{"id":"ASB-A-274775190","details":"In multiple locations, there is a possible way to bypass user notification of foreground services due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-274775190","CVE-2023-40120"],"modified":"2026-04-28T15:17:37.552933Z","published":"2023-10-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2023-10-01"},{"type":"FIX","url":"https://android.googlesource.com/platform/frameworks/base/+/d26544e5a4fd554b790b4d0c5964d9e95d9e626b"}],"affected":[{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"14-next:0"},{"fixed":"14-next:2023-10-01"}]}],"versions":["14-next"],"ecosystem_specific":{"spl":"2023-10-01","severity":"High","fixes":["https://android.googlesource.com/platform/frameworks/base/+/0ea0f35dce5e3ecdddbe2a93caaecb2b1c394b78","https://android.googlesource.com/platform/frameworks/base/+/7aa5b1415941f8c4172d02072f59349d30450232"],"types":["EoP"],"vanir_signatures":[{"signature_type":"Function","deprecated":false,"digest":{"function_hash":"295032870259104720256886176278826762346","length":272},"source":"https://android.googlesource.com/platform/frameworks/base/+/0ea0f35dce5e3ecdddbe2a93caaecb2b1c394b78","target":{"file":"core/java/android/app/StatusBarManager.java","function":"getService"},"signature_version":"v1","id":"ASB-A-274775190-6a984c32","match_only_versions":["14-next"]},{"source":"https://android.googlesource.com/platform/frameworks/base/+/0ea0f35dce5e3ecdddbe2a93caaecb2b1c394b78","target":{"file":"core/java/android/app/StatusBarManager.java","function":"isMediaTitleRequiredForApp"},"signature_version":"v1","signature_type":"Function","id":"ASB-A-274775190-8f502582","deprecated":false,"digest":{"function_hash":"193419990035426540541696645683798941871","length":131}},{"source":"https://android.googlesource.com/platform/frameworks/base/+/0ea0f35dce5e3ecdddbe2a93caaecb2b1c394b78","target":{"file":"core/java/android/app/StatusBarManager.java"},"signature_version":"v1","signature_type":"Line","id":"ASB-A-274775190-cfbb5e0a","deprecated":false,"digest":{"line_hashes":["276401531901318263753144431699500467534","174693737625381771289955730754378212089","55067072768329347915291328717665274412","247491197205286358186884514790289441800","288268817024719155601732677583925904674","162414632533865194722156741041722238057","238187707617870915485439331167525581495","42870352728389217820846386914021981277","197830679814973854642546934516842684361","31823246263992746912867442466257200867","179771285865684518296153165408831105186","105823613653653031239713650423167024704","227755580500140105511776870914346632550","302439945214960274764316328120321594772","157093321223745541105175817161241093639","41027818387143506716071401913762006612","40681326202558538640645875563718560389","127635592304768124555866852793805531603","97708967501522358369735335246717124075","129554294152192160224533512055370407544","104176241438601927444278433906707718950","333723484836615690996111369955045802370","194775277198457715137714559249712910553","243161833809819721557020020362400150479","178914412161223854977679791516697656678","134936461097158260160654518469916486136","138251747473868163461947946972620429932","271487609364378758100043770345098504500","322179436436476499849029600944439531583","76327287156485271441958115395213707924","31977801378991756250502292725926409566","1136072264060281673135831628939118147","261412421687700868409742376006145653915"],"threshold":0.9}}]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-274775190.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"11:0"},{"fixed":"11:2023-10-01"}]}],"versions":["11"],"ecosystem_specific":{"spl":"2023-10-01","severity":"High","fixes":["https://android.googlesource.com/platform/frameworks/base/+/070eff919c85fd83501e380a92e30caf082e9ffc","https://android.googlesource.com/platform/frameworks/base/+/917729f52b84d8ff1140ece2dd696914426adcd3"],"types":["EoP"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-274775190.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12:0"},{"fixed":"12:2023-10-01"}]}],"versions":["12"],"ecosystem_specific":{"spl":"2023-10-01","severity":"High","fixes":["https://android.googlesource.com/platform/frameworks/base/+/883923c40b88c0486c5ac24dc756213b187b3bb1","https://android.googlesource.com/platform/frameworks/base/+/204ea4a673cc47f154cbff66d664618f1942b6b9"],"types":["EoP"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-274775190.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12L:0"},{"fixed":"12L:2023-10-01"}]}],"versions":["12L"],"ecosystem_specific":{"spl":"2023-10-01","severity":"High","fixes":["https://android.googlesource.com/platform/frameworks/base/+/df4686dc0a38b6027960dbe69b3fe18048f02b8f","https://android.googlesource.com/platform/frameworks/base/+/204ea4a673cc47f154cbff66d664618f1942b6b9"],"types":["EoP"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-274775190.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"13:0"},{"fixed":"13:2023-10-01"}]}],"versions":["13"],"ecosystem_specific":{"spl":"2023-10-01","severity":"High","fixes":["https://android.googlesource.com/platform/frameworks/base/+/a0fda1f36d04331c8d60c5540b09b1a30203581b","https://android.googlesource.com/platform/frameworks/base/+/602de6cbd4d51222625e849ffedd5e58977aecbd"],"types":["EoP"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-274775190.json"}}],"schema_version":"1.7.5"}