{"id":"ASB-A-247513680","details":"In saveToXml of PersistableBundle.java, invalid data could lead to local persistent denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-247513680","CVE-2023-40074"],"modified":"2026-05-22T15:55:21.353668239Z","published":"2023-12-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2023-12-01"},{"type":"FIX","url":"https://android.googlesource.com/platform/frameworks/base/+/40e4ea759743737958dde018f3606d778f7a53f3"}],"affected":[{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"14-next:0"},{"fixed":"14-next:2023-12-01"}]}],"versions":["14-next"],"ecosystem_specific":{"severity":"High","vanir_signatures":[{"deprecated":false,"digest":{"length":518,"function_hash":"267512008066296561381844851244402387960"},"target":{"file":"core/java/android/os/PersistableBundle.java","function":"restoreFromXml"},"id":"ASB-A-247513680-37dc9313","source":"https://android.googlesource.com/platform/frameworks/base/+/666e8ac60a31e2cc52b335b41004263f28a8db06","signature_version":"v1","signature_type":"Function"},{"deprecated":false,"source":"https://android.googlesource.com/platform/frameworks/base/+/666e8ac60a31e2cc52b335b41004263f28a8db06","id":"ASB-A-247513680-3de13f98","target":{"file":"core/java/android/os/PersistableBundle.java"},"signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["335282400676909007198189579806973875376","313377180876029932701584323606454940357","49191771678504042421229072001716217387","165082012955934931444442691103829076722","171373983533471173072069470468802170121","89587191701922574269508442052068704054","288904276873894485354625582485196650723","268719844208791716186478239131942756537","160397782022123331563978249287854259354","208040751545726698537702071492358863495","228715143219874404794202316155364547919","180923771756476266762609236708114620932","103305832906002570009287622783201884120","99179444259475409224612380988953210066","220077003364349656641780221081718589986","111020136450179190085524194418929860278","37623338316805869855736835862729954311","281430182595358735871103833204118439695","111037008887075559029110783837851953036","50621477271003086277085850527081432043","205321669719855700167826044676474010200","204236554134973708632948214781412074219","220396214190152476469760552190838946152","154017994443169601757563704908388295362","129788909839540923603409831840819246781","219174354950100910028049065839540247722","112312775038100873395006501184461229102","146097743238151581622320555042919676748","232390452770801584865268269564417120752","128353176315902470959297590780278342677","309087419376314231084662827774097264074","129019045967058005927470823990242790827","218783291187605193282463437346025671148","143449464993321812397091481521843397753","104657244465174978547602034516785375163","12423699834451907165888158585440478944","174659271940342464576097676426084565447"]},"signature_type":"Line"},{"signature_version":"v1","digest":{"length":545,"function_hash":"5492349018398459536682394294984597411"},"target":{"file":"core/java/android/os/PersistableBundle.java","function":"PersistableBundle"},"id":"ASB-A-247513680-850e31da","deprecated":false,"source":"https://android.googlesource.com/platform/frameworks/base/+/666e8ac60a31e2cc52b335b41004263f28a8db06","signature_type":"Function"},{"signature_version":"v1","digest":{"length":139,"function_hash":"107238124957364775536419459039214913128"},"target":{"file":"core/java/android/os/PersistableBundle.java","function":"saveToXml"},"id":"ASB-A-247513680-c31bdeb8","deprecated":false,"source":"https://android.googlesource.com/platform/frameworks/base/+/666e8ac60a31e2cc52b335b41004263f28a8db06","signature_type":"Function"},{"signature_version":"v1","digest":{"length":60,"function_hash":"101494772296260205954621633415969316634"},"target":{"file":"core/java/android/os/PersistableBundle.java","function":"PersistableBundle"},"id":"ASB-A-247513680-fbe8ad83","deprecated":false,"source":"https://android.googlesource.com/platform/frameworks/base/+/666e8ac60a31e2cc52b335b41004263f28a8db06","signature_type":"Function"}],"fixes":["https://android.googlesource.com/platform/frameworks/base/+/666e8ac60a31e2cc52b335b41004263f28a8db06"],"types":["DoS"],"spl":"2023-12-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-247513680.