ASB-A-307948424

See a problem?
Import Source
https://storage.googleapis.com/android-osv/ASB-A-307948424.json
JSON Data
https://api.osv.dev/v1/vulns/ASB-A-307948424
Aliases
  • A-307948424
  • CVE-2024-0027
Published
2024-04-01T00:00:00Z
Modified
2024-08-07T19:30:09.385536Z
Summary
Permanent device denial of service due to bypassing snoozed notifications limit number
Details

In multiple functions of SnoozeHelper.java, there is a possible way to cause a boot loop due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

References

Affected packages

Android / platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
14-next:0
Fixed
14-next:2024-04-01

Affected versions

Other

14-next

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 176.0,
                "function_hash": "292617633439941585308403371346086820032"
            },
            "id": "ASB-A-307948424-9b68e28d",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/da6a9ea6deece5b2505d5facdf5d44cfc08057f3",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/notification/SnoozeHelper.java",
                "function": "canSnooze"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "228868492124396178288691891887014316271",
                    "147068199798451416861016451661579915746",
                    "33448550745365142313718789319735457766",
                    "206526065319740046233991815444671678678",
                    "302191840666411036306687304715488847484",
                    "210790450598261481118056802623540896212",
                    "310458183839140372389834523909237394340",
                    "122407183819167912062394090467954374551"
                ]
            },
            "id": "ASB-A-307948424-ad2936d8",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/da6a9ea6deece5b2505d5facdf5d44cfc08057f3",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/notification/SnoozeHelper.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 916.0,
                "function_hash": "47389410036644320751764309263706622974"
            },
            "id": "ASB-A-307948424-eb75c1c3",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/da6a9ea6deece5b2505d5facdf5d44cfc08057f3",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/notification/SnoozeHelper.java",
                "function": "repostGroupSummary"
            },
            "signature_type": "Function"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/da6a9ea6deece5b2505d5facdf5d44cfc08057f3"
    ],
    "spl": "2024-04-01",
    "severity": "High",
    "types": [
        "DoS"
    ]
}

Android / platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
12:0
Fixed
12:2024-04-01

Affected versions

Other

12

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 164.0,
                "function_hash": "161725677395463373705297395455537278014"
            },
            "id": "ASB-A-307948424-874fc6d8",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/ade22bfdf6698cb97b4edc303e8952d6cc1a2f73",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/notification/SnoozeHelper.java",
                "function": "canSnooze"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "331304483198566675242159522780115074989",
                    "274284038018803733519547237122153092709",
                    "104282853574912539123849500631999465886",
                    "51002312730134825191450014297047813747",
                    "240522512309630831697827857464120036961",
                    "63023319149774050960125992398873200987",
                    "250223848882789161417385689122071235195",
                    "92355233782681610718337003745666150372",
                    "37048983232642789480628101857523059563",
                    "77732292769249792439235644689332294803",
                    "288839308734756556288203452729245887105",
                    "265057285360035124000572099202713667399"
                ]
            },
            "id": "ASB-A-307948424-a172fe36",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/ade22bfdf6698cb97b4edc303e8952d6cc1a2f73",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/notification/SnoozeHelper.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 929.0,
                "function_hash": "244416773001510046196387697663653877278"
            },
            "id": "ASB-A-307948424-b85263d0",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/ade22bfdf6698cb97b4edc303e8952d6cc1a2f73",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/notification/SnoozeHelper.java",
                "function": "repostGroupSummary"
            },
            "signature_type": "Function"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/ade22bfdf6698cb97b4edc303e8952d6cc1a2f73"
    ],
    "spl": "2024-04-01",
    "severity": "High",
    "types": [
        "DoS"
    ]
}

Android / platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
12L:0
Fixed
12L:2024-04-01

