ASB-A-326057017
See a problem?- Import Source
- https://storage.googleapis.com/android-osv/ASB-A-326057017.json
- JSON Data
- https://api.osv.dev/v1/vulns/ASB-A-326057017
- Aliases
-
- A-326057017
- CVE-2024-43088
- Published
- 2024-11-01T00:00:00Z
- Modified
- 2024-11-06T16:12:12.362162Z
- Summary
- [none]
- Details
-
In multiple functions in AppInfoBase.java, there is a possible way to manipulate app permission settings belonging to another user on the device due to a missing permission check. This could lead to local escalation of privilege across user boundaries with no additional execution privileges needed. User interaction is not needed for exploitation.
- References
Affected packages
Android / platform/packages/apps/Settings
Package
Ecosystem specific
{
"vanir_signatures": [
{
"digest": {
"length": 1123.0,
"function_hash": "69398252931524318733979460612749742282"
},
"id": "ASB-A-326057017-2c1bd3e1",
"source": "https://android.googlesource.com/platform/packages/apps/Settings/+/975c28535419be1cc45f66712f41e4a7a40e6001",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "src/com/android/settings/applications/AppInfoBase.java",
"function": "retrieveAppEntry"
},
"signature_type": "Function"
},
{
"match_only_versions": [
"12"
],
"digest": {
"threshold": 0.9,
"line_hashes": [
"146468046810668391626191160772369193825",
"58214069278375581193240716053668016387",
"118458680043264427161078560444741096551",
"258340999341649564567845986161705016654",
"160218103706771944482748181118729855894",
"148895478068658423118081653364542686348",
"229576963873663300966969905449561113344",
"334330305333797608329864193959475347539",
"110570043621086428945814529144846361935",
"321798546454385257581027784768169491613",
"149175562642938948599377976695334832391",
"222445708500777444183075011016946619344",
"640951057105632582082164522887529747"
]
},
"id": "ASB-A-326057017-7efa24f5",
"source": "https://android.googlesource.com/platform/packages/apps/Settings/+/975c28535419be1cc45f66712f41e4a7a40e6001",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "src/com/android/settings/applications/AppInfoBase.java"
},
"signature_type": "Line"
}
],
"fixes": [
"https://android.googlesource.com/platform/packages/apps/Settings/+/975c28535419be1cc45f66712f41e4a7a40e6001"
],
"spl": "2024-11-01",
"severity": "High",
"types": [
"EoP"
]
}
Android / platform/packages/apps/Settings
Package
Ecosystem specific
{
"vanir_signatures": [
{
"match_only_versions": [
"12L"
],
"digest": {
"threshold": 0.9,
"line_hashes": [
"146468046810668391626191160772369193825",
"58214069278375581193240716053668016387",
"118458680043264427161078560444741096551",
"258340999341649564567845986161705016654",
"160218103706771944482748181118729855894",
"148895478068658423118081653364542686348",
"229576963873663300966969905449561113344",
"334330305333797608329864193959475347539",
"110570043621086428945814529144846361935",
"321798546454385257581027784768169491613",
"149175562642938948599377976695334832391",
"222445708500777444183075011016946619344",
"640951057105632582082164522887529747"
]
},
"id": "ASB-A-326057017-17fd9ec8",
"source": "https://android.googlesource.com/platform/packages/apps/Settings/+/975c28535419be1cc45f66712f41e4a7a40e6001",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "src/com/android/settings/applications/AppInfoBase.java"
},
"signature_type": "Line"
},
{
"digest": {
"length": 1123.0,
"function_hash": "69398252931524318733979460612749742282"
},
"id": "ASB-A-326057017-33c5b9a2",
"source": "https://android.googlesource.com/platform/packages/apps/Settings/+/975c28535419be1cc45f66712f41e4a7a40e6001",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "src/com/android/settings/applications/AppInfoBase.java",
"function": "retrieveAppEntry"
},
"signature_type": "Function"
}
],
"fixes": [
"https://android.googlesource.com/platform/packages/apps/Settings/+/975c28535419be1cc45f66712f41e4a7a40e6001"
],
"spl": "2024-11-01",
"severity": "High",
"types": [
"EoP"
]
}
Android / platform/packages/apps/Settings
Package
Ecosystem specific
{
"vanir_signatures": [
{
"digest": {
"length": 1123.0,
"function_hash": "69398252931524318733979460612749742282"
},
"id": "ASB-A-326057017-9f9a36a1",
"source": "https://android.googlesource.com/platform/packages/apps/Settings/+/975c28535419be1cc45f66712f41e4a7a40e6001",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "src/com/android/settings/applications/AppInfoBase.java",
"function": "retrieveAppEntry"
