{"id":"ASB-A-324874908", "published":"2024-06-01T00:00:00Z", "modified":"2026-04-30T15:48:46.890647439Z", "aliases":["CVE-2024-31310", "A-324874908"], "details":"In newServiceInfoLocked of AutofillManagerServiceImpl.java, there is a possible way to hide an enabled Autofill service app in the Autofill service settings due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.", "affected":[{"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"14-next:0"}, {"fixed":"14-next:2024-06-01"}]}], "versions":["14-next"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/141d9d050346bfc4673c429382deb1b3d210f6ad"], "severity":"High", "spl":"2024-06-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["266687007078773633628801893029792587778", "17748616579755402373305053763156228580", "97101460930703628966081117147039379747", "177704657422063504072473890944745426525", "113850343220447880986053204083409662499", "191112609644323480649253032580598075979", "334755680910090740405092702751712555205", "184741865803222227892282205831977094108", "260322947726804986031064511433034328502", "303876591989960407642800729139816511644"], "threshold":0.9}, "id":"ASB-A-324874908-a1c0aca4", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/141d9d050346bfc4673c429382deb1b3d210f6ad", "target":{"file":"services/autofill/java/com/android/server/autofill/AutofillManagerServiceImpl.java"}}, {"deprecated":false, "digest":{"function_hash":"319610878173617388710385802460449109384", "length":161}, "id":"ASB-A-324874908-dd5bf873", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/141d9d050346bfc4673c429382deb1b3d210f6ad", "target":{"file":"services/autofill/java/com/android/server/autofill/AutofillManagerServiceImpl.java", "function":"newServiceInfoLocked"}}]}}, {"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"12:0"}, {"fixed":"12:2024-06-01"}]}], "versions":["12"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/51d64705ab70788a536c26d4df5e63f0952ec98f"], "severity":"High", "spl":"2024-06-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["266687007078773633628801893029792587778", "17748616579755402373305053763156228580", "97101460930703628966081117147039379747", "177704657422063504072473890944745426525", "113850343220447880986053204083409662499", "191112609644323480649253032580598075979", "334755680910090740405092702751712555205", "184741865803222227892282205831977094108", "260322947726804986031064511433034328502", "303876591989960407642800729139816511644"], "threshold":0.9}, "id":"ASB-A-324874908-0d27fa29", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/51d64705ab70788a536c26d4df5e63f0952ec98f", "target":{"file":"services/autofill/java/com/android/server/autofill/AutofillManagerServiceImpl.java"}}, {"deprecated":false, "digest":{"function_hash":"319610878173617388710385802460449109384", "length":161}, "id":"ASB-A-324874908-b14420f3", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/51d64705ab70788a536c26d4df5e63f0952ec98f", "target":{"file":"services/autofill/java/com/android/server/autofill/AutofillManagerServiceImpl.java", "function":"newServiceInfoLocked"}}]}}, {"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"12L:0"}, {"fixed":"12L:2024-06-01"}]}], "versions":["12L"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/bedc0ff2bfa8c5faf336ba5e87d80b3a85fde53d"], "severity":"High", "spl":"2024-06-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"319610878173617388710385802460449109384", "length":161}, "id":"ASB-A-324874908-4f40b825", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/bedc0ff2bfa8c5faf336ba5e87d80b3a85fde53d", "target":{"file":"services/autofill/java/com/android/server/autofill/AutofillManagerServiceImpl.java", "function":"newServiceInfoLocked"}}, {"deprecated":false, "digest":{"line_hashes":["266687007078773633628801893029792587778", "17748616579755402373305053763156228580", "97101460930703628966081117147039379747", "177704657422063504072473890944745426525", "113850343220447880986053204083409662499", "191112609644323480649253032580598075979", "334755680910090740405092702751712555205", "184741865803222227892282205831977094108", "260322947726804986031064511433034328502", "303876591989960407642800729139816511644"], "threshold":0.9}, "id":"ASB-A-324874908-ff1021a9", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/bedc0ff2bfa8c5faf336ba5e87d80b3a85fde53d", "target":{"file":"services/autofill/java/com/android/server/autofill/AutofillManagerServiceImpl.java"}}]}}, {"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"13:0"}, {"fixed":"13:2024-06-01"}]}], "versions":["13"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/ee20adb4b4b2065e040167a4354c4fabaf06e35d"], "severity":"High", "spl":"2024-06-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["266687007078773633628801893029792587778", "17748616579755402373305053763156228580", "97101460930703628966081117147039379747", "177704657422063504072473890944745426525", "113850343220447880986053204083409662499", "191112609644323480649253032580598075979", "334755680910090740405092702751712555205", "184741865803222227892282205831977094108", "260322947726804986031064511433034328502", "303876591989960407642800729139816511644"], "threshold":0.9}, "id":"ASB-A-324874908-6dab492e", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/ee20adb4b4b2065e040167a4354c4fabaf06e35d", "target":{"file":"services/autofill/java/com/android/server/autofill/AutofillManagerServiceImpl.java"}}, {"deprecated":false, "digest":{"function_hash":"319610878173617388710385802460449109384", "length":161}, "id":"ASB-A-324874908-c3f132b9", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/ee20adb4b4b2065e040167a4354c4fabaf06e35d", "target":{"file":"services/autofill/java/com/android/server/autofill/AutofillManagerServiceImpl.java", "function":"newServiceInfoLocked"}}]}}, {"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"14:0"}, {"fixed":"14:2024-06-01"}]}], "versions":["14"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/e8a448f855ef6ba9ae4b655e6824631f8023c0a0"], "severity":"High", "spl":"2024-06-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"319610878173617388710385802460449109384", "length":161}, "id":"ASB-A-324874908-a2bd383e", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/e8a448f855ef6ba9ae4b655e6824631f8023c0a0", "target":{"file":"services/autofill/java/com/android/server/autofill/AutofillManagerServiceImpl.java", "function":"newServiceInfoLocked"}}, {"deprecated":false, "digest":{"line_hashes":["266687007078773633628801893029792587778", "17748616579755402373305053763156228580", "97101460930703628966081117147039379747", "177704657422063504072473890944745426525", "113850343220447880986053204083409662499", "191112609644323480649253032580598075979", "334755680910090740405092702751712555205", "184741865803222227892282205831977094108", "260322947726804986031064511433034328502", "303876591989960407642800729139816511644"], "threshold":0.9}, "id":"ASB-A-324874908-d987fbe8", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/e8a448f855ef6ba9ae4b655e6824631f8023c0a0", "target":{"file":"services/autofill/java/com/android/server/autofill/AutofillManagerServiceImpl.java"}}]}}], "references":[{"type":"ADVISORY", "url":"https://source.android.com/security/bulletin/2024-06-01"}, {"type":"FIX", "url":"https://android.googlesource.com/platform/frameworks/base/+/74afbb05ca08738f66d82df867bbee66de4884bc"}]}