{"id":"ASB-A-300090204", "published":"2024-01-01T00:00:00Z", "modified":"2026-04-30T15:48:46.890647439Z", "aliases":["CVE-2024-0015", "A-300090204"], "details":"In convertToComponentName of DreamService.java, there is a possible way to launch arbitrary protected activities due to intent redirection. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.", "affected":[{"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"14-next:0"}, {"fixed":"14-next:2024-01-01"}]}], "versions":["14-next"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/2ce1b7fd37273ea19fbbb6daeeaa6212357b9a70"], "severity":"High", "spl":"2024-01-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["142275142473583811656257925932801215932", "80607861949381175184438557088515049005", "28754939496718491312327854094553077963", "161741354498231441500213550542794601380", "31810291832700185900069539269853300952", "76201736618210912462135528215241407154", "13572015017283725455848689928188277669", "123200632612740350257613156920026447093", "99189086500324707981847462972527388857", "238865122492803814029196695279813184174", "135188360535559844316574743883758800389", "28496705184192827839311415886852564114", "130169205191785451277261575911863144490", "12884332751236020770911350680320607449", "27175867381462649513143951036261802049", "85940367650815511313909572387718700761", "330677813483266743538214358220343613206", "123797315748070501987140919842285346625", "56771758489640633155088313326080049367"], "threshold":0.9}, "id":"ASB-A-300090204-16f5859a", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/2ce1b7fd37273ea19fbbb6daeeaa6212357b9a70", "target":{"file":"core/java/android/service/dreams/DreamService.java"}}, {"deprecated":false, "digest":{"function_hash":"42220059353017145088428329988357325663", "length":572}, "id":"ASB-A-300090204-b8a29ebb", "match_only_versions":["14-next"], "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/2ce1b7fd37273ea19fbbb6daeeaa6212357b9a70", "target":{"file":"core/java/android/service/dreams/DreamService.java", "function":"getDreamMetadata"}}, {"deprecated":false, "digest":{"function_hash":"95995390880890190389146015024656609599", "length":212}, "id":"ASB-A-300090204-edef98e7", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/2ce1b7fd37273ea19fbbb6daeeaa6212357b9a70", "target":{"file":"core/java/android/service/dreams/DreamService.java", "function":"convertToComponentName"}}]}}, {"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"11:0"}, {"fixed":"11:2024-01-01"}]}], "versions":["11"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/6926fd15fb16c51468dde270bd61ee68772b8c14"], "severity":"High", "spl":"2024-01-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"96258658890430209807344348180496553242", "length":1446}, "id":"ASB-A-300090204-483aa553", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/6926fd15fb16c51468dde270bd61ee68772b8c14", "target":{"file":"packages/SettingsLib/src/com/android/settingslib/dream/DreamBackend.java", "function":"getSettingsComponentName"}}, {"deprecated":false, "digest":{"line_hashes":["234723719755661055601629732360349019693", "138731044910258141424481377194987602346", "91263052745282201238370258976369237336", "255658402388288149290082503730355880643"], "threshold":0.9}, "id":"ASB-A-300090204-f5c4428d", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/6926fd15fb16c51468dde270bd61ee68772b8c14", "target":{"file":"packages/SettingsLib/src/com/android/settingslib/dream/DreamBackend.java"}}]}}, {"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"12:0"}, {"fixed":"12:2024-01-01"}]}], "versions":["12"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/6926fd15fb16c51468dde270bd61ee68772b8c14"], "severity":"High", "spl":"2024-01-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["234723719755661055601629732360349019693", "138731044910258141424481377194987602346", "91263052745282201238370258976369237336", "255658402388288149290082503730355880643"], "threshold":0.9}, "id":"ASB-A-300090204-816d1262", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/6926fd15fb16c51468dde270bd61ee68772b8c14", "target":{"file":"packages/SettingsLib/src/com/android/settingslib/dream/DreamBackend.java"}}, {"deprecated":false, "digest":{"function_hash":"96258658890430209807344348180496553242", "length":1446}, "id":"ASB-A-300090204-d28c02c4", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/6926fd15fb16c51468dde270bd61ee68772b8c14", "target":{"file":"packages/SettingsLib/src/com/android/settingslib/dream/DreamBackend.java", "function":"getSettingsComponentName"}}]}}, {"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"12L:0"}, {"fixed":"12L:2024-01-01"}]}], "versions":["12L"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/6926fd15fb16c51468dde270bd61ee68772b8c14"], "severity":"High", "spl":"2024-01-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["234723719755661055601629732360349019693", "138731044910258141424481377194987602346", "91263052745282201238370258976369237336", "255658402388288149290082503730355880643"], "threshold":0.9}, "id":"ASB-A-300090204-60971f8d", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/6926fd15fb16c51468dde270bd61ee68772b8c14", "target":{"file":"packages/SettingsLib/src/com/android/settingslib/dream/DreamBackend.java"}}, {"deprecated":false, "digest":{"function_hash":"96258658890430209807344348180496553242", "length":1446}, "id":"ASB-A-300090204-c94e54e6", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/6926fd15fb16c51468dde270bd61ee68772b8c14", "target":{"file":"packages/SettingsLib/src/com/android/settingslib/dream/DreamBackend.java", "function":"getSettingsComponentName"}}]}}, {"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"13:0"}, {"fixed":"13:2024-01-01"}]}], "versions":["13"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/bf8ff047eb25960720a688cb16aa44b3775799da"], "severity":"High", "spl":"2024-01-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"95995390880890190389146015024656609599", "length":212}, "id":"ASB-A-300090204-10c7fd51", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/bf8ff047eb25960720a688cb16aa44b3775799da", "target":{"file":"core/java/android/service/dreams/DreamService.java", "function":"convertToComponentName"}}, {"deprecated":false, "digest":{"line_hashes":["130169205191785451277261575911863144490", "12884332751236020770911350680320607449", "27175867381462649513143951036261802049", "85940367650815511313909572387718700761"], "threshold":0.9}, "id":"ASB-A-300090204-d046b762", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/bf8ff047eb25960720a688cb16aa44b3775799da", "target":{"file":"core/java/android/service/dreams/DreamService.java"}}]}}], "references":[{"type":"ADVISORY", "url":"https://source.android.com/security/bulletin/2024-01-01"}, {"type":"FIX", "url":"https://android.googlesource.com/platform/frameworks/base/+/2ce1b7fd37273ea19fbbb6daeeaa6212357b9a70"}]}