ASB-A-321941232

See a problem?
Import Source
https://storage.googleapis.com/android-osv/ASB-A-321941232.json
JSON Data
https://api.osv.dev/v1/vulns/ASB-A-321941232
Aliases
  • A-321941232
  • CVE-2024-31316
Published
2024-06-01T00:00:00Z
Modified
2024-08-07T19:29:46.118898Z
Summary
LaunchAnyWhere bellow Android T even on latest Android security patch
Details

In onResult of AccountManagerService.java, there is a possible way to perform an arbitrary background activity launch due to parcel mismatch. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

References

Affected packages

Android / platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
14-next:0
Fixed
14-next:2024-06-01

Affected versions

Other

14-next

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "43017519177807145379844587256330931130",
                    "139549962752152272045834324551080332683",
                    "46166860129893155148489994109394520273",
                    "151925316201904684545703073333062340217",
                    "88177422329759679498275831166755363630",
                    "333038691317117628589156366416045184805",
                    "260091925435370503263492716894760897750",
                    "81471061794916198013446098851041423573"
                ]
            },
            "id": "ASB-A-321941232-142d2ffa",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/36db8a1d61a881f89fdd3911886adcda6e1f0d7f",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/accounts/AccountManagerService.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 2544.0,
                "function_hash": "286536814451441444959706260141745055461"
            },
            "id": "ASB-A-321941232-24472333",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/36db8a1d61a881f89fdd3911886adcda6e1f0d7f",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/accounts/AccountManagerService.java",
                "function": "onResult"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 2142.0,
                "function_hash": "89106852036193553990570587903130390372"
            },
            "id": "ASB-A-321941232-fb1cc60d",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/36db8a1d61a881f89fdd3911886adcda6e1f0d7f",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/accounts/AccountManagerService.java",
                "function": "onResult"
            },
            "signature_type": "Function"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/36db8a1d61a881f89fdd3911886adcda6e1f0d7f"
    ],
    "spl": "2024-06-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}

Android / platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
12:0
Fixed
12:2024-06-01

Affected versions

Other

12

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "43017519177807145379844587256330931130",
                    "139549962752152272045834324551080332683",
                    "46166860129893155148489994109394520273",
                    "151925316201904684545703073333062340217",
                    "88177422329759679498275831166755363630",
                    "333038691317117628589156366416045184805",
                    "260091925435370503263492716894760897750",
                    "81471061794916198013446098851041423573"
                ]
            },
            "id": "ASB-A-321941232-2ac36f97",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/36db8a1d61a881f89fdd3911886adcda6e1f0d7f",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/accounts/AccountManagerService.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 2544.0,
                "function_hash": "286536814451441444959706260141745055461"
            },
            "id": "ASB-A-321941232-5d58bec5",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/36db8a1d61a881f89fdd3911886adcda6e1f0d7f",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/accounts/AccountManagerService.java",
                "function": "onResult"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 2142.0,
                "function_hash": "89106852036193553990570587903130390372"
            },
            "id": "ASB-A-321941232-74b5d60c",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/36db8a1d61a881f89fdd3911886adcda6e1f0d7f",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/accounts/AccountManagerService.java",
                "function": "onResult"
            },
            "signature_type": "Function"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/36db8a1d61a881f89fdd3911886adcda6e1f0d7f"
    ],
    "spl": "2024-06-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}

Android / platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
12L:0
Fixed
12L:2024-06-01

Affected versions

Other

12L

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 2544.0,
                "function_hash": "286536814451441444959706260141745055461"
            },
            "id": "ASB-A-321941232-366e58f6",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/36db8a1d61a881f89fdd3911886adcda6e1f0d7f",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/accounts/AccountManagerService.java",
                "function": "onResult"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "43017519177807145379844587256330931130",
                    "139549962752152272045834324551080332683",
                    "46166860129893155148489994109394520273",
                    "151925316201904684545703073333062340217",
                    "88177422329759679498275831166755363630",
                    "333038691317117628589156366416045184805",
                    "260091925435370503263492716894760897750",
                    "81471061794916198013446098851041423573"
                ]
            },
            "id": "ASB-A-321941232-6e4714d9",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/36db8a1d61a881f89fdd3911886adcda6e1f0d7f",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/accounts/AccountManagerService.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 2142.0,
                "function_hash": "89106852036193553990570587903130390372"
            },
            "id": "ASB-A-321941232-884dad92",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/36db8a1d61a881f89fdd3911886adcda6e1f0d7f",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/accounts/AccountManagerService.java",
                "function": "onResult"
            },
            "signature_type": "Function"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/36db8a1d61a881f89fdd3911886adcda6e1f0d7f"
    ],
    "spl": "2024-06-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}

Android / platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
13:0
Fixed
13:2024-06-01

Affected versions

Other

13

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 2142.0,
                "function_hash": "89106852036193553990570587903130390372"
            },
            "id": "ASB-A-321941232-20a2d5ce",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/36db8a1d61a881f89fdd3911886adcda6e1f0d7f",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/accounts/AccountManagerService.java",
                "function": "onResult"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 2544.0,
                "function_hash": "286536814451441444959706260141745055461"
            },
            "id": "ASB-A-321941232-864c50ef",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/36db8a1d61a881f89fdd3911886adcda6e1f0d7f",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/accounts/AccountManagerService.java",
                "function": "onResult"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "43017519177807145379844587256330931130",
                    "139549962752152272045834324551080332683",
                    "46166860129893155148489994109394520273",
                    "151925316201904684545703073333062340217",
                    "88177422329759679498275831166755363630",
                    "333038691317117628589156366416045184805",
                    "260091925435370503263492716894760897750",
                    "81471061794916198013446098851041423573"
                ]
            },
            "id": "ASB-A-321941232-d58f7b30",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/36db8a1d61a881f89fdd3911886adcda6e1f0d7f",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/accounts/AccountManagerService.java"
            },
            "signature_type": "Line"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/36db8a1d61a881f89fdd3911886adcda6e1f0d7f"
    ],
    "spl": "2024-06-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}

Android / platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
14:0
Fixed
14:2024-06-01

Affected versions

Other

14

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 2142.0,
                "function_hash": "89106852036193553990570587903130390372"
            },
            "id": "ASB-A-321941232-5a2eb393",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/36db8a1d61a881f89fdd3911886adcda6e1f0d7f",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/accounts/AccountManagerService.java",
                "function": "onResult"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "43017519177807145379844587256330931130",
                    "139549962752152272045834324551080332683",
                    "46166860129893155148489994109394520273",
                    "151925316201904684545703073333062340217",
                    "88177422329759679498275831166755363630",
                    "333038691317117628589156366416045184805",
                    "260091925435370503263492716894760897750",
                    "81471061794916198013446098851041423573"
                ]
            },
            "id": "ASB-A-321941232-5c681b33",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/36db8a1d61a881f89fdd3911886adcda6e1f0d7f",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/accounts/AccountManagerService.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 2544.0,
                "function_hash": "286536814451441444959706260141745055461"
            },
            "id": "ASB-A-321941232-e51d7af9",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/36db8a1d61a881f89fdd3911886adcda6e1f0d7f",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/accounts/AccountManagerService.java",
                "function": "onResult"
            },
            "signature_type": "Function"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/36db8a1d61a881f89fdd3911886adcda6e1f0d7f"
    ],
    "spl": "2024-06-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}