Affected versions

Other

12L

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "331304483198566675242159522780115074989",
                    "274284038018803733519547237122153092709",
                    "104282853574912539123849500631999465886",
                    "51002312730134825191450014297047813747",
                    "240522512309630831697827857464120036961",
                    "63023319149774050960125992398873200987",
                    "250223848882789161417385689122071235195",
                    "92355233782681610718337003745666150372",
                    "37048983232642789480628101857523059563",
                    "77732292769249792439235644689332294803",
                    "288839308734756556288203452729245887105",
                    "265057285360035124000572099202713667399"
                ]
            },
            "id": "ASB-A-307948424-7bc76072",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/ade22bfdf6698cb97b4edc303e8952d6cc1a2f73",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/notification/SnoozeHelper.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 164.0,
                "function_hash": "161725677395463373705297395455537278014"
            },
            "id": "ASB-A-307948424-87388107",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/ade22bfdf6698cb97b4edc303e8952d6cc1a2f73",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/notification/SnoozeHelper.java",
                "function": "canSnooze"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 929.0,
                "function_hash": "244416773001510046196387697663653877278"
            },
            "id": "ASB-A-307948424-eaf5edbc",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/ade22bfdf6698cb97b4edc303e8952d6cc1a2f73",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/notification/SnoozeHelper.java",
                "function": "repostGroupSummary"
            },
            "signature_type": "Function"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/ade22bfdf6698cb97b4edc303e8952d6cc1a2f73"
    ],
    "spl": "2024-04-01",
    "severity": "High",
    "types": [
        "DoS"
    ]
}

Android / platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
13:0
Fixed
13:2024-04-01

Affected versions

Other

13

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 929.0,
                "function_hash": "244416773001510046196387697663653877278"
            },
            "id": "ASB-A-307948424-03e4f357",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/ade22bfdf6698cb97b4edc303e8952d6cc1a2f73",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/notification/SnoozeHelper.java",
                "function": "repostGroupSummary"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "331304483198566675242159522780115074989",
                    "274284038018803733519547237122153092709",
                    "104282853574912539123849500631999465886",
                    "51002312730134825191450014297047813747",
                    "240522512309630831697827857464120036961",
                    "63023319149774050960125992398873200987",
                    "250223848882789161417385689122071235195",
                    "92355233782681610718337003745666150372",
                    "37048983232642789480628101857523059563",
                    "77732292769249792439235644689332294803",
                    "288839308734756556288203452729245887105",
                    "265057285360035124000572099202713667399"
                ]
            },
            "id": "ASB-A-307948424-169af835",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/ade22bfdf6698cb97b4edc303e8952d6cc1a2f73",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/notification/SnoozeHelper.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 164.0,
                "function_hash": "161725677395463373705297395455537278014"
            },
            "id": "ASB-A-307948424-7e232607",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/ade22bfdf6698cb97b4edc303e8952d6cc1a2f73",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/notification/SnoozeHelper.java",
                "function": "canSnooze"
            },
            "signature_type": "Function"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/ade22bfdf6698cb97b4edc303e8952d6cc1a2f73"
    ],
    "spl": "2024-04-01",
    "severity": "High",
    "types": [
        "DoS"
    ]
}

Android / platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
14:0
Fixed
14:2024-04-01

Affected versions

Other

14

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "228868492124396178288691891887014316271",
                    "147068199798451416861016451661579915746",
                    "33448550745365142313718789319735457766",
                    "206526065319740046233991815444671678678",
                    "302191840666411036306687304715488847484",
                    "210790450598261481118056802623540896212",
                    "310458183839140372389834523909237394340",
                    "122407183819167912062394090467954374551"
                ]
            },
            "id": "ASB-A-307948424-7cbde13e",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/da6a9ea6deece5b2505d5facdf5d44cfc08057f3",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/notification/SnoozeHelper.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 176.0,
                "function_hash": "292617633439941585308403371346086820032"
            },
            "id": "ASB-A-307948424-c4701417",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/da6a9ea6deece5b2505d5facdf5d44cfc08057f3",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/notification/SnoozeHelper.java",
                "function": "canSnooze"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 916.0,
                "function_hash": "47389410036644320751764309263706622974"
            },
            "id": "ASB-A-307948424-e9e48abc",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/da6a9ea6deece5b2505d5facdf5d44cfc08057f3",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/notification/SnoozeHelper.java",
                "function": "repostGroupSummary"
            },
            "signature_type": "Function"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/da6a9ea6deece5b2505d5facdf5d44cfc08057f3"
    ],
    "spl": "2024-04-01",
    "severity": "High",
    "types": [
        "DoS"
    ]
}