{"id":"ASB-A-303835719", "published":"2023-12-01T00:00:00Z", "modified":"2026-04-29T15:10:00.007170452Z", "aliases":["CVE-2023-40076", "A-303835719"], "details":"In createPendingIntent of CredentialManagerUi.java, there is a possible way to access credentials from other users due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.", "affected":[{"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"14-next:0"}, {"fixed":"14-next:2023-12-01"}]}], "versions":["14-next"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/a75c8e7b68f9d3ff0eac572190fe2894a768345c"], "severity":"Critical", "spl":"2023-12-01", "types":["ID"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["234226084091455057821822888718178801183", "48161601445990499557773743744981487220", "9581925943886986278467702403361556315", "158744577728783833093806905123284310058", "286497149840698911614324456572265522908", "59805238393357666331782590915338340853", "335502741726855472299662573893601181343", "331794043557624844489300745738168591998"], "threshold":0.9}, "id":"ASB-A-303835719-7c4531d3", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/a75c8e7b68f9d3ff0eac572190fe2894a768345c", "target":{"file":"services/credentials/java/com/android/server/credentials/CredentialManagerUi.java"}}, {"deprecated":false, "digest":{"function_hash":"233515573312489756185313986520921498802", "length":659}, "id":"ASB-A-303835719-a03475a6", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/a75c8e7b68f9d3ff0eac572190fe2894a768345c", "target":{"file":"services/credentials/java/com/android/server/credentials/CredentialManagerUi.java", "function":"createPendingIntent"}}]}}, {"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"14:0"}, {"fixed":"14:2023-12-01"}]}], "versions":["14"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/b9c5b0f408250faa2d8dadd7d2ba8beeb88ea463"], "severity":"Critical", "spl":"2023-12-01", "types":["ID"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"233515573312489756185313986520921498802", "length":659}, "id":"ASB-A-303835719-5ec58328", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/b9c5b0f408250faa2d8dadd7d2ba8beeb88ea463", "target":{"file":"services/credentials/java/com/android/server/credentials/CredentialManagerUi.java", "function":"createPendingIntent"}}, {"deprecated":false, "digest":{"line_hashes":["234226084091455057821822888718178801183", "48161601445990499557773743744981487220", "9581925943886986278467702403361556315", "158744577728783833093806905123284310058", "286497149840698911614324456572265522908", "59805238393357666331782590915338340853", "335502741726855472299662573893601181343", "331794043557624844489300745738168591998"], "threshold":0.9}, "id":"ASB-A-303835719-d1183d65", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/b9c5b0f408250faa2d8dadd7d2ba8beeb88ea463", "target":{"file":"services/credentials/java/com/android/server/credentials/CredentialManagerUi.java"}}]}}], "references":[{"type":"ADVISORY", "url":"https://source.android.com/security/bulletin/2023-12-01"}, {"type":"FIX", "url":"https://android.googlesource.com/platform/frameworks/base/+/9b68987df85b681f9362a3cadca6496796d23bbc"}]}