{"id":"ASB-A-278246904", "published":"2023-10-01T00:00:00Z", "modified":"2026-05-01T15:24:27.653932157Z", "aliases":["CVE-2023-40123", "A-278246904"], "details":"In updateActionViews of PipMenuView.java, there is a possible bypass of a multi user security boundary due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.", "affected":[{"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"11:0"}, {"fixed":"11:2023-10-01"}]}], "versions":["11"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/5f5a87d8a0dc9190327ba0e6113d5b80ee96abae"], "severity":"High", "spl":"2023-10-01", "types":["ID"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["166063239365407036358423908267271788855", "238261694075635380651321613102455567842", "18813654971782633136813057209079119774", "298693978369705219306289472481635126836", "228970914487273209765683008343858037409", "308669220408222224656611470876126545861", "197699114853082409449149109728014222192", "209364448544501372143279473777566494659", "216188453882021631452971651028580263799", "94850097018368390728166738070588962869", "72445180047628070739800573023735531549"], "threshold":0.9}, "id":"ASB-A-278246904-d36d1569", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/5f5a87d8a0dc9190327ba0e6113d5b80ee96abae", "target":{"file":"packages/SystemUI/src/com/android/systemui/pip/phone/PipMenuActivity.java"}}, {"deprecated":false, "digest":{"function_hash":"181592472918948688828376767510805820774", "length":1929}, "id":"ASB-A-278246904-dcfb2aed", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/5f5a87d8a0dc9190327ba0e6113d5b80ee96abae", "target":{"file":"packages/SystemUI/src/com/android/systemui/pip/phone/PipMenuActivity.java", "function":"updateActionViews"}}]}}, {"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"12:0"}, {"fixed":"12:2023-10-01"}]}], "versions":["12"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/4bf71d74fc21cd9389dbe00fb750e2f9802eb789"], "severity":"High", "spl":"2023-10-01", "types":["ID"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"324042343437714289491964702341013391365", "length":2091}, "id":"ASB-A-278246904-06f64a8c", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/4bf71d74fc21cd9389dbe00fb750e2f9802eb789", "target":{"file":"libs/WindowManager/Shell/src/com/android/wm/shell/pip/phone/PipMenuView.java", "function":"updateActionViews"}}, {"deprecated":false, "digest":{"line_hashes":["324847060176059378097650583737936443359", "201914426576427113616282003798828523163", "263506418221562484969851597863881285854", "298693978369705219306289472481635126836", "65028353250387951711319638958353438447", "136790229638996451871466097405478164680", "68170465010301158246315630610819079368", "263352302776715897128641062905730961951", "69457260422413678554051326443035127416", "265017678738522029119583092157254262428", "300353328676222188497957249077867958648", "132265614032465781347840663960889966374", "279619902974470852553413032210963791541"], "threshold":0.9}, "id":"ASB-A-278246904-e2044529", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/4bf71d74fc21cd9389dbe00fb750e2f9802eb789", "target":{"file":"libs/WindowManager/Shell/src/com/android/wm/shell/pip/phone/PipMenuView.java"}}]}}, {"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"12L:0"}, {"fixed":"12L:2023-10-01"}]}], "versions":["12L"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/4bf71d74fc21cd9389dbe00fb750e2f9802eb789"], "severity":"High", "spl":"2023-10-01", "types":["ID"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"324042343437714289491964702341013391365", "length":2091}, "id":"ASB-A-278246904-2aac263b", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/4bf71d74fc21cd9389dbe00fb750e2f9802eb789", "target":{"file":"libs/WindowManager/Shell/src/com/android/wm/shell/pip/phone/PipMenuView.java", "function":"updateActionViews"}}, {"deprecated":false, "digest":{"line_hashes":["324847060176059378097650583737936443359", "201914426576427113616282003798828523163", "263506418221562484969851597863881285854", "298693978369705219306289472481635126836", "65028353250387951711319638958353438447", "136790229638996451871466097405478164680", "68170465010301158246315630610819079368", "263352302776715897128641062905730961951", "69457260422413678554051326443035127416", "265017678738522029119583092157254262428", "300353328676222188497957249077867958648", "132265614032465781347840663960889966374", "279619902974470852553413032210963791541"], "threshold":0.9}, "id":"ASB-A-278246904-974cac41", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/4bf71d74fc21cd9389dbe00fb750e2f9802eb789", "target":{"file":"libs/WindowManager/Shell/src/com/android/wm/shell/pip/phone/PipMenuView.java"}}]}}, {"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"13:0"}, {"fixed":"13:2023-10-01"}]}], "versions":["13"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/1aee65603e262affd815fa53dcc5416c605e4037"], "severity":"High", "spl":"2023-10-01", "types":["ID"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"91021012843999924637578713214436470282", "length":2135}, "id":"ASB-A-278246904-883a9b56", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/1aee65603e262affd815fa53dcc5416c605e4037", "target":{"file":"libs/WindowManager/Shell/src/com/android/wm/shell/pip/phone/PipMenuView.java", "function":"updateActionViews"}}, {"deprecated":false, "digest":{"line_hashes":["324847060176059378097650583737936443359", "201914426576427113616282003798828523163", "263506418221562484969851597863881285854", "298693978369705219306289472481635126836", "93521960409155512391593538908610140054", "191814625989978002119845273457027502519", "149886920230859110625589295097639483924", "263352302776715897128641062905730961951", "69457260422413678554051326443035127416", "265017678738522029119583092157254262428", "250766418081665288800895074477766066642", "71790000626337845181233356163845532353", "13483996012871084488115841999795360436"], "threshold":0.9}, "id":"ASB-A-278246904-b10517f1", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/1aee65603e262affd815fa53dcc5416c605e4037", "target":{"file":"libs/WindowManager/Shell/src/com/android/wm/shell/pip/phone/PipMenuView.java"}}]}}], "references":[{"type":"ADVISORY", "url":"https://source.android.com/security/bulletin/2023-10-01"}, {"type":"FIX", "url":"https://android.googlesource.com/platform/frameworks/base/+/7212a4bec2d2f1a74fa54a12a04255d6a183baa9"}]}