{"id":"ASB-A-273729172","details":"In createDontSendToRestrictedAppsBundle of PendingIntentUtils.java, there is a possible background activity launch due to a missing check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-273729172","CVE-2023-40095"],"modified":"2026-05-22T15:55:21.353668239Z","published":"2023-12-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2023-12-01"},{"type":"FIX","url":"https://android.googlesource.com/platform/frameworks/base/+/d98abeef8f870b60510feafbadcea0c2f9cbae65"}],"affected":[{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"14-next:0"},{"fixed":"14-next:2023-12-01"}]}],"versions":["14-next"],"ecosystem_specific":{"vanir_signatures":[{"signature_type":"Line","digest":{"line_hashes":["241099825926840930441039057166608676248","72315391214666178427269974256863588202","229267332971896543381079037628777213401","238246418762173638730733100177089798393"],"threshold":0.9},"id":"ASB-A-273729172-332ca0b2","source":"https://android.googlesource.com/platform/frameworks/base/+/fa0b31821d177fe96e1e03bb6dcb2cda8d5a1c49","target":{"file":"services/core/java/com/android/server/PendingIntentUtils.java"},"deprecated":false,"signature_version":"v1"},{"signature_type":"Function","signature_version":"v1","id":"ASB-A-273729172-7abdfd0b","source":"https://android.googlesource.com/platform/frameworks/base/+/fa0b31821d177fe96e1e03bb6dcb2cda8d5a1c49","target":{"function":"createDontSendToRestrictedAppsBundle","file":"services/core/java/com/android/server/PendingIntentUtils.java"},"deprecated":false,"digest":{"length":222,"function_hash":"231131053177397398437235385677543959304"}}],"severity":"High","spl":"2023-12-01","types":["EoP"],"fixes":["https://android.googlesource.com/platform/frameworks/base/+/fa0b31821d177fe96e1e03bb6dcb2cda8d5a1c49"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-273729172.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"11:0"},{"fixed":"11:2023-12-01"}]}],"versions":["11"],"ecosystem_specific":{"vanir_signatures":[{"signature_type":"Function","digest":{"length":222,"function_hash":"231131053177397398437235385677543959304"},"id":"ASB-A-273729172-54590a89","source":"https://android.googlesource.com/platform/frameworks/base/+/7f9be7c3c859dc82d37452570d9878b58f6437a9","target":{"function":"createDontSendToRestrictedAppsBundle","file":"services/core/java/com/android/server/PendingIntentUtils.java"},"deprecated":false,"signature_version":"v1"},{"signature_type":"Line","digest":{"line_hashes":["241099825926840930441039057166608676248","72315391214666178427269974256863588202","229267332971896543381079037628777213401","238246418762173638730733100177089798393"],"threshold":0.9},"id":"ASB-A-273729172-a1c5f7fc","source":"https://android.googlesource.com/platform/frameworks/base/+/7f9be7c3c859dc82d37452570d9878b58f6437a9","target":{"file":"services/core/java/com/android/server/PendingIntentUtils.java"},"deprecated":false,"signature_version":"v1"}],"severity":"High","types":["EoP"],"spl":"2023-12-01","fixes":["https://android.googlesource.com/platform/frameworks/base/+/7f9be7c3c859dc82d37452570d9878b58f6437a9"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-273729172.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12:0"},{"fixed":"12:2023-12-01"}]}],"versions":["12"],"ecosystem_specific":{"vanir_signatures":[{"signature_type":"Function","digest":{"length":222,"function_hash":"231131053177397398437235385677543959304"},"id":"ASB-A-273729172-4f8d060a","source":"https://android.googlesource.com/platform/frameworks/base/+/7f9be7c3c859dc82d37452570d9878b58f6437a9","target":{"function":"createDontSendToRestrictedAppsBundle","file":"services/core/java/com/android/server/PendingIntentUtils.java"},"deprecated":false,"signature_version":"v1"},{"signature_type":"Line","digest":{"line_hashes":["241099825926840930441039057166608676248","72315391214666178427269974256863588202","229267332971896543381079037628777213401","238246418762173638730733100177089798393"],"threshold":0.9},"id":"ASB-A-273729172-5567a548","source":"https://android.googlesource.com/platform/frameworks/base/+/7f9be7c3c859dc82d37452570d9878b58f6437a9","target":{"file":"services/core/java/com/android/server/PendingIntentUtils.java"},"deprecated":false,"signature_version":"v1"}],"spl":"2023-12-01","severity":"High","fixes":["https://android.googlesource.com/platform/frameworks/base/+/7f9be7c3c859dc82d37452570d9878b58f6437a9"],"types":["EoP"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-273729172.