{"id":"ASB-A-326485767", "published":"2024-06-01T00:00:00Z", "modified":"2026-04-29T15:10:00.007170452Z", "aliases":["CVE-2024-31322", "A-326485767"], "details":"In updateServicesLocked of AccessibilityManagerService.java, there is a possible way for an app to be hidden from the Setting while retaining Accessibility Service  due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.", "affected":[{"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"14-next:0"}, {"fixed":"14-next:2024-06-01"}]}], "versions":["14-next"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/74ab528e54558b5a78a9b0f32a2e3f0a61714ae5"], "severity":"High", "spl":"2024-06-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"125819437784231376011864688327948081010", "length":1936}, "id":"ASB-A-326485767-3e5d69e0", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/74ab528e54558b5a78a9b0f32a2e3f0a61714ae5", "target":{"file":"services/accessibility/java/com/android/server/accessibility/AccessibilityManagerService.java", "function":"updateServicesLocked"}}, {"deprecated":false, "digest":{"line_hashes":["203559070635639168501251831115072699849", "110995883530772940642188919209479069590", "79433123240605589203927884978662908669", "17282063580431758823195469718657335965", "29241121102181293544482375847729051410", "32916341052150067112772034552314723220", "83684619035523255534892517589474714090", "241844383312430506646807325760702564423", "146927061287855307579181888815117374125", "32016434898657174529706919366923317883", "71083680968358107861588739952857861883"], "threshold":0.9}, "id":"ASB-A-326485767-f6e72910", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/74ab528e54558b5a78a9b0f32a2e3f0a61714ae5", "target":{"file":"services/accessibility/java/com/android/server/accessibility/AccessibilityManagerService.java"}}]}}, {"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"12:0"}, {"fixed":"12:2024-06-01"}]}], "versions":["12"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/5405514a23edcba0cf30e6ec78189e3f4e7d95cf"], "severity":"High", "spl":"2024-06-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["16351716779938417858222206942405565388", "318233294777691992028525546815303117132", "69102399445628845693840405755057925358", "17282063580431758823195469718657335965", "29241121102181293544482375847729051410", "32916341052150067112772034552314723220", "83684619035523255534892517589474714090", "241844383312430506646807325760702564423", "146927061287855307579181888815117374125", "32016434898657174529706919366923317883", "128209730887649040410085733263337595484"], "threshold":0.9}, "id":"ASB-A-326485767-42808d95", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/5405514a23edcba0cf30e6ec78189e3f4e7d95cf", "target":{"file":"services/accessibility/java/com/android/server/accessibility/AccessibilityManagerService.java"}}, {"deprecated":false, "digest":{"function_hash":"237481197364134205644156268512456040514", "length":1702}, "id":"ASB-A-326485767-94947aaf", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/5405514a23edcba0cf30e6ec78189e3f4e7d95cf", "target":{"file":"services/accessibility/java/com/android/server/accessibility/AccessibilityManagerService.java", "function":"updateServicesLocked"}}]}}, {"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"12L:0"}, {"fixed":"12L:2024-06-01"}]}], "versions":["12L"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/412427d7a8c99fd0470483a5a20b50ba8642a1db"], "severity":"High", "spl":"2024-06-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["16351716779938417858222206942405565388", "318233294777691992028525546815303117132", "69102399445628845693840405755057925358", "17282063580431758823195469718657335965", "29241121102181293544482375847729051410", "32916341052150067112772034552314723220", "83684619035523255534892517589474714090", "241844383312430506646807325760702564423", "146927061287855307579181888815117374125", "32016434898657174529706919366923317883", "128209730887649040410085733263337595484"], "threshold":0.9}, "id":"ASB-A-326485767-37a1a064", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/412427d7a8c99fd0470483a5a20b50ba8642a1db", "target":{"file":"services/accessibility/java/com/android/server/accessibility/AccessibilityManagerService.java"}}, {"deprecated":false, "digest":{"function_hash":"237481197364134205644156268512456040514", "length":1702}, "id":"ASB-A-326485767-92640f7b", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/412427d7a8c99fd0470483a5a20b50ba8642a1db", "target":{"file":"services/accessibility/java/com/android/server/accessibility/AccessibilityManagerService.java", "function":"updateServicesLocked"}}]}}, {"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"13:0"}, {"fixed":"13:2024-06-01"}]}], "versions":["13"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/766911c3312573196b33efd1c3c29ccece806846"], "severity":"High", "spl":"2024-06-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["16351716779938417858222206942405565388", "318233294777691992028525546815303117132", "69102399445628845693840405755057925358", "17282063580431758823195469718657335965", "29241121102181293544482375847729051410", "32916341052150067112772034552314723220", "83684619035523255534892517589474714090", "241844383312430506646807325760702564423", "146927061287855307579181888815117374125", "32016434898657174529706919366923317883", "128209730887649040410085733263337595484"], "threshold":0.9}, "id":"ASB-A-326485767-8a83a444", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/766911c3312573196b33efd1c3c29ccece806846", "target":{"file":"services/accessibility/java/com/android/server/accessibility/AccessibilityManagerService.java"}}, {"deprecated":false, "digest":{"function_hash":"237481197364134205644156268512456040514", "length":1702}, "id":"ASB-A-326485767-8f6d884a", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/766911c3312573196b33efd1c3c29ccece806846", "target":{"file":"services/accessibility/java/com/android/server/accessibility/AccessibilityManagerService.java", "function":"updateServicesLocked"}}]}}, {"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"14:0"}, {"fixed":"14:2024-06-01"}]}], "versions":["14"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/f6192d3a77520d40b6a93de8f45400e19f5ba29f"], "severity":"High", "spl":"2024-06-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["203559070635639168501251831115072699849", "110995883530772940642188919209479069590", "79433123240605589203927884978662908669", "17282063580431758823195469718657335965", "29241121102181293544482375847729051410", "32916341052150067112772034552314723220", "83684619035523255534892517589474714090", "241844383312430506646807325760702564423", "146927061287855307579181888815117374125", "32016434898657174529706919366923317883", "71083680968358107861588739952857861883"], "threshold":0.9}, "id":"ASB-A-326485767-adef4a9a", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/f6192d3a77520d40b6a93de8f45400e19f5ba29f", "target":{"file":"services/accessibility/java/com/android/server/accessibility/AccessibilityManagerService.java"}}, {"deprecated":false, "digest":{"function_hash":"125819437784231376011864688327948081010", "length":1936}, "id":"ASB-A-326485767-e560472a", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/f6192d3a77520d40b6a93de8f45400e19f5ba29f", "target":{"file":"services/accessibility/java/com/android/server/accessibility/AccessibilityManagerService.java", "function":"updateServicesLocked"}}]}}], "references":[{"type":"ADVISORY", "url":"https://source.android.com/security/bulletin/2024-06-01"}, {"type":"FIX", "url":"https://android.googlesource.com/platform/frameworks/base/+/c1bc907a649addd5b97d489fd39afb956164a46c"}]}