{"id":"ASB-A-272025416","details":"In multiple locations, there is a possible cross-user read due to a confused deputy. This could lead to local information disclosure of photos or other images with no additional execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-272025416","CVE-2023-40124"],"modified":"2026-05-25T16:46:24.913870386Z","published":"2023-11-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2023-11-01"},{"type":"FIX","url":"https://android.googlesource.com/platform/frameworks/base/+/86c8421c1181816b6cb333eb62a78e32290c4b17"}],"affected":[{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"14-next:0"},{"fixed":"14-next:2023-11-01"}]}],"versions":["14-next"],"ecosystem_specific":{"types":["ID"],"severity":"High","fixes":["https://android.googlesource.com/platform/frameworks/base/+/0c32739fabc2b49104fb6aacd9c3ce76183aed14"],"spl":"2023-11-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-272025416.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"11:0"},{"fixed":"11:2023-11-01"}]}],"versions":["11"],"ecosystem_specific":{"types":["ID"],"severity":"High","fixes":["https://android.googlesource.com/platform/frameworks/base/+/331f2f1baaf7b62e90a7d7cb6d4481925b3d9071"],"spl":"2023-11-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-272025416.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12:0"},{"fixed":"12:2023-11-01"}]}],"versions":["12"],"ecosystem_specific":{"types":["ID"],"fixes":["https://android.googlesource.com/platform/frameworks/base/+/22f18e021fa884dc504616a5adfb99ea9d2d77c6"],"severity":"High","spl":"2023-11-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-272025416.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12L:0"},{"fixed":"12L:2023-11-01"}]}],"versions":["12L"],"ecosystem_specific":{"types":["ID"],"severity":"High","fixes":["https://android.googlesource.com/platform/frameworks/base/+/2be24a7804701f3dc3e185196a55e4b0add2b79b"],"spl":"2023-11-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-272025416.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"13:0"},{"fixed":"13:2023-11-01"}]}],"versions":["13"],"ecosystem_specific":{"types":["ID"],"severity":"High","fixes":["https://android.googlesource.com/platform/frameworks/base/+/22f97f081ccc6f6a7230b15447a6c885dfe4fa59"],"spl":"2023-11-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-272025416.json"}}],"schema_version":"1.7.5"}