{"id":"ASB-A-311687929", "published":"2024-03-01T00:00:00Z", "modified":"2026-04-30T15:48:46.890647439Z", "aliases":["CVE-2024-0047", "A-311687929"], "details":"In writeUserLP of UserManagerService.java, device policies are serialized with an incorrect tag due to a logic error in the code. This could lead to local denial of service when policies are deserialized on reboot with no additional execution privileges needed. User interaction is not needed for exploitation.", "affected":[{"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"14-next:0"}, {"fixed":"14-next:2024-03-01"}]}], "versions":["14-next"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/24202a9b15c17739f211ede23d2afbd3be59365b", "https://android.googlesource.com/platform/frameworks/base/+/739281096aba494151f8c953f2d63ec9fd4c7e87", "https://android.googlesource.com/platform/frameworks/base/+/5394ddbee5dd88a35e2a9a8508dc260395895ac1"], "severity":"High", "spl":"2024-03-01", "types":["DoS"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["65211060261828833982426088633530397028", "238894602674934805619115338734031989307", "29574861180385915176436656229143718979", "80620420539153281467642149250382596135", "194584805148112031443557872127571747219", "168105433164273375437248142075042882012", "45524459603460074279939142182127796987", "264512530940727082166956193672107479699", "327537069119556785895055391458434478396", "221120199256616433925151684985585868739", "293333844477775633444087229211061498875"], "threshold":0.9}, "id":"ASB-A-311687929-0e2d5514", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/24202a9b15c17739f211ede23d2afbd3be59365b", "target":{"file":"services/core/java/com/android/server/pm/UserManagerService.java"}}, {"deprecated":false, "digest":{"line_hashes":["235102504959757521096952681277335866608", "336760266520649835342789760058996085469", "82470238230925790419606155822968792438", "89359336859412881606241483548958850083", "164863303718138063880858923984581631331", "6081852501114552576838151671877715185", "251844991781972327567458885519887217512", "190441250569056815069142804069736381202", "37143557803921786274096379219831080556", "146042621193807863179285093032325274459", "216031854196377854925093077638599842473", "49292425578082718822975136603907708669", "138291294384737863164037881556251427491", "199495451461933085453596952308156317390", "166612743582357483126522827074581201704", "89101320797881662871061284214596871097", "151863400372015416106266812704720651468", "226066932435087505899090168557240079118", "270169537616256338371475948843134465494", "159877161427683609565989270421414472172", "28574739297644802325031973665129311160", "118982179735971229890826333694905184658"], "threshold":0.9}, "id":"ASB-A-311687929-1a3e07e7", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/5394ddbee5dd88a35e2a9a8508dc260395895ac1", "target":{"file":"services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyEngine.java"}}, {"deprecated":false, "digest":{"function_hash":"283613867898690513397758936246684014030", "length":5200}, "id":"ASB-A-311687929-57972569", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/739281096aba494151f8c953f2d63ec9fd4c7e87", "target":{"file":"services/core/java/com/android/server/pm/UserManagerService.java", "function":"readUserLP"}}, {"deprecated":false, "digest":{"line_hashes":["106396370369905837383895976081020023534", "219355971740771445643251271690300946156", "158612721900111371941643864959414449485", "68412815873952271161609618833314641602", "30044413331846810467463388122509163083", "238167620621597300959673397537343932275", "323107737279979551362930456990170127619", "225304577693045770402230206841406786111", "143806220849659630328226663187453244804", "319037224060465236927722596033162889110", "303698084486245297981947860362631988775", "329263212149775338373221545074744492329", "279025990544969428391408486671334548568", "295973225337534630572795692243236418593", "83971349660250164938715935868696487184", "308572593811597954536140124558407428924", "21899589726048629351848651622467777886", "127713346647392087720218700847749300801", "211767298997545656292926886431909335778", "168301571648229572140302374126598605759", "480448098223708534916180416168454999", "111710742409733671282030554442341297007", "108927271266268172692702082469178003232", "319540614483045843519909444441601946144", "213624254060315534054570667944504493902", "118153859518566344185141745559861193090"], "threshold":0.9}, "id":"ASB-A-311687929-7649af1b", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/739281096aba494151f8c953f2d63ec9fd4c7e87", "target":{"file":"services/core/java/com/android/server/pm/UserManagerService.java"}}, {"deprecated":false, "digest":{"function_hash":"215100365954108758035257023445290055101", "length":1124}, "id":"ASB-A-311687929-a7c1558a", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/5394ddbee5dd88a35e2a9a8508dc260395895ac1", "target":{"file":"services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyEngine.java", "function":"setGlobalPolicy"}}, {"deprecated":false, "digest":{"function_hash":"91214321479560848432219854224299468213", "length":496}, "id":"ASB-A-311687929-b04c1652", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/5394ddbee5dd88a35e2a9a8508dc260395895ac1", "target":{"file":"services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyEngine.java", "function":"removeGlobalPolicy"}}, {"deprecated":false, "digest":{"function_hash":"34704467215268911615335933078684820801", "length":2028}, "id":"ASB-A-311687929-b855e28d", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/739281096aba494151f8c953f2d63ec9fd4c7e87", "target":{"file":"services/core/java/com/android/server/pm/UserManagerService.java", "function":"readUserListLP"}}, {"deprecated":false, "digest":{"function_hash":"158918564004045502273684293620511102669", "length":482}, "id":"ASB-A-311687929-c19d2bd4", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/739281096aba494151f8c953f2d63ec9fd4c7e87", "target":{"file":"services/core/java/com/android/server/pm/UserManagerService.java", "function":"readUserLP"}}, {"deprecated":false, "digest":{"function_hash":"144548358230426864873260022106430419425", "length":3635}, "id":"ASB-A-311687929-c6e724b3", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/24202a9b15c17739f211ede23d2afbd3be59365b", "target":{"file":"services/core/java/com/android/server/pm/UserManagerService.java", "function":"writeUserLP"}}, {"deprecated":false, "digest":{"function_hash":"338201434678511786817700291787499627550", "length":1154}, "id":"ASB-A-311687929-c753e8e8", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/5394ddbee5dd88a35e2a9a8508dc260395895ac1", "target":{"file":"services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyEngine.java", "function":"setLocalPolicy"}}, {"deprecated":false, "digest":{"function_hash":"122209268350348402820808765777810549135", "length":798}, "id":"ASB-A-311687929-cc456709", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/5394ddbee5dd88a35e2a9a8508dc260395895ac1", "target":{"file":"services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyEngine.java", "function":"removeLocalPolicy"}}]}}, {"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"14:0"}, {"fixed":"14:2024-03-01"}]}], "versions":["14"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/c747c3fd1a0111eb699b950e645080470f0cead8", "https://android.googlesource.com/platform/frameworks/base/+/f0d456b03b40c1ef5da728e365fecb70ee835fb8", "https://android.googlesource.com/platform/frameworks/base/+/5394ddbee5dd88a35e2a9a8508dc260395895ac1"], "severity":"High", "spl":"2024-03-01", "types":["DoS"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"164913767687320501995212370440097774852", "length":3674}, "id":"ASB-A-311687929-138c6306", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/c747c3fd1a0111eb699b950e645080470f0cead8", "target":{"file":"services/core/java/com/android/server/pm/UserManagerService.java", "function":"writeUserLP"}}, {"deprecated":false, "digest":{"line_hashes":["106396370369905837383895976081020023534", "219355971740771445643251271690300946156", "158612721900111371941643864959414449485", "68412815873952271161609618833314641602", "30044413331846810467463388122509163083", "238167620621597300959673397537343932275", "323107737279979551362930456990170127619", "225304577693045770402230206841406786111", "143806220849659630328226663187453244804", "319037224060465236927722596033162889110", "303698084486245297981947860362631988775", "329263212149775338373221545074744492329", "279025990544969428391408486671334548568", "295973225337534630572795692243236418593", "83971349660250164938715935868696487184", "308572593811597954536140124558407428924", "21899589726048629351848651622467777886", "127713346647392087720218700847749300801", "211767298997545656292926886431909335778", "168301571648229572140302374126598605759", "480448098223708534916180416168454999", "111710742409733671282030554442341297007", "108927271266268172692702082469178003232", "319540614483045843519909444441601946144", "213624254060315534054570667944504493902", "118153859518566344185141745559861193090"], "threshold":0.9}, "id":"ASB-A-311687929-1d4e7ef4", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/f0d456b03b40c1ef5da728e365fecb70ee835fb8", "target":{"file":"services/core/java/com/android/server/pm/UserManagerService.java"}}, {"deprecated":false, "digest":{"function_hash":"122209268350348402820808765777810549135", "length":798}, "id":"ASB-A-311687929-331c15ed", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