{"id":"ASB-A-247513680", "published":"2023-12-01T00:00:00Z", "modified":"2026-05-01T15:24:27.653932157Z", "aliases":["CVE-2023-40074", "A-247513680"], "details":"In saveToXml of PersistableBundle.java, invalid data could lead to local persistent denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.", "affected":[{"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"14-next:0"}, {"fixed":"14-next:2023-12-01"}]}], "versions":["14-next"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/666e8ac60a31e2cc52b335b41004263f28a8db06"], "severity":"High", "spl":"2023-12-01", "types":["DoS"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"267512008066296561381844851244402387960", "length":518}, "id":"ASB-A-247513680-37dc9313", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/666e8ac60a31e2cc52b335b41004263f28a8db06", "target":{"file":"core/java/android/os/PersistableBundle.java", "function":"restoreFromXml"}}, {"deprecated":false, "digest":{"line_hashes":["335282400676909007198189579806973875376", "313377180876029932701584323606454940357", "49191771678504042421229072001716217387", "165082012955934931444442691103829076722", "171373983533471173072069470468802170121", "89587191701922574269508442052068704054", "288904276873894485354625582485196650723", "268719844208791716186478239131942756537", "160397782022123331563978249287854259354", "208040751545726698537702071492358863495", "228715143219874404794202316155364547919", "180923771756476266762609236708114620932", "103305832906002570009287622783201884120", "99179444259475409224612380988953210066", "220077003364349656641780221081718589986", "111020136450179190085524194418929860278", "37623338316805869855736835862729954311", "281430182595358735871103833204118439695", "111037008887075559029110783837851953036", "50621477271003086277085850527081432043", "205321669719855700167826044676474010200", "204236554134973708632948214781412074219", "220396214190152476469760552190838946152", "154017994443169601757563704908388295362", "129788909839540923603409831840819246781", "219174354950100910028049065839540247722", "112312775038100873395006501184461229102", "146097743238151581622320555042919676748", "232390452770801584865268269564417120752", "128353176315902470959297590780278342677", "309087419376314231084662827774097264074", "129019045967058005927470823990242790827", "218783291187605193282463437346025671148", "143449464993321812397091481521843397753", "104657244465174978547602034516785375163", "12423699834451907165888158585440478944", "174659271940342464576097676426084565447"], "threshold":0.9}, "id":"ASB-A-247513680-3de13f98", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/666e8ac60a31e2cc52b335b41004263f28a8db06", "target":{"file":"core/java/android/os/PersistableBundle.java"}}, {"deprecated":false, "digest":{"function_hash":"5492349018398459536682394294984597411", "length":545}, "id":"ASB-A-247513680-850e31da", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/666e8ac60a31e2cc52b335b41004263f28a8db06", "target":{"file":"core/java/android/os/PersistableBundle.java", "function":"PersistableBundle"}}, {"deprecated":false, "digest":{"function_hash":"107238124957364775536419459039214913128", "length":139}, "id":"ASB-A-247513680-c31bdeb8", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/666e8ac60a31e2cc52b335b41004263f28a8db06", "target":{"file":"core/java/android/os/PersistableBundle.java", "function":"saveToXml"}}, {"deprecated":false, "digest":{"function_hash":"101494772296260205954621633415969316634", "length":60}, "id":"ASB-A-247513680-fbe8ad83", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/666e8ac60a31e2cc52b335b41004263f28a8db06", "target":{"file":"core/java/android/os/PersistableBundle.java", "function":"PersistableBundle"}}]}}, {"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"11:0"}, {"fixed":"11:2023-12-01"}]}], "versions":["11"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/62b37ab21ce27746a79a2071deee98c61b23c8d9"], "severity":"High", "spl":"2023-12-01", "types":["DoS"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"107238124957364775536419459039214913128", "length":139}, "id":"ASB-A-247513680-6b03b165", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/62b37ab21ce27746a79a2071deee98c61b23c8d9", "target":{"file":"core/java/android/os/PersistableBundle.java", "function":"saveToXml"}}, {"deprecated":false, "digest":{"function_hash":"149976608711873720900248