{"id":"ASB-A-278722815", "published":"2023-12-01T00:00:00Z", "modified":"2026-04-30T15:48:46.890647439Z", "aliases":["CVE-2023-40079", "A-278722815"], "details":"In injectSendIntentSender of ShortcutService.java, there is a possible background activity launch due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.", "affected":[{"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"14-next:0"}, {"fixed":"14-next:2023-12-01"}]}], "versions":["14-next"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/eb90469587d908ac89121baf4f4dca3d1da5b817"], "severity":"High", "spl":"2023-12-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"274573072377361941630205671080613837356", "length":239}, "id":"ASB-A-278722815-9c303291", "match_only_versions":["14-next"], "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/eb90469587d908ac89121baf4f4dca3d1da5b817", "target":{"file":"services/core/java/com/android/server/pm/ShortcutService.java", "function":"injectSendIntentSender"}}, {"deprecated":false, "digest":{"line_hashes":["282007050083275395812881588875439224010", "121767373360754503692510933823465049676", "210091644919993644973117657717030182698", "241511480748587819235818580045714909922", "109535088465150795597397831887177697388", "329664286049235529124895840553730018214", "231911230713795010449640140776637075032", "60328244444378710411924095724399144432", "98855905654055469102136301636680550000", "114829687165789329088780961588095937225", "25064514220660965008269132321312445530"], "threshold":0.9}, "id":"ASB-A-278722815-dbb125e9", "match_only_versions":["14-next"], "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/eb90469587d908ac89121baf4f4dca3d1da5b817", "target":{"file":"services/core/java/com/android/server/pm/ShortcutService.java"}}]}}, {"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"14:0"}, {"fixed":"14:2023-12-01"}]}], "versions":["14"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/0a0778e96d7da3fa8169abdf9261ed62809539fa"], "severity":"High", "spl":"2023-12-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"274573072377361941630205671080613837356", "length":239}, "id":"ASB-A-278722815-7851366d", "match_only_versions":["14"], "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/0a0778e96d7da3fa8169abdf9261ed62809539fa", "target":{"file":"services/core/java/com/android/server/pm/ShortcutService.java", "function":"injectSendIntentSender"}}, {"deprecated":false, "digest":{"line_hashes":["282007050083275395812881588875439224010", "121767373360754503692510933823465049676", "210091644919993644973117657717030182698", "241511480748587819235818580045714909922", "109535088465150795597397831887177697388", "329664286049235529124895840553730018214", "231911230713795010449640140776637075032", "60328244444378710411924095724399144432", "98855905654055469102136301636680550000", "114829687165789329088780961588095937225", "25064514220660965008269132321312445530"], "threshold":0.9}, "id":"ASB-A-278722815-c6c74a05", "match_only_versions":["14"], "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/0a0778e96d7da3fa8169abdf9261ed62809539fa", "target":{"file":"services/core/java/com/android/server/pm/ShortcutService.java"}}]}}], "references":[{"type":"ADVISORY", "url":"https://source.android.com/security/bulletin/2023-12-01"}, {"type":"FIX", "url":"https://android.googlesource.com/platform/frameworks/base/+/96e0524c48c6e58af7d15a2caf35082186fc8de2"}]}