/5394ddbee5dd88a35e2a9a8508dc260395895ac1", "target":{"file":"services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyEngine.java", "function":"removeLocalPolicy"}}, {"deprecated":false, "digest":{"function_hash":"215100365954108758035257023445290055101", "length":1124}, "id":"ASB-A-311687929-6126dfcb", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/5394ddbee5dd88a35e2a9a8508dc260395895ac1", "target":{"file":"services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyEngine.java", "function":"setGlobalPolicy"}}, {"deprecated":false, "digest":{"line_hashes":["235102504959757521096952681277335866608", "336760266520649835342789760058996085469", "82470238230925790419606155822968792438", "89359336859412881606241483548958850083", "164863303718138063880858923984581631331", "6081852501114552576838151671877715185", "251844991781972327567458885519887217512", "190441250569056815069142804069736381202", "37143557803921786274096379219831080556", "146042621193807863179285093032325274459", "216031854196377854925093077638599842473", "49292425578082718822975136603907708669", "138291294384737863164037881556251427491", "199495451461933085453596952308156317390", "166612743582357483126522827074581201704", "89101320797881662871061284214596871097", "151863400372015416106266812704720651468", "226066932435087505899090168557240079118", "270169537616256338371475948843134465494", "159877161427683609565989270421414472172", "28574739297644802325031973665129311160", "118982179735971229890826333694905184658"], "threshold":0.9}, "id":"ASB-A-311687929-76849992", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/5394ddbee5dd88a35e2a9a8508dc260395895ac1", "target":{"file":"services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyEngine.java"}}, {"deprecated":false, "digest":{"function_hash":"34704467215268911615335933078684820801", "length":2028}, "id":"ASB-A-311687929-9c4237e0", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/f0d456b03b40c1ef5da728e365fecb70ee835fb8", "target":{"file":"services/core/java/com/android/server/pm/UserManagerService.java", "function":"readUserListLP"}}, {"deprecated":false, "digest":{"function_hash":"338201434678511786817700291787499627550", "length":1154}, "id":"ASB-A-311687929-b4562b84", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/5394ddbee5dd88a35e2a9a8508dc260395895ac1", "target":{"file":"services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyEngine.java", "function":"setLocalPolicy"}}, {"deprecated":false, "digest":{"line_hashes":["65211060261828833982426088633530397028", "238894602674934805619115338734031989307", "29574861180385915176436656229143718979", "80620420539153281467642149250382596135", "194584805148112031443557872127571747219", "168105433164273375437248142075042882012", "45524459603460074279939142182127796987", "264512530940727082166956193672107479699", "327537069119556785895055391458434478396", "221120199256616433925151684985585868739", "293333844477775633444087229211061498875"], "threshold":0.9}, "id":"ASB-A-311687929-b777b171", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/c747c3fd1a0111eb699b950e645080470f0cead8", "target":{"file":"services/core/java/com/android/server/pm/UserManagerService.java"}}, {"deprecated":false, "digest":{"function_hash":"158918564004045502273684293620511102669", "length":482}, "id":"ASB-A-311687929-e9d49703", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/f0d456b03b40c1ef5da728e365fecb70ee835fb8", "target":{"file":"services/core/java/com/android/server/pm/UserManagerService.java", "function":"readUserLP"}}, {"deprecated":false, "digest":{"function_hash":"283613867898690513397758936246684014030", "length":5200}, "id":"ASB-A-311687929-eb3bafa0", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/f0d456b03b40c1ef5da728e365fecb70ee835fb8", "target":{"file":"services/core/java/com/android/server/pm/UserManagerService.java", "function":"readUserLP"}}, {"deprecated":false, "digest":{"function_hash":"91214321479560848432219854224299468213", "length":496}, "id":"ASB-A-311687929-ecb04bff", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/5394ddbee5dd88a35e2a9a8508dc260395895ac1", "target":{"file":"services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyEngine.java", "function":"removeGlobalPolicy"}}]}}], "references":[{"type":"ADVISORY", "url":"https://source.android.com/security/bulletin/2024-03-01"}, {"type":"FIX", "url":"https://android.googlesource.com/platform/frameworks/base/+/3cd8a2c783fc736627b38f639fe4e239abcf6af1"}, {"type":"FIX", "url":"https://android.googlesource.com/platform/frameworks/base/+/bd5cc7f03256b328438b9bc3791c6b811a2f1f17"}, {"type":"FIX", "url":"https://android.googlesource.com/platform/frameworks/base/+/f516739398746fef7e0cf1437d9a40e2ad3c10bb"}]}