{"id":"ASB-A-281061287", "published":"2023-12-01T00:00:00Z", "modified":"2026-04-29T15:10:00.007170452Z", "aliases":["CVE-2023-40075", "A-281061287"], "details":"In forceReplaceShortcutInner of ShortcutPackage.java, there is a possible way to register unlimited packages due to a missing bounds check. This could lead to local denial of service which results in a boot loop with no additional execution privileges needed. User interaction is not needed for exploitation.", "affected":[{"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"14-next:0"}, {"fixed":"14-next:2023-12-01"}]}], "versions":["14-next"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/3215e73e36aa0463429226b5743ce24badf31227"], "severity":"High", "spl":"2023-12-01", "types":["DoS"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["16700796221960876658047075062901820845", "308728855881366338611251931444619050660", "188289724923926477708120317160316156172", "44614394285164625813598547672783867506", "206105765535832684862210061196108387550", "129098121925743220798425757674504911517", "165883179787575822188781207300394552354", "45358171669273888812659535669192814796"], "threshold":0.9}, "id":"ASB-A-281061287-83788f56", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/3215e73e36aa0463429226b5743ce24badf31227", "target":{"file":"services/core/java/com/android/server/pm/ShortcutPackage.java"}}, {"deprecated":false, "digest":{"function_hash":"334976330244219875878723607817575569924", "length":1528}, "id":"ASB-A-281061287-987a18fd", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/3215e73e36aa0463429226b5743ce24badf31227", "target":{"file":"services/core/java/com/android/server/pm/ShortcutPackage.java", "function":"pushDynamicShortcut"}}, {"deprecated":false, "digest":{"function_hash":"25517847561716758263126889563997043673", "length":200}, "id":"ASB-A-281061287-ef716b0c", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/3215e73e36aa0463429226b5743ce24badf31227", "target":{"file":"services/core/java/com/android/server/pm/ShortcutPackage.java", "function":"forceReplaceShortcutInner"}}]}}, {"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"11:0"}, {"fixed":"11:2023-12-01"}]}], "versions":["11"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/2d93aabdc4905b36ee684533904029cfc61533b7"], "severity":"High", "spl":"2023-12-01", "types":["DoS"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["16700796221960876658047075062901820845", "203701812653124260786088409224808533408", "303542053167480856875165221117970394146", "190853302074390725425840266950682255074", "206105765535832684862210061196108387550", "129098121925743220798425757674504911517", "165883179787575822188781207300394552354", "245015905893707368514028808955757503038"], "threshold":0.9}, "id":"ASB-A-281061287-0c1f105c", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/2d93aabdc4905b36ee684533904029cfc61533b7", "target":{"file":"services/core/java/com/android/server/pm/ShortcutPackage.java"}}, {"deprecated":false, "digest":{"function_hash":"159109076582546941070176486697659532569", "length":236}, "id":"ASB-A-281061287-2a07e5e2", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/2d93aabdc4905b36ee684533904029cfc61533b7", "target":{"file":"services/core/java/com/android/server/pm/ShortcutPackage.java", "function":"forceReplaceShortcutInner"}}, {"deprecated":false, "digest":{"function_hash":"287786783413334123543829213843353028849", "length":1171}, "id":"ASB-A-281061287-6352b9f5", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/2d93aabdc4905b36ee684533904029cfc61533b7", "target":{"file":"services/core/java/com/android/server/pm/ShortcutPackage.java", "function":"pushDynamicShortcut"}}]}}, {"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"12:0"}, {"fixed":"12:2023-12-01"}]}], "versions":["12"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/3215e73e36aa0463429226b5743ce24badf31227"], "severity":"High", "spl":"2023-12-01", "types":["DoS"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["16700796221960876658047075062901820845", "308728855881366338611251931444619050660", "188289724923926477708120317160316156172", "44614394285164625813598547672783867506", "206105765535832684862210061196108387550", "129098121925743220798425757674504911517", "165883179787575822188781207300394552354", "45358171669273888812659535669192814796"], "threshold":0.9}, "id":"ASB-A-281061287-3006c118", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/3215e73e36aa0463429226b5743ce24badf31227", "target":{"file":"services/core/java/com/android/server/pm/ShortcutPackage.java"}}, {"deprecated":false, "digest":{"function_hash":"334976330244219875878723607817575569924", "length":1528}, "id":"ASB-A-281061287-a79e7589", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/3215e73e36aa0463429226b5743ce24badf31227", "target":{"file":"services/core/java/com/android/server/pm/ShortcutPackage.java", "function":"pushDynamicShortcut"}}, {"deprecated":false, "digest":{"function_hash":"25517847561716758263126889563997043673", "length":200}, "id":"ASB-A-281061287-bf1fe3d4", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/3215e73e36aa0463429226b5743ce24badf31227", "target":{"file":"services/core/java/com/android/server/pm/ShortcutPackage.java", "function":"forceReplaceShortcutInner"}}]}}, {"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"12L:0"}, {"fixed":"12L:2023-12-01"}]}], "versions":["12L"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/3215e73e36aa0463429226b5743ce24badf31227"], "severity":"High", "spl":"2023-12-01", "types":["DoS"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["16700796221960876658047075062901820845", "308728855881366338611251931444619050660", "188289724923926477708120317160316156172", "44614394285164625813598547672783867506", "206105765535832684862210061196108387550", "129098121925743220798425757674504911517", "165883179787575822188781207300394552354", "45358171669273888812659535669192814796"], "threshold":0.9}, "id":"ASB-A-281061287-724219f5", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/3215e73e36aa0463429226b5743ce24badf31227", "target":{"file":"services/core/java/com/android/server/pm/ShortcutPackage.java"}}, {"deprecated":false, "digest":{"function_hash":"25517847561716758263126889563997043673", "length":200}, "id":"ASB-A-281061287-a3cdd939", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/3215e73e36aa0463429226b5743ce24badf31227", "target":{"file":"services/core/java/com/android/server/pm/ShortcutPackage.java", "function":"forceReplaceShortcutInner"}}, {"deprecated":false, "digest":{"function_hash":"334976330244219875878723607817575569924", "length":1528}, "id":"ASB-A-281061287-d644e870", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/3215e73e36aa0463429226b5743ce24badf31227", "target":{"file":"services/core/java/com/android/server/pm/ShortcutPackage.java", "function":"pushDynamicShortcut"}}]}}, {"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"13:0"}, {"fixed":"13:2023-12-01"}]}], "versions":["13"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/3215e73e36aa0463429226b5743ce24badf31227"], "severity":"High", "spl":"2023-12-01", "types":["DoS"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"334976330244219875878723607817575569924", "length":1528}, "id":"ASB-A-281061287-2c308b4c", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/3215e73e36aa0463429226b5743ce24badf31227", "target":{"file":"services/core/java/com/android/server/pm/ShortcutPackage.java", "function":"pushDynamicShortcut"}}, {"deprecated":false, "digest":{"line_hashes":["16700796221960876658047075062901820845", "308728855881366338611251931444619050660", "188289724923926477708120317160316156172", "44614394285164625813598547672783867506", "206105765535832684862210061196108387550", "129098121925743220798425757674504911517", "165883179787575822188781207300394552354", "45358171669273888812659535669192814796"], "threshold":0.9}, "id":"ASB-A-281061287-9e99c298", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/3215e73e36aa0463429226b5743ce24badf31227", "target":{"file":"services/core/java/com/android/server/pm/ShortcutPackage.java"}}, {"deprecated":false, "digest":{"function_hash":"25517847561716758263126889563997043673", "length":200}, "id":"ASB-A-281061287-af13675e", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/3215e73e36aa0463429226b5743ce24badf31227", "target":{"file":"services/core/java/com/android/server/pm/ShortcutPackage.java", "function":"forceReplaceShortcutInner"}}]}}, {"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"14:0"}, {"fixed":"14:2023-12-01"}]}], "versions":["14"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/3215e73e36aa0463429226b5743ce24badf31227"], "severity":"High", "spl":"2023-12-01", "types":["DoS"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"25517847561716758263126889563997043673", "length":200}, "id":"ASB-A-281061287-b4a3fb74", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/3215e73e36aa0463429226b5743ce24badf31227", "target":{"file":"services/core/java/com/android/server/pm/ShortcutPackage.java", "function":"forceReplaceShortcutInner"}}, {"deprecated":false, "digest":{"function_hash":"334976330244219875878723607817575569924", "length":1528}, "id":"ASB-A-281061287-b71264d0", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/3215e73e36aa0463429226b5743ce24badf31227", "target":{"file":"services/core/java/com/android/server/pm/ShortcutPackage.java", "function":"pushDynamicShortcut"}}, {"deprecated":false, "digest":{"line_hashes":["16700796221960876658047075062901820845", "308728855881366338611251931444619050660", "188289724923926477708120317160316156172", "44614394285164625813598547672783867506", "206105765535832684862210061196108387550", "129098121925743220798425757674504911517", "165883179787575822188781207300394552354", "45358171669273888812659535669192814796"], "threshold":0.9}, "id":"ASB-A-281061287-dd9e0748", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/3215e73e36aa0463429226b5743ce24badf31227", "target":{"file":"services/core/java/com/android/server/pm/ShortcutPackage.java"}}]}}], "references":[{"type":"ADVISORY", "url":"https://source.android.com/security/bulletin/2023-12-01"}, {"type":"FIX", "url":"https://android.googlesource.com/platform/frameworks/base/+/ae768fbb9975fdab267f525831cb52f485ab0ecc"}]}