{"id":"ASB-A-274058082", "published":"2023-10-01T00:00:00Z", "modified":"2026-04-30T15:48:46.890647439Z", "aliases":["CVE-2023-40140", "A-274058082"], "details":"In android_view_InputDevice_create of android_view_InputDevice.cpp, there is a possible way to execute arbitrary code due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.", "affected":[{"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"14-next:0"}, {"fixed":"14-next:2023-10-01"}]}], "versions":["14-next"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/3d993de0d1ada8065d1fe561f690c8f82b6a7d4b"], "severity":"High", "spl":"2023-10-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["125676492766106711951596617785195971855", "185879384200682738715378114506687516778", "338104229701745523250922630123558121720", "164483218690317520296748166909634886132", "241981070728565826920380962268949800827", "20744690058626963785589292893573941149", "194452586477869734798399918003040292452", "136458635348825470205537341173414825837"], "threshold":0.9}, "id":"ASB-A-274058082-049482b7", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/3d993de0d1ada8065d1fe561f690c8f82b6a7d4b", "target":{"file":"core/jni/android_view_InputDevice.cpp"}}, {"deprecated":false, "digest":{"function_hash":"158139996614015754754528683268877777485", "length":1531}, "id":"ASB-A-274058082-c4715c80", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/3d993de0d1ada8065d1fe561f690c8f82b6a7d4b", "target":{"file":"core/jni/android_view_InputDevice.cpp", "function":"android_view_InputDevice_create"}}]}}, {"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"11:0"}, {"fixed":"11:2023-10-01"}]}], "versions":["11"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/4b3c4620166071561ec44961fb08a56676b4fd6c", "https://android.googlesource.com/platform/frameworks/base/+/aaaba6cf190d976efdc5db6c78997dbdc9214c15"], "severity":"High", "spl":"2023-10-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["230305232859421759719948898271091435181", "175698175548647830746462066481850780724", "48609923683176244895431102128720532167", "218957895753685007551547150603647047350"], "threshold":0.9}, "id":"ASB-A-274058082-0312669d", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/aaaba6cf190d976efdc5db6c78997dbdc9214c15", "target":{"file":"core/jni/android_view_InputDevice.cpp"}}, {"deprecated":false, "digest":{"function_hash":"264988005883883338717759010747986694755", "length":1611}, "id":"ASB-A-274058082-12ed3f18", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/aaaba6cf190d976efdc5db6c78997dbdc9214c15", "target":{"file":"core/jni/android_view_InputDevice.cpp", "function":"android_view_InputDevice_create"}}, {"deprecated":false, "digest":{"line_hashes":["305811479980129423563913840842893721562", "199507713459967536283705882506495094259", "164483218690317520296748166909634886132", "241981070728565826920380962268949800827", "20744690058626963785589292893573941149", "194452586477869734798399918003040292452", "136458635348825470205537341173414825837"], "threshold":0.9}, "id":"ASB-A-274058082-590a4d19", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/4b3c4620166071561ec44961fb08a56676b4fd6c", "target":{"file":"core/jni/android_view_InputDevice.cpp"}}, {"deprecated":false, "digest":{"function_hash":"279694627074942626613480915343931525335", "length":1482}, "id":"ASB-A-274058082-b2af2b90", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/4b3c4620166071561ec44961fb08a56676b4fd6c", "target":{"file":"core/jni/android_view_InputDevice.cpp", "function":"android_view_InputDevice_create"}}]}}, {"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"12:0"}, {"fixed":"12:2023-10-01"}]}], "versions":["12"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/3d993de0d1ada8065d1fe561f690c8f82b6a7d4b"], "severity":"High", "spl":"2023-10-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"158139996614015754754528683268877777485", "length":1531}, "id":"ASB-A-274058082-1c277084", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/3d993de0d1ada8065d1fe561f690c8f82b6a7d4b", "target":{"file":"core/jni/android_view_InputDevice.cpp", "function":"android_view_InputDevice_create"}}, {"deprecated":false, "digest":{"line_hashes":["125676492766106711951596617785195971855", "185879384200682738715378114506687516778", "338104229701745523250922630123558121720", "164483218690317520296748166909634886132", "241981070728565826920380962268949800827", "20744690058626963785589292893573941149", "194452586477869734798399918003040292452", "136458635348825470205537341173414825837"], "threshold":0.9}, "id":"ASB-A-274058082-842a1e12", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/3d993de0d1ada8065d1fe561f690c8f82b6a7d4b", "target":{"file":"core/jni/android_view_InputDevice.cpp"}}]}}, {"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"12L:0"}, {"fixed":"12L:2023-10-01"}]}], "versions":["12L"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/3d993de0d1ada8065d1fe561f690c8f82b6a7d4b"], "severity":"High", "spl":"2023-10-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["125676492766106711951596617785195971855", "185879384200682738715378114506687516778", "338104229701745523250922630123558121720", "164483218690317520296748166909634886132", "241981070728565826920380962268949800827", "20744690058626963785589292893573941149", "194452586477869734798399918003040292452", "136458635348825470205537341173414825837"], "threshold":0.9}, "id":"ASB-A-274058082-ced6b9b1", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/3d993de0d1ada8065d1fe561f690c8f82b6a7d4b", "target":{"file":"core/jni/android_view_InputDevice.cpp"}}, {"deprecated":false, "digest":{"function_hash":"158139996614015754754528683268877777485", "length":1531}, "id":"ASB-A-274058082-f794cb00", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/3d993de0d1ada8065d1fe561f690c8f82b6a7d4b", "target":{"file":"core/jni/android_view_InputDevice.cpp", "function":"android_view_InputDevice_create"}}]}}, {"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"13:0"}, {"fixed":"13:2023-10-01"}]}], "versions":["13"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/3d993de0d1ada8065d1fe561f690c8f82b6a7d4b"], "severity":"High", "spl":"2023-10-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"158139996614015754754528683268877777485", "length":1531}, "id":"ASB-A-274058082-a3b35f74", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/3d993de0d1ada8065d1fe561f690c8f82b6a7d4b", "target":{"file":"core/jni/android_view_InputDevice.cpp", "function":"android_view_InputDevice_create"}}, {"deprecated":false, "digest":{"line_hashes":["125676492766106711951596617785195971855", "185879384200682738715378114506687516778", "338104229701745523250922630123558121720", "164483218690317520296748166909634886132", "241981070728565826920380962268949800827", "20744690058626963785589292893573941149", "194452586477869734798399918003040292452", "136458635348825470205537341173414825837"], "threshold":0.9}, "id":"ASB-A-274058082-e58565d9", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/3d993de0d1ada8065d1fe561f690c8f82b6a7d4b", "target":{"file":"core/jni/android_view_InputDevice.cpp"}}]}}], "references":[{"type":"ADVISORY", "url":"https://source.android.com/security/bulletin/2023-10-01"}, {"type":"FIX", "url":"https://android.googlesource.com/platform/frameworks/base/+/2d88a5c481df8986dbba2e02c5bf82f105b36243"}]}