In onResult of AccountManagerService.java, there is a possible way to perform an arbitrary background activity launch due to parcel mismatch. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
{ "vanir_signatures": [ { "digest": { "threshold": 0.9, "line_hashes": [ "43017519177807145379844587256330931130", "139549962752152272045834324551080332683", "46166860129893155148489994109394520273", "151925316201904684545703073333062340217", "88177422329759679498275831166755363630", "333038691317117628589156366416045184805", "260091925435370503263492716894760897750", "81471061794916198013446098851041423573" ] }, "id": "ASB-A-321941232-142d2ffa", "source": "https://android.googlesource.com/platform/frameworks/base/+/36db8a1d61a881f89fdd3911886adcda6e1f0d7f", "deprecated": false, "signature_version": "v1", "target": { "file": "services/core/java/com/android/server/accounts/AccountManagerService.java" }, "signature_type": "Line" }, { "digest": { "length": 2544.0, "function_hash": "286536814451441444959706260141745055461" }, "id": "ASB-A-321941232-24472333", "source": "https://android.googlesource.com/platform/frameworks/base/+/36db8a1d61a881f89fdd3911886adcda6e1f0d7f", "deprecated": false, "signature_version": "v1", "target": { "file": "services/core/java/com/android/server/accounts/AccountManagerService.java", "function": "onResult" }, "signature_type": "Function" }, { "digest": { "length": 2142.0, "function_hash": "89106852036193553990570587903130390372" }, "id": "ASB-A-321941232-fb1cc60d", "source": "https://android.googlesource.com/platform/frameworks/base/+/36db8a1d61a881f89fdd3911886adcda6e1f0d7f", "deprecated": false, "signature_version": "v1", "target": { "file": "services/core/java/com/android/server/accounts/AccountManagerService.java", "function": "onResult" }, "signature_type": "Function" } ], "fixes": [ "https://android.googlesource.com/platform/frameworks/base/+/36db8a1d61a881f89fdd3911886adcda6e1f0d7f" ], "spl": "2024-06-01", "severity": "High", "types": [ "EoP" ] }
{ "vanir_signatures": [ { "digest": { "threshold": 0.9, "line_hashes": [ "43017519177807145379844587256330931130", "139549962752152272045834324551080332683", "46166860129893155148489994109394520273", "151925316201904684545703073333062340217", "88177422329759679498275831166755363630", "333038691317117628589156366416045184805", "260091925435370503263492716894760897750", "81471061794916198013446098851041423573" ] }, "id": "ASB-A-321941232-2ac36f97", "source": "https://android.googlesource.com/platform/frameworks/base/+/36db8a1d61a881f89fdd3911886adcda6e1f0d7f", "deprecated": false, "signature_version": "v1", "target": { "file": "services/core/java/com/android/server/accounts/AccountManagerService.java" }, "signature_type": "Line" }, { "digest": { "length": 2544.0, "function_hash": "286536814451441444959706260141745055461" }, "id": "ASB-A-321941232-5d58bec5", "source": "https://android.googlesource.com/platform/frameworks/base/+/36db8a1d61a881f89fdd3911886adcda6e1f0d7f", "deprecated": false, "signature_version": "v1", "target": { "file": "services/core/java/com/android/server/accounts/AccountManagerService.java", "function": "onResult" }, "signature_type": "Function" }, { "digest": { "length": 2142.0, "function_hash": "89106852036193553990570587903130390372" }, "id": "ASB-A-321941232-74b5d60c", "source": "https://android.googlesource.com/platform/frameworks/base/+/36db8a1d61a881f89fdd3911886adcda6e1f0d7f", "deprecated": false, "signature_version": "v1", "target": { "file": "services/core/java/com/android/server/accounts/AccountManagerService.java", "function": "onResult" }, "signature_type": "Function" } ], "fixes": [ "https://android.googlesource.com/platform/frameworks/base/+/36db8a1d61a881f89fdd3911886adcda6e1f0d7f" ], "spl": "2024-06-01", "severity": "High", "types": [ "EoP" ] }
{ "vanir_signatures": [ { "digest": { "length": 2544.0, "function_hash": "286536814451441444959706260141745055461" }, "id": "ASB-A-321941232-366e58f6", "source": "https://android.googlesource.com/platform/frameworks/base/+/36db8a1d61a881f89fdd3911886adcda6e1f0d7f", "deprecated": false, "signature_version": "v1", "target": { "file": "services/core/java/com/android/server/accounts/AccountManagerService.java", "function": "onResult" }, "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "43017519177807145379844587256330931130", "139549962752152272045834324551080332683", "46166860129893155148489994109394520273", "151925316201904684545703073333062340217", "88177422329759679498275831166755363630", "333038691317117628589156366416045184805", "260091925435370503263492716894760897750", "81471061794916198013446098851041423573" ] }, "id": "ASB-A-321941232-6e4714d9", "source": "https://android.googlesource.com/platform/frameworks/base/+/36db8a1d61a881f89fdd3911886adcda6e1f0d7f", "deprecated": false, "signature_version": "v1", "target": { "file": "services/core/java/com/android/server/accounts/AccountManagerService.java" }, "signature_type": "Line" }, { "digest": { "length": 