASB-A-298635078-177c6cce", "source": "https://android.googlesource.com/platform/frameworks/base/+/12bb4ed9ab46d3e42326ef1c5e7b90aae80a9bfc", "deprecated": false, "signature_version": "v1", "target": { "file": "services/companion/java/com/android/server/companion/CompanionDeviceManagerService.java", "function": "requestNotificationAccess" }, "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "235055368570902509845368135688908912691", "46914772837610932699393074704245498036", "143965187811282397119853525869334576475", "207406646097850335216169154541288558099", "1541481414671566929650348865673721681", "198439889011393407708305208935883938336", "68434358367093740788027285675272473764", "36383238236546658061563661091805463698", "249300913198780888612584497119342926850", "258178459221036030024073464284086474097", "118788571807013244513436783750616737032", "213005690081425911274194467743767865198", "201408134120087323544393823627838966732" ] }, "id": "ASB-A-298635078-5ce7c935", "source": "https://android.googlesource.com/platform/frameworks/base/+/12bb4ed9ab46d3e42326ef1c5e7b90aae80a9bfc", "deprecated": false, "signature_version": "v1", "target": { "file": "services/companion/java/com/android/server/companion/CompanionDeviceManagerService.java" }, "signature_type": "Line" }, { "digest": { "length": 183.0, "function_hash": "43095038762511238101975353702976297412" }, "id": "ASB-A-298635078-f6f10872", "source": "https://android.googlesource.com/platform/frameworks/base/+/12bb4ed9ab46d3e42326ef1c5e7b90aae80a9bfc", "deprecated": false, "signature_version": "v1", "target": { "file": "services/companion/java/com/android/server/companion/CompanionDeviceManagerService.java", "function": "hasNotificationAccess" }, "signature_type": "Function" }, { "digest": { "length": 324.0, "function_hash": "173029907314831969588352356730720748041" }, "id": "ASB-A-298635078-fa093a43", "source": "https://android.googlesource.com/platform/frameworks/base/+/12bb4ed9ab46d3e42326ef1c5e7b90aae80a9bfc", "deprecated": false, "signature_version": "v1", "target": { "file": "services/companion/java/com/android/server/companion/CompanionDeviceManagerService.java", "function": "checkCanCallNotificationApi" }, "signature_type": "Function" } ], "fixes": [ "https://android.googlesource.com/platform/frameworks/base/+/12bb4ed9ab46d3e42326ef1c5e7b90aae80a9bfc" ], "spl": "2024-04-01", "severity": "High", "types": [ "ID" ] }