{"id":"ASB-A-261721900","details":"In scheme of Uri.java, there is a possible way to craft a malformed Uri object due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-261721900","CVE-2024-40662"],"modified":"2026-04-21T15:25:42.831358Z","published":"2024-09-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2024-09-01"},{"type":"FIX","url":"https://android.googlesource.com/platform/frameworks/base/+/e7af00cafb52a25933ec4edb80c5111d42af0237"}],"affected":[{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"15-next:0"},{"fixed":"15-next:2024-09-01"}]}],"versions":["15-next"],"ecosystem_specific":{"severity":"High","vanir_signatures":[{"source":"https://android.googlesource.com/platform/frameworks/base/+/003800764d6180cddb7202e4e46e7bd48b71d4b9","signature_version":"v1","signature_type":"Line","deprecated":false,"id":"ASB-A-261721900-8429262c","digest":{"threshold":0.9,"line_hashes":["138002153911268528554143659310083762241","297455482597830554531229895867445278578","239294018139755612860533715583550949084","55165090047528802198270063357550666438"]},"target":{"file":"core/java/android/net/Uri.java"}},{"source":"https://android.googlesource.com/platform/frameworks/base/+/737bc87e74763a073b01253cd3d9a35ccfdc0138","signature_version":"v1","signature_type":"Line","deprecated":false,"id":"ASB-A-261721900-a6e6c930","digest":{"threshold":0.9,"line_hashes":["104738803165679544444835421662763770740","282854974940796504727249461649251767358","193301029035352083894885517289582284355","189082287069262779762421083968669274300"]},"target":{"file":"core/java/android/net/Uri.java"}}],"spl":"2024-09-01","types":["EoP"],"fixes":["https://android.googlesource.com/platform/frameworks/base/+/737bc87e74763a073b01253cd3d9a35ccfdc0138","https://android.googlesource.com/platform/frameworks/base/+/003800764d6180cddb7202e4e46e7bd48b71d4b9"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-261721900.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12:0"},{"fixed":"12:2024-09-01"}]}],"versions":["12"],"ecosystem_specific":{"severity":"High","vanir_signatures":[{"source":"https://android.googlesource.com/platform/frameworks/base/+/1fd0421801c391dd619cafeeea8d379a9029074a","signature_version":"v1","signature_type":"Line","deprecated":false,"id":"ASB-A-261721900-605aab26","digest":{"threshold":0.9,"line_hashes":["104738803165679544444835421662763770740","282854974940796504727249461649251767358","193301029035352083894885517289582284355","189082287069262779762421083968669274300"]},"target":{"file":"core/java/android/net/Uri.java"}}],"spl":"2024-09-01","types":["EoP"],"fixes":["https://android.googlesource.com/platform/frameworks/base/+/1fd0421801c391dd619cafeeea8d379a9029074a"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-261721900.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12L:0"},{"fixed":"12L:2024-09-01"}]}],"versions":["12L"],"ecosystem_specific":{"severity":"High","vanir_signatures":[{"source":"https://android.googlesource.com/platform/frameworks/base/+/191944ece5badb3e85969b3ccb9baebd6abb622b","signature_version":"v1","signature_type":"Line","deprecated":false,"id":"ASB-A-261721900-7c973e25","digest":{"threshold":0.9,"line_hashes":["104738803165679544444835421662763770740","282854974940796504727249461649251767358","193301029035352083894885517289582284355","189082287069262779762421083968669274300"]},"target":{"file":"core/java/android/net/Uri.java"}}],"spl":"2024-09-01","types":["EoP"],"fixes":["https://android.googlesource.com/platform/frameworks/base/+/191944ece5badb3e85969b3ccb9baebd6abb622b"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-261721900.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"13:0"},{"fixed":"13:2024-09-01"}]}],"versions":["13"],"ecosystem_specific":{"severity":"High","vanir_signatures":[{"source":"https://android.googlesource.com/platform/frameworks/base/+/841ce92aa1b350c83148ef6fb57bfff617364e1a","signature_version":"v1","signature_type":"Line","deprecated":false,"id":"ASB-A-261721900-0d604c88","digest":{"threshold":0.9,"line_hashes":["104738803165679544444835421662763770740","282854974940796504727249461649251767358","193301029035352083894885517289582284355","189082287069262779762421083968669274300"]},"target":{"file":"core/java/android/net/Uri.java"}}],"spl":"2024-09-01","types":["EoP"],"fixes":["https://android.googlesource.com/platform/frameworks/base/+/841ce92aa1b350c83148ef6fb57bfff617364e1a"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-261721900.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"14:0"},{"fixed":"14:2024-09-01"}]}],"versions":["14"],"ecosystem_specific":{"severity":"High","vanir_signatures":[{"source":"https://android.googlesource.com/platform/frameworks/base/+/557941ca0cf59da66db4fad12c2139ce80922f4a","signature_version":"v1","signature_type":"Line","deprecated":false,"id":"ASB-A-261721900-ca180580","digest":{"threshold":0.9,"line_hashes":["104738803165679544444835421662763770740","282854974940796504727249461649251767358","193301029035352083894885517289582284355","189082287069262779762421083968669274300"]},"target":{"file":"core/java/android/net/Uri.java"}}],"spl":"2024-09-01","types":["EoP"],"fixes":["https://android.googlesource.com/platform/frameworks/base/+/557941ca0cf59da66db4fad12c2139ce80922f4a"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-261721900.json"}}],"schema_version":"1.7.5"}