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"11:0"},{"fixed":"11:2023-12-01"}]}],"versions":["11"],"ecosystem_specific":{"severity":"High","vanir_signatures":[{"signature_version":"v1","source":"https://android.googlesource.com/platform/frameworks/base/+/62b37ab21ce27746a79a2071deee98c61b23c8d9","id":"ASB-A-247513680-6b03b165","target":{"file":"core/java/android/os/PersistableBundle.java","function":"saveToXml"},"digest":{"length":139,"function_hash":"107238124957364775536419459039214913128"},"deprecated":false,"signature_type":"Function"},{"deprecated":false,"digest":{"length":486,"function_hash":"149976608711873720900248940724378527337"},"target":{"file":"core/java/android/os/PersistableBundle.java","function":"restoreFromXml"},"id":"ASB-A-247513680-7a89c5f7","source":"https://android.googlesource.com/platform/frameworks/base/+/62b37ab21ce27746a79a2071deee98c61b23c8d9","signature_version":"v1","signature_type":"Function"},{"deprecated":false,"digest":{"line_hashes":["335282400676909007198189579806973875376","183074791463621510251053893792051150043","281012209318440983864959249841651473841","77465122452324125269547007365397237843","136874095998427669504962480366026252415","89587191701922574269508442052068704054","288904276873894485354625582485196650723","268719844208791716186478239131942756537","253583698187098684673806160791370126322","62186405358253308561293668607755559037","61753658436234318814018966694921470724","181054039962255261217069956404629018046","103305832906002570009287622783201884120","99179444259475409224612380988953210066","220077003364349656641780221081718589986","111020136450179190085524194418929860278","37623338316805869855736835862729954311","281430182595358735871103833204118439695","111037008887075559029110783837851953036","50621477271003086277085850527081432043","205321669719855700167826044676474010200","204236554134973708632948214781412074219","220396214190152476469760552190838946152","154017994443169601757563704908388295362","129788909839540923603409831840819246781","219174354950100910028049065839540247722","26896269911528299561823314168180224845","7437941762935893097458351938847521780","858429665523929065726667318766246280","128353176315902470959297590780278342677","309087419376314231084662827774097264074","129019045967058005927470823990242790827","218783291187605193282463437346025671148","143449464993321812397091481521843397753","104657244465174978547602034516785375163","12423699834451907165888158585440478944","269858155423756344676264057247744951319"],"threshold":0.9},"id":"ASB-A-247513680-b4161e9f","target":{"file":"core/java/android/os/PersistableBundle.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/62b37ab21ce27746a79a2071deee98c61b23c8d9","signature_version":"v1","signature_type":"Line"},{"deprecated":false,"digest":{"length":545,"function_hash":"5492349018398459536682394294984597411"},"target":{"file":"core/java/android/os/PersistableBundle.java","function":"PersistableBundle"},"id":"ASB-A-247513680-da80ca79","source":"https://android.googlesource.com/platform/frameworks/base/+/62b37ab21ce27746a79a2071deee98c61b23c8d9","signature_version":"v1","signature_type":"Function"},{"deprecated":false,"digest":{"length":60,"function_hash":"101494772296260205954621633415969316634"},"id":"ASB-A-247513680-fd0274a3","target":{"file":"core/java/android/os/PersistableBundle.java","function":"PersistableBundle"},"source":"https://android.googlesource.com/platform/frameworks/base/+/62b37ab21ce27746a79a2071deee98c61b23c8d9","signature_version":"v1","signature_type":"Function"}],"spl":"2023-12-01","types":["DoS"],"fixes":["https://android.googlesource.com/platform/frameworks/base/+/62b37ab21ce27746a79a2071deee98c61b23c8d9"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-247513680.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12:0"},{"fixed":"12:2023-12-01"}]}],"versions":["12"],"ecosystem_specific":{"severity":"High","vanir_signatures":[{"deprecated":false,"source":"https://android.googlesource.com/platform/frameworks/base/+/0e0819c9d6a957e56764c89e68542bb51bdb7db4","id":"ASB-A-247513680-1d4cd093","target":{"file":"core/java/android/os/PersistableBundle.java"},"signature_version":"v1","digest":{"line_hashes":["335282400676909007198189579806973875376","313377180876029932701584323606454940357","49191771678504042421229072001716217387","165082012955934931444442691103829076722","136874095998427669504962480366026252415","89587191701922574269508442052068704054","288904276873894485354625582485196650723","268719844208791716186478239131942756537","253583698187098684673806160791370126322","62186405358253308561293668607755559037","61753658436234318814018966694921470724","181054039962255261217069956404629018046","103305832906002570009287622783201884120","99179444259475409224612380988953210066","220077003364349656641780221081718589986","111020136450179190085524194418929860278","37623338316805869855736835862729954311","281430182595358735871103833204118439695","111037008887075559029110783837851953036","50621477271003086277085850527081432043","205321669719855700167826044676474010200","204236554134973708632948214781412074219","220396214190152476469760552190838946152","154017994443169601757563704908388295362","129788909839540923603409831840819246781","219174354950100910028049065839540247722","112312775038100873395006501184461229102","146097743238151581622320555042919676748","232390452770801584865268269564417120752","128353176315902470959297590780278342