},
"signature_type": "Function"
},
{
"match_only_versions": [
"15"
],
"digest": {
"threshold": 0.9,
"line_hashes": [
"146468046810668391626191160772369193825",
"58214069278375581193240716053668016387",
"118458680043264427161078560444741096551",
"258340999341649564567845986161705016654",
"160218103706771944482748181118729855894",
"148895478068658423118081653364542686348",
"229576963873663300966969905449561113344",
"334330305333797608329864193959475347539",
"110570043621086428945814529144846361935",
"321798546454385257581027784768169491613",
"149175562642938948599377976695334832391",
"222445708500777444183075011016946619344",
"640951057105632582082164522887529747"
]
},
"id": "ASB-A-326057017-c974b6a2",
"source": "https://android.googlesource.com/platform/packages/apps/Settings/+/975c28535419be1cc45f66712f41e4a7a40e6001",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "src/com/android/settings/applications/AppInfoBase.java"
},
"signature_type": "Line"
}
],
"fixes": [
"https://android.googlesource.com/platform/packages/apps/Settings/+/975c28535419be1cc45f66712f41e4a7a40e6001"
],
"spl": "2024-11-01",
"severity": "High",
"types": [
"EoP"
]
}
Android / platform/packages/apps/Settings
Package
Ecosystem specific
{
"vanir_signatures": [
{
"digest": {
"length": 1123.0,
"function_hash": "69398252931524318733979460612749742282"
},
"id": "ASB-A-326057017-067e3102",
"source": "https://android.googlesource.com/platform/packages/apps/Settings/+/975c28535419be1cc45f66712f41e4a7a40e6001",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "src/com/android/settings/applications/AppInfoBase.java",
"function": "retrieveAppEntry"
},
"signature_type": "Function"
},
{
"match_only_versions": [
"13"
],
"digest": {
"threshold": 0.9,
"line_hashes": [
"146468046810668391626191160772369193825",
"58214069278375581193240716053668016387",
"118458680043264427161078560444741096551",
"258340999341649564567845986161705016654",
"160218103706771944482748181118729855894",
"148895478068658423118081653364542686348",
"229576963873663300966969905449561113344",
"334330305333797608329864193959475347539",
"110570043621086428945814529144846361935",
"321798546454385257581027784768169491613",
"149175562642938948599377976695334832391",
"222445708500777444183075011016946619344",
"640951057105632582082164522887529747"
]
},
"id": "ASB-A-326057017-a3decc91",
"source": "https://android.googlesource.com/platform/packages/apps/Settings/+/975c28535419be1cc45f66712f41e4a7a40e6001",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "src/com/android/settings/applications/AppInfoBase.java"
},
"signature_type": "Line"
}
],
"fixes": [
"https://android.googlesource.com/platform/packages/apps/Settings/+/975c28535419be1cc45f66712f41e4a7a40e6001"
],
"spl": "2024-11-01",
"severity": "High",
"types": [
"EoP"
]
}
Android / platform/packages/apps/Settings
Package
Ecosystem specific
{
"vanir_signatures": [
{
"match_only_versions": [
"14"
],
"digest": {
"threshold": 0.9,
"line_hashes": [
"146468046810668391626191160772369193825",
"58214069278375581193240716053668016387",
"118458680043264427161078560444741096551",
"258340999341649564567845986161705016654",
"160218103706771944482748181118729855894",
"148895478068658423118081653364542686348",
"229576963873663300966969905449561113344",
"334330305333797608329864193959475347539",
"110570043621086428945814529144846361935",
"321798546454385257581027784768169491613",
"149175562642938948599377976695334832391",
"222445708500777444183075011016946619344",
"640951057105632582082164522887529747"
]
},
"id": "ASB-A-326057017-178d1582",
"source": "https://android.googlesource.com/platform/packages/apps/Settings/+/975c28535419be1cc45f66712f41e4a7a40e6001",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "src/com/android/settings/applications/AppInfoBase.java"
},
"signature_type": "Line"
},
{
"digest": {
"length": 1123.0,
"function_hash": "69398252931524318733979460612749742282"
},
"id": "ASB-A-326057017-b76618f5",
"source": "https://android.googlesource.com/platform/packages/apps/Settings/+/975c28535419be1cc45f66712f41e4a7a40e6001",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "src/com/android/settings/applications/AppInfoBase.java",
"function": "retrieveAppEntry"
},
"signature_type": "Function"
}
],
"fixes": [
"https://android.googlesource.com/platform/packages/apps/Settings/+/975c28535419be1cc45f66712f41e4a7a40e6001"
],
"spl": "2024-11-01",
"severity": "High",
"types": [
"EoP"
]
}