940724378527337", "length":486}, "id":"ASB-A-247513680-7a89c5f7", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/62b37ab21ce27746a79a2071deee98c61b23c8d9", "target":{"file":"core/java/android/os/PersistableBundle.java", "function":"restoreFromXml"}}, {"deprecated":false, "digest":{"line_hashes":["335282400676909007198189579806973875376", "183074791463621510251053893792051150043", "281012209318440983864959249841651473841", "77465122452324125269547007365397237843", "136874095998427669504962480366026252415", "89587191701922574269508442052068704054", "288904276873894485354625582485196650723", "268719844208791716186478239131942756537", "253583698187098684673806160791370126322", "62186405358253308561293668607755559037", "61753658436234318814018966694921470724", "181054039962255261217069956404629018046", "103305832906002570009287622783201884120", "99179444259475409224612380988953210066", "220077003364349656641780221081718589986", "111020136450179190085524194418929860278", "37623338316805869855736835862729954311", "281430182595358735871103833204118439695", "111037008887075559029110783837851953036", "50621477271003086277085850527081432043", "205321669719855700167826044676474010200", "204236554134973708632948214781412074219", "220396214190152476469760552190838946152", "154017994443169601757563704908388295362", "129788909839540923603409831840819246781", "219174354950100910028049065839540247722", "26896269911528299561823314168180224845", "7437941762935893097458351938847521780", "858429665523929065726667318766246280", "128353176315902470959297590780278342677", "309087419376314231084662827774097264074", "129019045967058005927470823990242790827", "218783291187605193282463437346025671148", "143449464993321812397091481521843397753", "104657244465174978547602034516785375163", "12423699834451907165888158585440478944", "269858155423756344676264057247744951319"], "threshold":0.9}, "id":"ASB-A-247513680-b4161e9f", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/62b37ab21ce27746a79a2071deee98c61b23c8d9", "target":{"file":"core/java/android/os/PersistableBundle.java"}}, {"deprecated":false, "digest":{"function_hash":"5492349018398459536682394294984597411", "length":545}, "id":"ASB-A-247513680-da80ca79", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/62b37ab21ce27746a79a2071deee98c61b23c8d9", "target":{"file":"core/java/android/os/PersistableBundle.java", "function":"PersistableBundle"}}, {"deprecated":false, "digest":{"function_hash":"101494772296260205954621633415969316634", "length":60}, "id":"ASB-A-247513680-fd0274a3", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/62b37ab21ce27746a79a2071deee98c61b23c8d9", "target":{"file":"core/java/android/os/PersistableBundle.java", "function":"PersistableBundle"}}]}}, {"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"12:0"}, {"fixed":"12:2023-12-01"}]}], "versions":["12"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/0e0819c9d6a957e56764c89e68542bb51bdb7db4"], "severity":"High", "spl":"2023-12-01", "types":["DoS"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["335282400676909007198189579806973875376", "313377180876029932701584323606454940357", "49191771678504042421229072001716217387", "165082012955934931444442691103829076722", "136874095998427669504962480366026252415", "89587191701922574269508442052068704054", "288904276873894485354625582485196650723", "268719844208791716186478239131942756537", "253583698187098684673806160791370126322", "62186405358253308561293668607755559037", "61753658436234318814018966694921470724", "181054039962255261217069956404629018046", "103305832906002570009287622783201884120", "99179444259475409224612380988953210066", "220077003364349656641780221081718589986", "111020136450179190085524194418929860278", "37623338316805869855736835862729954311", "281430182595358735871103833204118439695", "111037008887075559029110783837851953036", "50621477271003086277085850527081432043", "205321669719855700167826044676474010200", "204236554134973708632948214781412074219", "220396214190152476469760552190838946152", "154017994443169601757563704908388295362", "129788909839540923603409831840819246781", "219174354950100910028049065839540247722", "112312775038100873395006501184461229102", "146097743238151581622320555042919676748", "232390452770801584865268269564417120752", "128353176315902470959297590780278342677", "309087419376314231084662827774097264074", "129019045967058005927470