2142.0, "function_hash": "89106852036193553990570587903130390372" }, "id": "ASB-A-321941232-884dad92", "source": "https://android.googlesource.com/platform/frameworks/base/+/36db8a1d61a881f89fdd3911886adcda6e1f0d7f", "deprecated": false, "signature_version": "v1", "target": { "file": "services/core/java/com/android/server/accounts/AccountManagerService.java", "function": "onResult" }, "signature_type": "Function" } ], "fixes": [ "https://android.googlesource.com/platform/frameworks/base/+/36db8a1d61a881f89fdd3911886adcda6e1f0d7f" ], "spl": "2024-06-01", "severity": "High", "types": [ "EoP" ] }
{ "vanir_signatures": [ { "digest": { "length": 2142.0, "function_hash": "89106852036193553990570587903130390372" }, "id": "ASB-A-321941232-20a2d5ce", "source": "https://android.googlesource.com/platform/frameworks/base/+/36db8a1d61a881f89fdd3911886adcda6e1f0d7f", "deprecated": false, "signature_version": "v1", "target": { "file": "services/core/java/com/android/server/accounts/AccountManagerService.java", "function": "onResult" }, "signature_type": "Function" }, { "digest": { "length": 2544.0, "function_hash": "286536814451441444959706260141745055461" }, "id": "ASB-A-321941232-864c50ef", "source": "https://android.googlesource.com/platform/frameworks/base/+/36db8a1d61a881f89fdd3911886adcda6e1f0d7f", "deprecated": false, "signature_version": "v1", "target": { "file": "services/core/java/com/android/server/accounts/AccountManagerService.java", "function": "onResult" }, "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "43017519177807145379844587256330931130", "139549962752152272045834324551080332683", "46166860129893155148489994109394520273", "151925316201904684545703073333062340217", "88177422329759679498275831166755363630", "333038691317117628589156366416045184805", "260091925435370503263492716894760897750", "81471061794916198013446098851041423573" ] }, "id": "ASB-A-321941232-d58f7b30", "source": "https://android.googlesource.com/platform/frameworks/base/+/36db8a1d61a881f89fdd3911886adcda6e1f0d7f", "deprecated": false, "signature_version": "v1", "target": { "file": "services/core/java/com/android/server/accounts/AccountManagerService.java" }, "signature_type": "Line" } ], "fixes": [ "https://android.googlesource.com/platform/frameworks/base/+/36db8a1d61a881f89fdd3911886adcda6e1f0d7f" ], "spl": "2024-06-01", "severity": "High", "types": [ "EoP" ] }
{ "vanir_signatures": [ { "digest": { "length": 2142.0, "function_hash": "89106852036193553990570587903130390372" }, "id": "ASB-A-321941232-5a2eb393", "source": "https://android.googlesource.com/platform/frameworks/base/+/36db8a1d61a881f89fdd3911886adcda6e1f0d7f", "deprecated": false, "signature_version": "v1", "target": { "file": "services/core/java/com/android/server/accounts/AccountManagerService.java", "function": "onResult" }, "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "43017519177807145379844587256330931130", "139549962752152272045834324551080332683", "46166860129893155148489994109394520273", "151925316201904684545703073333062340217", "88177422329759679498275831166755363630", "333038691317117628589156366416045184805", "260091925435370503263492716894760897750", "81471061794916198013446098851041423573" ] }, "id": "ASB-A-321941232-5c681b33", "source": "https://android.googlesource.com/platform/frameworks/base/+/36db8a1d61a881f89fdd3911886adcda6e1f0d7f", "deprecated": false, "signature_version": "v1", "target": { "file": "services/core/java/com/android/server/accounts/AccountManagerService.java" }, "signature_type": "Line" }, { "digest": { "length": 2544.0, "function_hash": "286536814451441444959706260141745055461" }, "id": "ASB-A-321941232-e51d7af9", "source": "https://android.googlesource.com/platform/frameworks/base/+/36db8a1d61a881f89fdd3911886adcda6e1f0d7f", "deprecated": false, "signature_version": "v1", "target": { "file": "services/core/java/com/android/server/accounts/AccountManagerService.java", "function": "onResult" }, "signature_type": "Function" } ], "fixes": [ "https://android.googlesource.com/platform/frameworks/base/+/36db8a1d61a881f89fdd3911886adcda6e1f0d7f" ], "spl": "2024-06-01", "severity": "High", "types": [ "EoP" ] }