In multiple locations, there is a possible bypass of health data permissions due to an improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
{ "vanir_signatures": [ { "digest": { "length": 176.0, "function_hash": "11182637820034618401113751222754258203" }, "id": "ASB-A-328068777-358b6dbd", "source": "https://android.googlesource.com/platform/packages/modules/HealthFitness/+/dcb9791c2ed95b06a2ab9656f10fba3a35933ac5", "deprecated": false, "signature_version": "v1", "target": { "file": "framework/java/android/health/connect/changelog/ChangeLogTokenRequest.java", "function": "ChangeLogTokenRequest" }, "signature_type": "Function" }, { "digest": { "length": 1685.0, "function_hash": "210789308651513261784163237306101964800" }, "id": "ASB-A-328068777-755e83ba", "source": "https://android.googlesource.com/platform/packages/modules/HealthFitness/+/dcb9791c2ed95b06a2ab9656f10fba3a35933ac5", "deprecated": false, "signature_version": "v1", "target": { "file": "service/java/com/android/server/healthconnect/HealthConnectServiceImpl.java", "function": "getChangeLogToken" }, "signature_type": "Function" }, { "digest": { "threshold": 0.9, "line_hashes": [ "24184396780336239456519827110476549761", "326091310677141883351282324384448193723", "169296199027089828482117199681574946450", "60912415992642674153698379516784373776", "253230689317029001137224617269275472402", "270232514102022061319869247121890143736", "253692171878371708813287315620972659781", "23293976492454174139545048729646880666", "152820436504189419185227330089363240672", "192804579701164721586373396846142632900", "36366221292545186722522250319036558772", "157353292968794510263123915821142624716" ] }, "id": "ASB-A-328068777-d2a84df2", "source": "https://android.googlesource.com/platform/packages/modules/HealthFitness/+/dcb9791c2ed95b06a2ab9656f10fba3a35933ac5", "deprecated": false, "signature_version": "v1", "target": { "file": "service/java/com/android/server/healthconnect/HealthConnectServiceImpl.java" }, "signature_type": "Line" }, { "digest": { "threshold": 0.9, "line_hashes": [ "184284571166231186356303372028293059177", "158277996485282816687852804984270150792", "3834673447980206355777666768730623887", "194253162466046725342937943237631321477", "40585238822889721281949691705454247789", "235783409289312975463805719829070200344", "12902639167930202410359945484686747496" ] }, "id": "ASB-A-328068777-dd62bad8", "source": "https://android.googlesource.com/platform/packages/modules/HealthFitness/+/dcb9791c2ed95b06a2ab9656f10fba3a35933ac5", "deprecated": false, "signature_version": "v1", "target": { "file": "framework/java/android/health/connect/changelog/ChangeLogTokenRequest.java" }, "signature_type": "Line" }, { "digest": { "threshold": 0.9, "line_hashes": [ "169017893411465551870686141667331661882", "254973238369687517206384210713299461536", "265493436211331043298307543155769753378", "230235184610370260045292722396838039625", "28639966036122384420486418860090170562", "14787195696624463574573004180146590960", "124969319363793220763356686989257765174" ] }, "id": "ASB-A-328068777-ee2b7d22", "source": "https://android.googlesource.com/platform/packages/modules/HealthFitness/+/dcb9791c2ed95b06a2ab9656f10fba3a35933ac5", "deprecated": false, "signature_version": "v1", "target": { "file": "tests/cts/utils/HealthConnectTestUtils/src/android/healthconnect/cts/utils/DataFactory.java" }, "signature_type": "Line" }, { "digest": { "length": 3195.0, "function_hash": "226261509158360689473339911837521724737" }, "id": "ASB-A-328068777-f972c0c3", "source": "https://android.googlesource.com/platform/packages/modules/HealthFitness/+/dcb9791c2ed95b06a2ab9656f10fba3a35933ac5", "deprecated": false, "signature_version": "v1", "target": { "file": "service/java/com/android/server/healthconnect/HealthConnectServiceImpl.java", "function": "getChangeLogs" }, "signature_type": "Function" } ], "fixes": [ "https://android.googlesource.com/platform/packages/modules/HealthFitness/+/dcb9791c2ed95b06a2ab9656f10fba3a35933ac5" ], "spl": "2024-05-01", "severity": "Critical", "types": [ "EoP" ] }