823990242790827", "218783291187605193282463437346025671148", "143449464993321812397091481521843397753", "104657244465174978547602034516785375163", "12423699834451907165888158585440478944", "269858155423756344676264057247744951319"], "threshold":0.9}, "id":"ASB-A-247513680-1d4cd093", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/0e0819c9d6a957e56764c89e68542bb51bdb7db4", "target":{"file":"core/java/android/os/PersistableBundle.java"}}, {"deprecated":false, "digest":{"function_hash":"232420018912174287506438556098705718188", "length":510}, "id":"ASB-A-247513680-93f216a6", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/0e0819c9d6a957e56764c89e68542bb51bdb7db4", "target":{"file":"core/java/android/os/PersistableBundle.java", "function":"restoreFromXml"}}, {"deprecated":false, "digest":{"function_hash":"101494772296260205954621633415969316634", "length":60}, "id":"ASB-A-247513680-984ae0e7", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/0e0819c9d6a957e56764c89e68542bb51bdb7db4", "target":{"file":"core/java/android/os/PersistableBundle.java", "function":"PersistableBundle"}}, {"deprecated":false, "digest":{"function_hash":"107238124957364775536419459039214913128", "length":139}, "id":"ASB-A-247513680-ed17d3d3", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/0e0819c9d6a957e56764c89e68542bb51bdb7db4", "target":{"file":"core/java/android/os/PersistableBundle.java", "function":"saveToXml"}}, {"deprecated":false, "digest":{"function_hash":"5492349018398459536682394294984597411", "length":545}, "id":"ASB-A-247513680-fa4cc6ca", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/0e0819c9d6a957e56764c89e68542bb51bdb7db4", "target":{"file":"core/java/android/os/PersistableBundle.java", "function":"PersistableBundle"}}]}}, {"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"12L:0"}, {"fixed":"12L:2023-12-01"}]}], "versions":["12L"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/a495a282660940657ed20670c35c6d83fa1de054"], "severity":"High", "spl":"2023-12-01", "types":["DoS"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"5492349018398459536682394294984597411", "length":545}, "id":"ASB-A-247513680-1ef80cfb", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/a495a282660940657ed20670c35c6d83fa1de054", "target":{"file":"core/java/android/os/PersistableBundle.java", "function":"PersistableBundle"}}, {"deprecated":false, "digest":{"function_hash":"232420018912174287506438556098705718188", "length":510}, "id":"ASB-A-247513680-468b8e6e", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/a495a282660940657ed20670c35c6d83fa1de054", "target":{"file":"core/java/android/os/PersistableBundle.java", "function":"restoreFromXml"}}, {"deprecated":false, "digest":{"function_hash":"101494772296260205954621633415969316634", "length":60}, "id":"ASB-A-247513680-78a0893a", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/a495a282660940657ed20670c35c6d83fa1de054", "target":{"file":"core/java/android/os/PersistableBundle.java", "function":"PersistableBundle"}}, {"deprecated":false, "digest":{"line_hashes":["335282400676909007198189579806973875376", "313377180876029932701584323606454940357", "49191771678504042421229072001716217387", "165082012955934931444442691103829076722", "136874095998427669504962480366026252415", "89587191701922574269508442052068704054", "288904276873894485354625582485196650723", "268719844208791716186478239131942756537", "253583698187098684673806160791370126322", "62186405358253308561293668607755559037", "61753658436234318814018966694921470724", "181054039962255261217069956404629018046", "103305832906002570009287622783201884120", "99179444259475409224612380988953210066", "220077003364349656641780221081718589986", "111020136450179190085524194418929860278", "37623338316805869855736835862729954311", "281430182595358735871103833204118439695", "111037008887075559029110783837851953036", "50621477271003086277085850527081432043", "205321669719855700167826044676474010200", "204236554134973708632948214781412074219", "220396214190152476469760552190838946152", "154017994443169601757563704908388295362", "129788909839540923603409831840819246781", "219174354950100910028049065839540247722", "112312775038100873395006501184461229102", "146097743238151581622320555042919676748", "232390452770801584865268269564417120752", "128353176315902470959297590780278342677", "309087419376314231084662827774097264074", "129019045967058005927470823990