677","309087419376314231084662827774097264074","129019045967058005927470823990242790827","218783291187605193282463437346025671148","143449464993321812397091481521843397753","104657244465174978547602034516785375163","12423699834451907165888158585440478944","269858155423756344676264057247744951319"],"threshold":0.9},"signature_type":"Line"},{"signature_version":"v1","source":"https://android.googlesource.com/platform/frameworks/base/+/0e0819c9d6a957e56764c89e68542bb51bdb7db4","target":{"file":"core/java/android/os/PersistableBundle.java","function":"restoreFromXml"},"id":"ASB-A-247513680-93f216a6","digest":{"length":510,"function_hash":"232420018912174287506438556098705718188"},"deprecated":false,"signature_type":"Function"},{"signature_version":"v1","source":"https://android.googlesource.com/platform/frameworks/base/+/0e0819c9d6a957e56764c89e68542bb51bdb7db4","id":"ASB-A-247513680-984ae0e7","target":{"file":"core/java/android/os/PersistableBundle.java","function":"PersistableBundle"},"deprecated":false,"digest":{"length":60,"function_hash":"101494772296260205954621633415969316634"},"signature_type":"Function"},{"deprecated":false,"digest":{"length":139,"function_hash":"107238124957364775536419459039214913128"},"target":{"file":"core/java/android/os/PersistableBundle.java","function":"saveToXml"},"id":"ASB-A-247513680-ed17d3d3","source":"https://android.googlesource.com/platform/frameworks/base/+/0e0819c9d6a957e56764c89e68542bb51bdb7db4","signature_version":"v1","signature_type":"Function"},{"deprecated":false,"digest":{"length":545,"function_hash":"5492349018398459536682394294984597411"},"id":"ASB-A-247513680-fa4cc6ca","target":{"file":"core/java/android/os/PersistableBundle.java","function":"PersistableBundle"},"source":"https://android.googlesource.com/platform/frameworks/base/+/0e0819c9d6a957e56764c89e68542bb51bdb7db4","signature_version":"v1","signature_type":"Function"}],"spl":"2023-12-01","types":["DoS"],"fixes":["https://android.googlesource.com/platform/frameworks/base/+/0e0819c9d6a957e56764c89e68542bb51bdb7db4"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-247513680.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12L:0"},{"fixed":"12L:2023-12-01"}]}],"versions":["12L"],"ecosystem_specific":{"severity":"High","vanir_signatures":[{"signature_version":"v1","source":"https://android.googlesource.com/platform/frameworks/base/+/a495a282660940657ed20670c35c6d83fa1de054","id":"ASB-A-247513680-1ef80cfb","target":{"file":"core/java/android/os/PersistableBundle.java","function":"PersistableBundle"},"digest":{"length":545,"function_hash":"5492349018398459536682394294984597411"},"deprecated":false,"signature_type":"Function"},{"deprecated":false,"source":"https://android.googlesource.com/platform/frameworks/base/+/a495a282660940657ed20670c35c6d83fa1de054","id":"ASB-A-247513680-468b8e6e","target":{"file":"core/java/android/os/PersistableBundle.java","function":"restoreFromXml"},"signature_version":"v1","digest":{"length":510,"function_hash":"232420018912174287506438556098705718188"},"signature_type":"Function"},{"deprecated":false,"digest":{"length":60,"function_hash":"101494772296260205954621633415969316634"},"target":{"file":"core/java/android/os/PersistableBundle.java","function":"PersistableBundle"},"id":"ASB-A-247513680-78a0893a","source":"https://android.googlesource.com/platform/frameworks/base/+/a495a282660940657ed20670c35c6d83fa1de054","signature_version":"v1","signature_type":"Function"},{"deprecated":false,"source":"https://android.googlesource.com/platform/frameworks/base/+/a495a282660940657ed20670c35c6d83fa1de054","id":"ASB-A-247513680-94d1bc9c","target":{"file":"core/java/android/os/PersistableBundle.java"},"signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["335282400676909007198189579806973875376","313377180876029932701584323606454940357","49191771678504042421229072001716217387","165082012955934931444442691103829076722","136874095998427669504962480366026252415","89587191701922574269508442052068704054","288904276873894485354625582485196650723","268719844208791716186478239131942756537","253583698187098684673806160791370126322","62186405358253308561293668607755559037","61753658436234318814018966694921470724","181054039962255261217069956404629018046","103305832906002570009287622783201884120","99179444259475409224612380988953210066","220077003364349656641780221081718589986","111020136450179190085524194418929860278","37623338316805869855736835862729954311","281430182595358735871103833204118439695","111037008887075559029110783837851953036","50621477271003086277085850527081432043","205321669719855700167826044676474010200","204236554134973708632948214781412074219","220396214190152476469760552190838946152","154017994443169601757563704908388295362","129788909839540923603409831840819246781","219174354950100910028049065839540247722","112312775038100873395006501184461229102","146097