{"id":"ASB-A-288110451", "published":"2023-12-01T00:00:00Z", "modified":"2026-04-30T15:48:46.890647439Z", "aliases":["CVE-2023-40092", "A-288110451"], "details":"In verifyShortcutInfoPackage of ShortcutService.java, there is a possible way to see another user's image due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.", "affected":[{"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"14-next:0"}, {"fixed":"14-next:2023-12-01"}]}], "versions":["14-next"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/4a12c242e18e83ac209a457e25edecc4055e6929"], "severity":"High", "spl":"2023-12-01", "types":["ID"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"51460153212983138887742613780005792845", "length":284}, "id":"ASB-A-288110451-9d8b859c", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/4a12c242e18e83ac209a457e25edecc4055e6929", "target":{"file":"services/core/java/com/android/server/pm/ShortcutService.java", "function":"verifyShortcutInfoPackage"}}, {"deprecated":false, "digest":{"line_hashes":["86684569759461002666217921323255425402", "245999318849493497398196780292971992927", "256396515782213366321165341236267936207", "272775078542805382455308614733401320132"], "threshold":0.9}, "id":"ASB-A-288110451-e394e1c6", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/4a12c242e18e83ac209a457e25edecc4055e6929", "target":{"file":"services/core/java/com/android/server/pm/ShortcutService.java"}}]}}, {"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"11:0"}, {"fixed":"11:2023-12-01"}]}], "versions":["11"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/01bfd04ff445db6290ae430d44ea1bf1a115fe3c"], "severity":"High", "spl":"2023-12-01", "types":["ID"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"51460153212983138887742613780005792845", "length":284}, "id":"ASB-A-288110451-46ac04eb", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/01bfd04ff445db6290ae430d44ea1bf1a115fe3c", "target":{"file":"services/core/java/com/android/server/pm/ShortcutService.java", "function":"verifyShortcutInfoPackage"}}, {"deprecated":false, "digest":{"line_hashes":["86684569759461002666217921323255425402", "245999318849493497398196780292971992927", "256396515782213366321165341236267936207", "272775078542805382455308614733401320132"], "threshold":0.9}, "id":"ASB-A-288110451-79855b18", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/01bfd04ff445db6290ae430d44ea1bf1a115fe3c", "target":{"file":"services/core/java/com/android/server/pm/ShortcutService.java"}}]}}, {"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"12:0"}, {"fixed":"12:2023-12-01"}]}], "versions":["12"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/01bfd04ff445db6290ae430d44ea1bf1a115fe3c"], "severity":"High", "spl":"2023-12-01", "types":["ID"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"51460153212983138887742613780005792845", "length":284}, "id":"ASB-A-288110451-29e48883", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/01bfd04ff445db6290ae430d44ea1bf1a115fe3c", "target":{"file":"services/core/java/com/android/server/pm/ShortcutService.java", "function":"verifyShortcutInfoPackage"}}, {"deprecated":false, "digest":{"line_hashes":["86684569759461002666217921323255425402", "245999318849493497398196780292971992927", "256396515782213366321165341236267936207", "272775078542805382455308614733401320132"], "threshold":0.9}, "id":"ASB-A-288110451-485a903a", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/01bfd04ff445db6290ae430d44ea1bf1a115fe3c", "target":{"file":"services/core/java/com/android/server/pm/ShortcutService.java"}}]}}, {"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"12L:0"}, {"fixed":"12L:2023-12-01"}]}], "versions":["12L"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/01bfd04ff445db6290ae430d44ea1bf1a115fe3c"], "severity":"High", "spl":"2023-12-01", "types":["ID"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"51460153212983138887742613780005792845", "length":284}, "id":"ASB-A-288110451-403c427e", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/01bfd04ff445db6290ae430d44ea1bf1a115fe3c", "target":{"file":"services/core/java/com/android/server/pm/ShortcutService.java", "function":"verifyShortcutInfoPackage"}}, {"deprecated":false, "digest":{"line_hashes":["86684569759461002666217921323255425402", "245999318849493497398196780292971992927", "256396515782213366321165341236267936207", "272775078542805382455308614733401320132"], "threshold":0.9}, "id":"ASB-A-288110451-4bd1cbaf", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/01bfd04ff445db6290ae430d44ea1bf1a115fe3c", "target":{"file":"services/core/java/com/android/server/pm/ShortcutService.java"}}]}}, {"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"13:0"}, {"fixed":"13:2023-12-01"}]}], "versions":["13"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/01bfd04ff445db6290ae430d44ea1bf1a115fe3c"], "severity":"High", "spl":"2023-12-01", "types":["ID"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"51460153212983138887742613780005792845", "length":284}, "id":"ASB-A-288110451-88d8be83", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/01bfd04ff445db6290ae430d44ea1bf1a115fe3c", "target":{"file":"services/core/java/com/android/server/pm/ShortcutService.java", "function":"verifyShortcutInfoPackage"}}, {"deprecated":false, "digest":{"line_hashes":["86684569759461002666217921323255425402", "245999318849493497398196780292971992927", "256396515782213366321165341236267936207", "272775078542805382455308614733401320132"], "threshold":0.9}, "id":"ASB-A-288110451-b758b546", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/01bfd04ff445db6290ae430d44ea1bf1a115fe3c", "target":{"file":"services/core/java/com/android/server/pm/ShortcutService.java"}}]}}, {"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"14:0"}, {"fixed":"14:2023-12-01"}]}], "versions":["14"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/01bfd04ff445db6290ae430d44ea1bf1a115fe3c"], "severity":"High", "spl":"2023-12-01", "types":["ID"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["86684569759461002666217921323255425402", "245999318849493497398196780292971992927", "256396515782213366321165341236267936207", "272775078542805382455308614733401320132"], "threshold":0.9}, "id":"ASB-A-288110451-29f365d4", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/01bfd04ff445db6290ae430d44ea1bf1a115fe3c", "target":{"file":"services/core/java/com/android/server/pm/ShortcutService.java"}}, {"deprecated":false, "digest":{"function_hash":"51460153212983138887742613780005792845", "length":284}, "id":"ASB-A-288110451-86987fd9", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/01bfd04ff445db6290ae430d44ea1bf1a115fe3c", "target":{"file":"services/core/java/com/android/server/pm/ShortcutService.java", "function":"verifyShortcutInfoPackage"}}]}}], "references":[{"type":"ADVISORY", "url":"https://source.android.com/security/bulletin/2023-12-01"}, {"type":"FIX", "url":"https://android.googlesource.com/platform/frameworks/base/+/a5e55363e69b3c84d3f4011c7b428edb1a25752c"}]}