242790827", "218783291187605193282463437346025671148", "143449464993321812397091481521843397753", "104657244465174978547602034516785375163", "12423699834451907165888158585440478944", "269858155423756344676264057247744951319"], "threshold":0.9}, "id":"ASB-A-247513680-94d1bc9c", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/a495a282660940657ed20670c35c6d83fa1de054", "target":{"file":"core/java/android/os/PersistableBundle.java"}}, {"deprecated":false, "digest":{"function_hash":"107238124957364775536419459039214913128", "length":139}, "id":"ASB-A-247513680-a9d825f2", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/a495a282660940657ed20670c35c6d83fa1de054", "target":{"file":"core/java/android/os/PersistableBundle.java", "function":"saveToXml"}}]}}, {"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"13:0"}, {"fixed":"13:2023-12-01"}]}], "versions":["13"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/3c5aa21b4df54c0c0fcbcf00d1b62fa771022146"], "severity":"High", "spl":"2023-12-01", "types":["DoS"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"5492349018398459536682394294984597411", "length":545}, "id":"ASB-A-247513680-31855e96", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/3c5aa21b4df54c0c0fcbcf00d1b62fa771022146", "target":{"file":"core/java/android/os/PersistableBundle.java", "function":"PersistableBundle"}}, {"deprecated":false, "digest":{"line_hashes":["335282400676909007198189579806973875376", "313377180876029932701584323606454940357", "49191771678504042421229072001716217387", "165082012955934931444442691103829076722", "171373983533471173072069470468802170121", "89587191701922574269508442052068704054", "288904276873894485354625582485196650723", "268719844208791716186478239131942756537", "160397782022123331563978249287854259354", "208040751545726698537702071492358863495", "228715143219874404794202316155364547919", "180923771756476266762609236708114620932", "103305832906002570009287622783201884120", "99179444259475409224612380988953210066", "220077003364349656641780221081718589986", "111020136450179190085524194418929860278", "37623338316805869855736835862729954311", "281430182595358735871103833204118439695", "111037008887075559029110783837851953036", "50621477271003086277085850527081432043", "205321669719855700167826044676474010200", "204236554134973708632948214781412074219", "220396214190152476469760552190838946152", "154017994443169601757563704908388295362", "129788909839540923603409831840819246781", "219174354950100910028049065839540247722", "112312775038100873395006501184461229102", "146097743238151581622320555042919676748", "232390452770801584865268269564417120752", "128353176315902470959297590780278342677", "309087419376314231084662827774097264074", "129019045967058005927470823990242790827", "218783291187605193282463437346025671148", "143449464993321812397091481521843397753", "104657244465174978547602034516785375163", "12423699834451907165888158585440478944", "174659271940342464576097676426084565447"], "threshold":0.9}, "id":"ASB-A-247513680-78ac622d", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/3c5aa21b4df54c0c0fcbcf00d1b62fa771022146", "target":{"file":"core/java/android/os/PersistableBundle.java"}}, {"deprecated":false, "digest":{"function_hash":"107238124957364775536419459039214913128", "length":139}, "id":"ASB-A-247513680-ae32f362", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/3c5aa21b4df54c0c0fcbcf00d1b62fa771022146", "target":{"file":"core/java/android/os/PersistableBundle.java", "function":"saveToXml"}}, {"deprecated":false, "digest":{"function_hash":"101494772296260205954621633415969316634", "length":60}, "id":"ASB-A-247513680-db4ee7b0", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/3c5aa21b4df54c0c0fcbcf00d1b62fa771022146", "target":{"file":"core/java/android/os/PersistableBundle.java", "function":"PersistableBundle"}}, {"deprecated":false, "digest":{"function_hash":"267512008066296561381844851244402387960", "length":518}, "id":"ASB-A-247513680-deaea6c9", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/3c5aa21b4df54c0c0fcbcf00d1b62fa771022146", "target":{"file":"core/java/android/os/PersistableBundle.java", "function":"restoreFromXml"}}]}}], "references":[{"type":"ADVISORY", "url":"https://source.android.com/security/bulletin/2023-12-01"}, {"type":"FIX", "url":"https://android.googlesource.com/platform/frameworks/base/+/40e4ea759743737958dde018f3606d778f7a53f3"}]}