{"id":"ASB-A-283699145", "published":"2023-12-01T00:00:00Z", "modified":"2026-05-01T15:24:27.653932157Z", "aliases":["CVE-2023-40091", "A-283699145"], "details":"In onTransact of IncidentService.cpp, there is a possible out of bounds write due to memory corruption. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.", "affected":[{"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"14-next:0"}, {"fixed":"14-next:2023-12-01"}]}], "versions":["14-next"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/ba78ef276951269f7b024baebdf1b8fa40bedb23"], "severity":"High", "spl":"2023-12-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["172443825425735659130612088279631497838", "87095234300440577981712593612054653192", "181035596412257502561531291368585469683", "178560458846057669041384444199635420189", "272320636500326788687113970580329097263", "124938934875534925526175360237650061883", "266767335645061768932475154149530364725", "141177541074504564839850689640202501430", "78165157138368822931328054849781914200", "223486805494479665078780819804238327125", "167681171040007542862107872106203057846", "76969655573289818818651540298835593549", "10956823126506419822393896227440217122", "125571098748896862381169465902116515961", "58282277178717432294300886937119173818", "283374286640108271559969475024193896829", "132881330010620496522334561253869658802"], "threshold":0.9}, "id":"ASB-A-283699145-b708d3c2", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/ba78ef276951269f7b024baebdf1b8fa40bedb23", "target":{"file":"cmds/incidentd/src/IncidentService.cpp"}}, {"deprecated":false, "digest":{"function_hash":"205720072474376637546658943542620039004", "length":1260}, "id":"ASB-A-283699145-d157f143", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/ba78ef276951269f7b024baebdf1b8fa40bedb23", "target":{"file":"cmds/incidentd/src/IncidentService.cpp", "function":"IncidentService::onTransact"}}]}}, {"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"11:0"}, {"fixed":"11:2023-12-01"}]}], "versions":["11"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/b4aaf180ee8f3e375c7ab411f03cf9c24c1d8055"], "severity":"High", "spl":"2023-12-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["172443825425735659130612088279631497838", "87095234300440577981712593612054653192", "181035596412257502561531291368585469683", "178560458846057669041384444199635420189", "272320636500326788687113970580329097263", "124938934875534925526175360237650061883", "302862291444684829093576579100726276569", "36201056607344935758438273136816154414", "109823369971792074326148648264918672981", "223486805494479665078780819804238327125", "167681171040007542862107872106203057846", "76969655573289818818651540298835593549", "10956823126506419822393896227440217122", "125571098748896862381169465902116515961", "58282277178717432294300886937119173818", "283374286640108271559969475024193896829", "132881330010620496522334561253869658802"], "threshold":0.9}, "id":"ASB-A-283699145-24e30172", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/b4aaf180ee8f3e375c7ab411f03cf9c24c1d8055", "target":{"file":"cmds/incidentd/src/IncidentService.cpp"}}, {"deprecated":false, "digest":{"function_hash":"175548108494891799001190044926229152188", "length":1215}, "id":"ASB-A-283699145-99256717", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/b4aaf180ee8f3e375c7ab411f03cf9c24c1d8055", "target":{"file":"cmds/incidentd/src/IncidentService.cpp", "function":"IncidentService::onTransact"}}]}}, {"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"12:0"}, {"fixed":"12:2023-12-01"}]}], "versions":["12"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/598dc664d4844363be12e0d164e1e522f92fa23f"], "severity":"High", "spl":"2023-12-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["172443825425735659130612088279631497838", "87095234300440577981712593612054653192", "181035596412257502561531291368585469683", "178560458846057669041384444199635420189", "272320636500326788687113970580329097263", "124938934875534925526175360237650061883", "302862291444684829093576579100726276569", "36201056607344935758438273136816154414", "109823369971792074326148648264918672981", "223486805494479665078780819804238327125", "167681171040007542862107872106203057846", "76969655573289818818651540298835593549", "10956823126506419822393896227440217122", "125571098748896862381169465902116515961", "58282277178717432294300886937119173818", "283374286640108271559969475024193896829", "132881330010620496522334561253869658802"], "threshold":0.9}, "id":"ASB-A-283699145-5311c2a1", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/598dc664d4844363be12e0d164e1e522f92fa23f", "target":{"file":"cmds/incidentd/src/IncidentService.cpp"}}, {"deprecated":false, "digest":{"function_hash":"175548108494891799001190044926229152188", "length":1215}, "id":"ASB-A-283699145-75d824f3", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/598dc664d4844363be12e0d164e1e522f92fa23f", "target":{"file":"cmds/incidentd/src/IncidentService.cpp", "function":"IncidentService::onTransact"}}]}}, {"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"12L:0"}, {"fixed":"12L:2023-12-01"}]}], "versions":["12L"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/db60b2f5e004a4b303c70bdecb94d4b40f29cc33"], "severity":"High", "spl":"2023-12-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"175548108494891799001190044926229152188", "length":1215}, "id":"ASB-A-283699145-dca9ba9d", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/db60b2f5e004a4b303c70bdecb94d4b40f29cc33", "target":{"file":"cmds/incidentd/src/IncidentService.cpp", "function":"IncidentService::onTransact"}}, {"deprecated":false, "digest":{"line_hashes":["172443825425735659130612088279631497838", "87095234300440577981712593612054653192", "181035596412257502561531291368585469683", "178560458846057669041384444199635420189", "272320636500326788687113970580329097263", "124938934875534925526175360237650061883", "302862291444684829093576579100726276569", "36201056607344935758438273136816154414", "109823369971792074326148648264918672981", "223486805494479665078780819804238327125", "167681171040007542862107872106203057846", "76969655573289818818651540298835593549", "10956823126506419822393896227440217122", "125571098748896862381169465902116515961", "58282277178717432294300886937119173818", "283374286640108271559969475024193896829", "132881330010620496522334561253869658802"], "threshold":0.9}, "id":"ASB-A-283699145-f9c9fbfa", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/db60b2f5e004a4b303c70bdecb94d4b40f29cc33", "target":{"file":"cmds/incidentd/src/IncidentService.cpp"}}]}}, {"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"13:0"}, {"fixed":"13:2023-12-01"}]}], "versions":["13"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/6fe75d9d37321843ebae8a34a049f4d3f24e1965"], "severity":"High", "spl":"2023-12-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"175548108494891799001190044926229152188", "length":1215}, "id":"ASB-A-283699145-4d281e2d", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/6fe75d9d37321843ebae8a34a049f4d3f24e1965", "target":{"file":"cmds/incidentd/src/IncidentService.cpp", "function":"IncidentService::onTransact"}}, {"deprecated":false, "digest":{"line_hashes":["172443825425735659130612088279631497838", "87095234300440577981712593612054653192", "181035596412257502561531291368585469683", "178560458846057669041384444199635420189", "272320636500326788687113970580329097263", "124938934875534925526175360237650061883", "302862291444684829093576579100726276569", "36201056607344935758438273136816154414", "109823369971792074326148648264918672981", "223486805494479665078780819804238327125", "167681171040007542862107872106203057846", "76969655573289818818651540298835593549", "10956823126506419822393896227440217122", "125571098748896862381169465902116515961", "58282277178717432294300886937119173818", "283374286640108271559969475024193896829", "132881330010620496522334561253869658802"], "threshold":0.9}, "id":"ASB-A-283699145-4e2c2572", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/6fe75d9d37321843ebae8a34a049f4d3f24e1965", "target":{"file":"cmds/incidentd/src/IncidentService.cpp"}}]}}, {"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"14:0"}, {"fixed":"14:2023-12-01"}]}], "versions":["14"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/5ae8b8102cbcae0aa9a90d1c19197b74bdcaf31a"], "severity":"High", "spl":"2023-12-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["172443825425735659130612088279631497838", "87095234300440577981712593612054653192", "181035596412257502561531291368585469683", "178560458846057669041384444199635420189", "272320636500326788687113970580329097263", "124938934875534925526175360237650061883", "302862291444684829093576579100726276569", "36201056607344935758438273136816154414", "109823369971792074326148648264918672981", "223486805494479665078780819804238327125", "167681171040007542862107872106203057846", "76969655573289818818651540298835593549", "10956823126506419822393896227440217122", "125571098748896862381169465902116515961", "58282277178717432294300886937119173818", "283374286640108271559969475024193896829", "132881330010620496522334561253869658802"], "threshold":0.9}, "id":"ASB-A-283699145-89d488d8", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/5ae8b8102cbcae0aa9a90d1c19197b74bdcaf31a", "target":{"file":"cmds/incidentd/src/IncidentService.cpp"}}, {"deprecated":false, "digest":{"function_hash":"175548108494891799001190044926229152188", "length":1215}, "id":"ASB-A-283699145-bbe08ca7", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/5ae8b8102cbcae0aa9a90d1c19197b74bdcaf31a", "target":{"file":"cmds/incidentd/src/IncidentService.cpp", "function":"IncidentService::onTransact"}}]}}], "references":[{"type":"ADVISORY", "url":"https://source.android.com/security/bulletin/2023-12-01"}, {"type":"FIX", "url":"https://android.googlesource.com/platform/frameworks/base/+/0ec7b119d41adcbba23f9349e16de9e7e11683f6"}]}