{"id":"ASB-A-294228721", "published":"2023-12-01T00:00:00Z", "modified":"2026-05-01T15:24:27.653932157Z", "aliases":["CVE-2023-40089", "A-294228721"], "details":"In getCredentialManagerPolicy of DevicePolicyManagerService.java, there is a possible method for users to select credential managers without permission due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.", "affected":[{"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"14-next:0"}, {"fixed":"14-next:2023-12-01"}]}], "versions":["14-next"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/892ba1d6f6b08667d3a7741e698c1ccfbd3841f5"], "severity":"High", "spl":"2023-12-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"74449242559593116633127182544354130666", "length":307}, "id":"ASB-A-294228721-001b2075", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/892ba1d6f6b08667d3a7741e698c1ccfbd3841f5", "target":{"file":"services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java", "function":"getCredentialManagerPolicy"}}, {"deprecated":false, "digest":{"function_hash":"273187886863558320177264236917531010900", "length":206}, "id":"ASB-A-294228721-0d7ed67a", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/892ba1d6f6b08667d3a7741e698c1ccfbd3841f5", "target":{"file":"core/java/android/app/admin/DevicePolicyManager.java", "function":"getCredentialManagerPolicy"}}, {"deprecated":false, "digest":{"line_hashes":["27048490247006646627419795221021812496", "175284641402637478608390869535606810161", "234065406732064679832854187106009601004", "197420965643697283682808876633612224374", "234819912256778732340493599341448481647", "300102070284684225849613243206591386726", "340068429391398980206455874537492563893", "216495480719551252986048293592306024957"], "threshold":0.9}, "id":"ASB-A-294228721-633b9ba6", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/892ba1d6f6b08667d3a7741e698c1ccfbd3841f5", "target":{"file":"core/java/android/app/admin/DevicePolicyManager.java"}}, {"deprecated":false, "digest":{"line_hashes":["332219673355443387379256206211042897860", "35632985352020364848489662231319506689", "76320284361625687917528082129015246115", "73129828535204244091363231259897667037", "250217290926877900967568290098458981441", "270938730645888615323830826130448163534", "305815705679108351074771310580648973669", "208232285445090970418086043977411258726", "264785142350393791605780235158664188932", "162567613217633417994253022385408772313", "295760383498470438294263347900256242793", "202167732107955505056331426613111159753"], "threshold":0.9}, "id":"ASB-A-294228721-ae13115d", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/892ba1d6f6b08667d3a7741e698c1ccfbd3841f5", "target":{"file":"services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java"}}]}}, {"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"14:0"}, {"fixed":"14:2023-12-01"}]}], "versions":["14"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/0951b28bd94a514eded9503d802228a3591579d6"], "severity":"High", "spl":"2023-12-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"273187886863558320177264236917531010900", "length":206}, "id":"ASB-A-294228721-46a2bd8e", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/0951b28bd94a514eded9503d802228a3591579d6", "target":{"file":"core/java/android/app/admin/DevicePolicyManager.java", "function":"getCredentialManagerPolicy"}}, {"deprecated":false, "digest":{"function_hash":"74449242559593116633127182544354130666", "length":307}, "id":"ASB-A-294228721-6e5e602b", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/0951b28bd94a514eded9503d802228a3591579d6", "target":{"file":"services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java", "function":"getCredentialManagerPolicy"}}, {"deprecated":false, "digest":{"line_hashes":["332219673355443387379256206211042897860", "35632985352020364848489662231319506689", "76320284361625687917528082129015246115", "73129828535204244091363231259897667037", "250217290926877900967568290098458981441", "270938730645888615323830826130448163534", "305815705679108351074771310580648973669", "208232285445090970418086043977411258726", "264785142350393791605780235158664188932", "162567613217633417994253022385408772313", "295760383498470438294263347900256242793", "202167732107955505056331426613111159753"], "threshold":0.9}, "id":"ASB-A-294228721-70b6de26", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/0951b28bd94a514eded9503d802228a3591579d6", "target":{"file":"services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java"}}, {"deprecated":false, "digest":{"line_hashes":["27048490247006646627419795221021812496", "175284641402637478608390869535606810161", "234065406732064679832854187106009601004", "197420965643697283682808876633612224374", "234819912256778732340493599341448481647", "300102070284684225849613243206591386726", "340068429391398980206455874537492563893", "216495480719551252986048293592306024957"], "threshold":0.9}, "id":"ASB-A-294228721-d90e9513", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/0951b28bd94a514eded9503d802228a3591579d6", "target":{"file":"core/java/android/app/admin/DevicePolicyManager.java"}}]}}], "references":[{"type":"ADVISORY", "url":"https://source.android.com/security/bulletin/2023-12-01"}, {"type":"FIX", "url":"https://android.googlesource.com/platform/frameworks/base/+/e2e05f488da6abc765a62e7faf10cb74e729732e"}]}