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12L:0"},{"fixed":"12L:2023-12-01"}]}],"versions":["12L"],"ecosystem_specific":{"vanir_signatures":[{"signature_type":"Line","digest":{"line_hashes":["241099825926840930441039057166608676248","72315391214666178427269974256863588202","229267332971896543381079037628777213401","238246418762173638730733100177089798393"],"threshold":0.9},"id":"ASB-A-273729172-451d35fc","source":"https://android.googlesource.com/platform/frameworks/base/+/7f9be7c3c859dc82d37452570d9878b58f6437a9","target":{"file":"services/core/java/com/android/server/PendingIntentUtils.java"},"deprecated":false,"signature_version":"v1"},{"signature_type":"Function","digest":{"length":222,"function_hash":"231131053177397398437235385677543959304"},"id":"ASB-A-273729172-5890b31b","source":"https://android.googlesource.com/platform/frameworks/base/+/7f9be7c3c859dc82d37452570d9878b58f6437a9","target":{"function":"createDontSendToRestrictedAppsBundle","file":"services/core/java/com/android/server/PendingIntentUtils.java"},"deprecated":false,"signature_version":"v1"}],"severity":"High","spl":"2023-12-01","fixes":["https://android.googlesource.com/platform/frameworks/base/+/7f9be7c3c859dc82d37452570d9878b58f6437a9"],"types":["EoP"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-273729172.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"13:0"},{"fixed":"13:2023-12-01"}]}],"versions":["13"],"ecosystem_specific":{"vanir_signatures":[{"signature_type":"Line","digest":{"line_hashes":["241099825926840930441039057166608676248","72315391214666178427269974256863588202","229267332971896543381079037628777213401","238246418762173638730733100177089798393"],"threshold":0.9},"id":"ASB-A-273729172-602703d4","source":"https://android.googlesource.com/platform/frameworks/base/+/7f9be7c3c859dc82d37452570d9878b58f6437a9","target":{"file":"services/core/java/com/android/server/PendingIntentUtils.java"},"deprecated":false,"signature_version":"v1"},{"signature_type":"Function","signature_version":"v1","id":"ASB-A-273729172-c830847d","source":"https://android.googlesource.com/platform/frameworks/base/+/7f9be7c3c859dc82d37452570d9878b58f6437a9","target":{"function":"createDontSendToRestrictedAppsBundle","file":"services/core/java/com/android/server/PendingIntentUtils.java"},"deprecated":false,"digest":{"length":222,"function_hash":"231131053177397398437235385677543959304"}}],"severity":"High","spl":"2023-12-01","types":["EoP"],"fixes":["https://android.googlesource.com/platform/frameworks/base/+/7f9be7c3c859dc82d37452570d9878b58f6437a9"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-273729172.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"14:0"},{"fixed":"14:2023-12-01"}]}],"versions":["14"],"ecosystem_specific":{"vanir_signatures":[{"signature_type":"Line","digest":{"line_hashes":["241099825926840930441039057166608676248","72315391214666178427269974256863588202","229267332971896543381079037628777213401","238246418762173638730733100177089798393"],"threshold":0.9},"id":"ASB-A-273729172-be91f766","source":"https://android.googlesource.com/platform/frameworks/base/+/7f9be7c3c859dc82d37452570d9878b58f6437a9","target":{"file":"services/core/java/com/android/server/PendingIntentUtils.java"},"deprecated":false,"signature_version":"v1"},{"signature_type":"Function","digest":{"length":222,"function_hash":"231131053177397398437235385677543959304"},"id":"ASB-A-273729172-ece105d8","source":"https://android.googlesource.com/platform/frameworks/base/+/7f9be7c3c859dc82d37452570d9878b58f6437a9","target":{"function":"createDontSendToRestrictedAppsBundle","file":"services/core/java/com/android/server/PendingIntentUtils.java"},"deprecated":false,"signature_version":"v1"}],"severity":"High","spl":"2023-12-01","types":["EoP"],"fixes":["https://android.googlesource.com/platform/frameworks/base/+/7f9be7c3c859dc82d37452570d9878b58f6437a9"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-273729172.json"}}],"schema_version":"1.7.5"}