{"id":"ASB-A-273729172", "published":"2023-12-01T00:00:00Z", "modified":"2026-04-30T15:48:46.890647439Z", "aliases":["CVE-2023-40095", "A-273729172"], "details":"In createDontSendToRestrictedAppsBundle of PendingIntentUtils.java, there is a possible background activity launch due to a missing check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.", "affected":[{"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"14-next:0"}, {"fixed":"14-next:2023-12-01"}]}], "versions":["14-next"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/fa0b31821d177fe96e1e03bb6dcb2cda8d5a1c49"], "severity":"High", "spl":"2023-12-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["241099825926840930441039057166608676248", "72315391214666178427269974256863588202", "229267332971896543381079037628777213401", "238246418762173638730733100177089798393"], "threshold":0.9}, "id":"ASB-A-273729172-332ca0b2", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/fa0b31821d177fe96e1e03bb6dcb2cda8d5a1c49", "target":{"file":"services/core/java/com/android/server/PendingIntentUtils.java"}}, {"deprecated":false, "digest":{"function_hash":"231131053177397398437235385677543959304", "length":222}, "id":"ASB-A-273729172-7abdfd0b", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/fa0b31821d177fe96e1e03bb6dcb2cda8d5a1c49", "target":{"file":"services/core/java/com/android/server/PendingIntentUtils.java", "function":"createDontSendToRestrictedAppsBundle"}}]}}, {"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"11:0"}, {"fixed":"11:2023-12-01"}]}], "versions":["11"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/7f9be7c3c859dc82d37452570d9878b58f6437a9"], "severity":"High", "spl":"2023-12-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"231131053177397398437235385677543959304", "length":222}, "id":"ASB-A-273729172-54590a89", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/7f9be7c3c859dc82d37452570d9878b58f6437a9", "target":{"file":"services/core/java/com/android/server/PendingIntentUtils.java", "function":"createDontSendToRestrictedAppsBundle"}}, {"deprecated":false, "digest":{"line_hashes":["241099825926840930441039057166608676248", "72315391214666178427269974256863588202", "229267332971896543381079037628777213401", "238246418762173638730733100177089798393"], "threshold":0.9}, "id":"ASB-A-273729172-a1c5f7fc", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/7f9be7c3c859dc82d37452570d9878b58f6437a9", "target":{"file":"services/core/java/com/android/server/PendingIntentUtils.java"}}]}}, {"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"12:0"}, {"fixed":"12:2023-12-01"}]}], "versions":["12"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/7f9be7c3c859dc82d37452570d9878b58f6437a9"], "severity":"High", "spl":"2023-12-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"231131053177397398437235385677543959304", "length":222}, "id":"ASB-A-273729172-4f8d060a", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/7f9be7c3c859dc82d37452570d9878b58f6437a9", "target":{"file":"services/core/java/com/android/server/PendingIntentUtils.java", "function":"createDontSendToRestrictedAppsBundle"}}, {"deprecated":false, "digest":{"line_hashes":["241099825926840930441039057166608676248", "72315391214666178427269974256863588202", "229267332971896543381079037628777213401", "238246418762173638730733100177089798393"], "threshold":0.9}, "id":"ASB-A-273729172-5567a548", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/7f9be7c3c859dc82d37452570d9878b58f6437a9", "target":{"file":"services/core/java/com/android/server/PendingIntentUtils.java"}}]}}, {"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"12L:0"}, {"fixed":"12L:2023-12-01"}]}], "versions":["12L"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/7f9be7c3c859dc82d37452570d9878b58f6437a9"], "severity":"High", "spl":"2023-12-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["241099825926840930441039057166608676248", "72315391214666178427269974256863588202", "229267332971896543381079037628777213401", "238246418762173638730733100177089798393"], "threshold":0.9}, "id":"ASB-A-273729172-451d35fc", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/7f9be7c3c859dc82d37452570d9878b58f6437a9", "target":{"file":"services/core/java/com/android/server/PendingIntentUtils.java"}}, {"deprecated":false, "digest":{"function_hash":"231131053177397398437235385677543959304", "length":222}, "id":"ASB-A-273729172-5890b31b", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/7f9be7c3c859dc82d37452570d9878b58f6437a9", "target":{"file":"services/core/java/com/android/server/PendingIntentUtils.java", "function":"createDontSendToRestrictedAppsBundle"}}]}}, {"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"13:0"}, {"fixed":"13:2023-12-01"}]}], "versions":["13"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/7f9be7c3c859dc82d37452570d9878b58f6437a9"], "severity":"High", "spl":"2023-12-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["241099825926840930441039057166608676248", "72315391214666178427269974256863588202", "229267332971896543381079037628777213401", "238246418762173638730733100177089798393"], "threshold":0.9}, "id":"ASB-A-273729172-602703d4", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/7f9be7c3c859dc82d37452570d9878b58f6437a9", "target":{"file":"services/core/java/com/android/server/PendingIntentUtils.java"}}, {"deprecated":false, "digest":{"function_hash":"231131053177397398437235385677543959304", "length":222}, "id":"ASB-A-273729172-c830847d", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/7f9be7c3c859dc82d37452570d9878b58f6437a9", "target":{"file":"services/core/java/com/android/server/PendingIntentUtils.java", "function":"createDontSendToRestrictedAppsBundle"}}]}}, {"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"14:0"}, {"fixed":"14:2023-12-01"}]}], "versions":["14"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/7f9be7c3c859dc82d37452570d9878b58f6437a9"], "severity":"High", "spl":"2023-12-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["241099825926840930441039057166608676248", "72315391214666178427269974256863588202", "229267332971896543381079037628777213401", "238246418762173638730733100177089798393"], "threshold":0.9}, "id":"ASB-A-273729172-be91f766", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/7f9be7c3c859dc82d37452570d9878b58f6437a9", "target":{"file":"services/core/java/com/android/server/PendingIntentUtils.java"}}, {"deprecated":false, "digest":{"function_hash":"231131053177397398437235385677543959304", "length":222}, "id":"ASB-A-273729172-ece105d8", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/7f9be7c3c859dc82d37452570d9878b58f6437a9", "target":{"file":"services/core/java/com/android/server/PendingIntentUtils.java", "function":"createDontSendToRestrictedAppsBundle"}}]}}], "references":[{"type":"ADVISORY", "url":"https://source.android.com/security/bulletin/2023-12-01"}, {"type":"FIX", "url":"https://android.googlesource.com/platform/frameworks/base/+/d98abeef8f870b60510feafbadcea0c2f9cbae65"}]}