ASB-A-298635078

See a problem?
Import Source
https://storage.googleapis.com/android-osv/ASB-A-298635078.json
JSON Data
https://api.osv.dev/v1/vulns/ASB-A-298635078
Aliases
  • A-298635078
  • CVE-2024-0022
Published
2024-04-01T00:00:00Z
Modified
2024-08-07T19:30:06.311766Z
Summary
Requesting and setting notfication access on behalf of another user profile by CompanionDeviceManagerService#requestNotificationAccess
Details

In multiple functions of CompanionDeviceManagerService.java, there is a possible launch NotificationAccessConfirmationActivity of another user profile due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

References

Affected packages

Android / platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
14-next:0
Fixed
14-next:2024-04-01

Affected versions

Other

14-next

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "235055368570902509845368135688908912691",
                    "46914772837610932699393074704245498036",
                    "143965187811282397119853525869334576475",
                    "207406646097850335216169154541288558099",
                    "1541481414671566929650348865673721681",
                    "198439889011393407708305208935883938336",
                    "68434358367093740788027285675272473764",
                    "36383238236546658061563661091805463698",
                    "249300913198780888612584497119342926850",
                    "258178459221036030024073464284086474097",
                    "118788571807013244513436783750616737032",
                    "213005690081425911274194467743767865198",
                    "201408134120087323544393823627838966732"
                ]
            },
            "id": "ASB-A-298635078-6657176a",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/38e1e9fb0357a3d0af5551cac83ad9b0b1fd0be2",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/companion/java/com/android/server/companion/CompanionDeviceManagerService.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 324.0,
                "function_hash": "173029907314831969588352356730720748041"
            },
            "id": "ASB-A-298635078-878367c8",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/38e1e9fb0357a3d0af5551cac83ad9b0b1fd0be2",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/companion/java/com/android/server/companion/CompanionDeviceManagerService.java",
                "function": "checkCanCallNotificationApi"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 584.0,
                "function_hash": "82965898534591532984086544620584104426"
            },
            "id": "ASB-A-298635078-af360e4f",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/38e1e9fb0357a3d0af5551cac83ad9b0b1fd0be2",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/companion/java/com/android/server/companion/CompanionDeviceManagerService.java",
                "function": "requestNotificationAccess"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 183.0,
                "function_hash": "43095038762511238101975353702976297412"
            },
            "id": "ASB-A-298635078-eb43ac84",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/38e1e9fb0357a3d0af5551cac83ad9b0b1fd0be2",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/companion/java/com/android/server/companion/CompanionDeviceManagerService.java",
                "function": "hasNotificationAccess"
            },
            "signature_type": "Function"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/38e1e9fb0357a3d0af5551cac83ad9b0b1fd0be2"
    ],
    "spl": "2024-04-01",
    "severity": "High",
    "types": [
        "ID"
    ]
}

Android / platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
13:0
Fixed
13:2024-04-01

Affected versions

Other

13

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 324.0,
                "function_hash": "173029907314831969588352356730720748041"
            },
            "id": "ASB-A-298635078-09511614",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/15eec4872d7b0fdfead3a8f5b4a1bb4d9ad82a0c",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/companion/java/com/android/server/companion/CompanionDeviceManagerService.java",
                "function": "checkCanCallNotificationApi"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 584.0,
                "function_hash": "82965898534591532984086544620584104426"
            },
            "id": "ASB-A-298635078-5870c43e",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/15eec4872d7b0fdfead3a8f5b4a1bb4d9ad82a0c",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/companion/java/com/android/server/companion/CompanionDeviceManagerService.java",
                "function": "requestNotificationAccess"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 183.0,
                "function_hash": "43095038762511238101975353702976297412"
            },
            "id": "ASB-A-298635078-bd83d046",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/15eec4872d7b0fdfead3a8f5b4a1bb4d9ad82a0c",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/companion/java/com/android/server/companion/CompanionDeviceManagerService.java",
                "function": "hasNotificationAccess"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "235055368570902509845368135688908912691",
                    "46914772837610932699393074704245498036",
                    "143965187811282397119853525869334576475",
                    "207406646097850335216169154541288558099",
                    "1541481414671566929650348865673721681",
                    "198439889011393407708305208935883938336",
                    "68434358367093740788027285675272473764",
                    "36383238236546658061563661091805463698",
                    "114977226342569734230072593037231426736",
                    "68725759236570820763792637467364251579",
                    "118788571807013244513436783750616737032",
                    "213005690081425911274194467743767865198",
                    "201408134120087323544393823627838966732"
                ]
            },
            "id": "ASB-A-298635078-fb811839",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/15eec4872d7b0fdfead3a8f5b4a1bb4d9ad82a0c",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/companion/java/com/android/server/companion/CompanionDeviceManagerService.java"
            },
            "signature_type": "Line"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/15eec4872d7b0fdfead3a8f5b4a1bb4d9ad82a0c"
    ],
    "spl": "2024-04-01",
    "severity": "High",
    "types": [
        "ID"
    ]
}

Android / platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
14:0
Fixed
14:2024-04-01

Affected versions

Other

14

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 584.0,
                "function_hash": "82965898534591532984086544620584104426"
            },
            "id": "ASB-A-298635078-177c6cce",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/12bb4ed9ab46d3e42326ef1c5e7b90aae80a9bfc",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/companion/java/com/android/server/companion/CompanionDeviceManagerService.java",
                "function": "requestNotificationAccess"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "235055368570902509845368135688908912691",
                    "46914772837610932699393074704245498036",
                    "143965187811282397119853525869334576475",
                    "207406646097850335216169154541288558099",
                    "1541481414671566929650348865673721681",
                    "198439889011393407708305208935883938336",
                    "68434358367093740788027285675272473764",
                    "36383238236546658061563661091805463698",
                    "249300913198780888612584497119342926850",
                    "258178459221036030024073464284086474097",
                    "118788571807013244513436783750616737032",
                    "213005690081425911274194467743767865198",
                    "201408134120087323544393823627838966732"
                ]
            },
            "id": "ASB-A-298635078-5ce7c935",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/12bb4ed9ab46d3e42326ef1c5e7b90aae80a9bfc",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/companion/java/com/android/server/companion/CompanionDeviceManagerService.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 183.0,
                "function_hash": "43095038762511238101975353702976297412"
            },
            "id": "ASB-A-298635078-f6f10872",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/12bb4ed9ab46d3e42326ef1c5e7b90aae80a9bfc",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/companion/java/com/android/server/companion/CompanionDeviceManagerService.java",
                "function": "hasNotificationAccess"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 324.0,
                "function_hash": "173029907314831969588352356730720748041"
            },
            "id": "ASB-A-298635078-fa093a43",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/12bb4ed9ab46d3e42326ef1c5e7b90aae80a9bfc",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/companion/java/com/android/server/companion/CompanionDeviceManagerService.java",
                "function": "checkCanCallNotificationApi"
            },
            "signature_type": "Function"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/12bb4ed9ab46d3e42326ef1c5e7b90aae80a9bfc"
    ],
    "spl": "2024-04-01",
    "severity": "High",
    "types": [
        "ID"
    ]
}