743238151581622320555042919676748","232390452770801584865268269564417120752","128353176315902470959297590780278342677","309087419376314231084662827774097264074","129019045967058005927470823990242790827","218783291187605193282463437346025671148","143449464993321812397091481521843397753","104657244465174978547602034516785375163","12423699834451907165888158585440478944","269858155423756344676264057247744951319"]},"signature_type":"Line"},{"deprecated":false,"source":"https://android.googlesource.com/platform/frameworks/base/+/a495a282660940657ed20670c35c6d83fa1de054","id":"ASB-A-247513680-a9d825f2","target":{"file":"core/java/android/os/PersistableBundle.java","function":"saveToXml"},"signature_version":"v1","digest":{"length":139,"function_hash":"107238124957364775536419459039214913128"},"signature_type":"Function"}],"fixes":["https://android.googlesource.com/platform/frameworks/base/+/a495a282660940657ed20670c35c6d83fa1de054"],"types":["DoS"],"spl":"2023-12-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-247513680.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"13:0"},{"fixed":"13:2023-12-01"}]}],"versions":["13"],"ecosystem_specific":{"severity":"High","vanir_signatures":[{"signature_version":"v1","source":"https://android.googlesource.com/platform/frameworks/base/+/3c5aa21b4df54c0c0fcbcf00d1b62fa771022146","id":"ASB-A-247513680-31855e96","target":{"file":"core/java/android/os/PersistableBundle.java","function":"PersistableBundle"},"deprecated":false,"digest":{"length":545,"function_hash":"5492349018398459536682394294984597411"},"signature_type":"Function"},{"deprecated":false,"digest":{"threshold":0.9,"line_hashes":["335282400676909007198189579806973875376","313377180876029932701584323606454940357","49191771678504042421229072001716217387","165082012955934931444442691103829076722","171373983533471173072069470468802170121","89587191701922574269508442052068704054","288904276873894485354625582485196650723","268719844208791716186478239131942756537","160397782022123331563978249287854259354","208040751545726698537702071492358863495","228715143219874404794202316155364547919","180923771756476266762609236708114620932","103305832906002570009287622783201884120","99179444259475409224612380988953210066","220077003364349656641780221081718589986","111020136450179190085524194418929860278","37623338316805869855736835862729954311","281430182595358735871103833204118439695","111037008887075559029110783837851953036","50621477271003086277085850527081432043","205321669719855700167826044676474010200","204236554134973708632948214781412074219","220396214190152476469760552190838946152","154017994443169601757563704908388295362","129788909839540923603409831840819246781","219174354950100910028049065839540247722","112312775038100873395006501184461229102","146097743238151581622320555042919676748","232390452770801584865268269564417120752","128353176315902470959297590780278342677","309087419376314231084662827774097264074","129019045967058005927470823990242790827","218783291187605193282463437346025671148","143449464993321812397091481521843397753","104657244465174978547602034516785375163","12423699834451907165888158585440478944","174659271940342464576097676426084565447"]},"target":{"file":"core/java/android/os/PersistableBundle.java"},"id":"ASB-A-247513680-78ac622d","source":"https://android.googlesource.com/platform/frameworks/base/+/3c5aa21b4df54c0c0fcbcf00d1b62fa771022146","signature_version":"v1","signature_type":"Line"},{"deprecated":false,"source":"https://android.googlesource.com/platform/frameworks/base/+/3c5aa21b4df54c0c0fcbcf00d1b62fa771022146","id":"ASB-A-247513680-ae32f362","target":{"file":"core/java/android/os/PersistableBundle.java","function":"saveToXml"},"signature_version":"v1","digest":{"length":139,"function_hash":"107238124957364775536419459039214913128"},"signature_type":"Function"},{"signature_version":"v1","source":"https://android.googlesource.com/platform/frameworks/base/+/3c5aa21b4df54c0c0fcbcf00d1b62fa771022146","id":"ASB-A-247513680-db4ee7b0","target":{"file":"core/java/android/os/PersistableBundle.java","function":"PersistableBundle"},"digest":{"length":60,"function_hash":"101494772296260205954621633415969316634"},"deprecated":false,"signature_type":"Function"},{"signature_version":"v1","digest":{"length":518,"function_hash":"267512008066296561381844851244402387960"},"target":{"file":"core/java/android/os/PersistableBundle.java","function":"restoreFromXml"},"id":"ASB-A-247513680-deaea6c9","deprecated":false,"source":"https://android.googlesource.com/platform/frameworks/base/+/3c5aa21b4df54c0c0fcbcf00d1b62fa771022146","signature_type":"Function"}],"spl":"2023-12-01","types":["DoS"],"fixes":["https://android.googlesource.com/platform/frameworks/base/+/3c5aa21b4df54c0c0fcbcf00d1b62fa771022146"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-247513680.json"}}],"schema_version":"1.7.5"}