{"id":"ASB-A-278246904","details":"In updateActionViews of PipMenuView.java, there is a possible bypass of a multi user security boundary due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-278246904","CVE-2023-40123"],"modified":"2026-04-27T15:40:08.012512Z","published":"2023-10-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2023-10-01"},{"type":"FIX","url":"https://android.googlesource.com/platform/frameworks/base/+/7212a4bec2d2f1a74fa54a12a04255d6a183baa9"}],"affected":[{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"11:0"},{"fixed":"11:2023-10-01"}]}],"versions":["11"],"ecosystem_specific":{"severity":"High","types":["ID"],"spl":"2023-10-01","vanir_signatures":[{"signature_type":"Line","signature_version":"v1","id":"ASB-A-278246904-d36d1569","source":"https://android.googlesource.com/platform/frameworks/base/+/5f5a87d8a0dc9190327ba0e6113d5b80ee96abae","target":{"file":"packages/SystemUI/src/com/android/systemui/pip/phone/PipMenuActivity.java"},"digest":{"threshold":0.9,"line_hashes":["166063239365407036358423908267271788855","238261694075635380651321613102455567842","18813654971782633136813057209079119774","298693978369705219306289472481635126836","228970914487273209765683008343858037409","308669220408222224656611470876126545861","197699114853082409449149109728014222192","209364448544501372143279473777566494659","216188453882021631452971651028580263799","94850097018368390728166738070588962869","72445180047628070739800573023735531549"]},"deprecated":false},{"signature_type":"Function","signature_version":"v1","id":"ASB-A-278246904-dcfb2aed","source":"https://android.googlesource.com/platform/frameworks/base/+/5f5a87d8a0dc9190327ba0e6113d5b80ee96abae","target":{"function":"updateActionViews","file":"packages/SystemUI/src/com/android/systemui/pip/phone/PipMenuActivity.java"},"digest":{"length":1929,"function_hash":"181592472918948688828376767510805820774"},"deprecated":false}],"fixes":["https://android.googlesource.com/platform/frameworks/base/+/5f5a87d8a0dc9190327ba0e6113d5b80ee96abae"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-278246904.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12:0"},{"fixed":"12:2023-10-01"}]}],"versions":["12"],"ecosystem_specific":{"severity":"High","types":["ID"],"spl":"2023-10-01","vanir_signatures":[{"signature_type":"Function","signature_version":"v1","id":"ASB-A-278246904-06f64a8c","source":"https://android.googlesource.com/platform/frameworks/base/+/4bf71d74fc21cd9389dbe00fb750e2f9802eb789","target":{"function":"updateActionViews","file":"libs/WindowManager/Shell/src/com/android/wm/shell/pip/phone/PipMenuView.java"},"digest":{"length":2091,"function_hash":"324042343437714289491964702341013391365"},"deprecated":false},{"signature_type":"Line","signature_version":"v1","id":"ASB-A-278246904-e2044529","source":"https://android.googlesource.com/platform/frameworks/base/+/4bf71d74fc21cd9389dbe00fb750e2f9802eb789","target":{"file":"libs/WindowManager/Shell/src/com/android/wm/shell/pip/phone/PipMenuView.java"},"digest":{"threshold":0.9,"line_hashes":["324847060176059378097650583737936443359","201914426576427113616282003798828523163","263506418221562484969851597863881285854","298693978369705219306289472481635126836","65028353250387951711319638958353438447","136790229638996451871466097405478164680","68170465010301158246315630610819079368","263352302776715897128641062905730961951","69457260422413678554051326443035127416","265017678738522029119583092157254262428","300353328676222188497957249077867958648","132265614032465781347840663960889966374","279619902974470852553413032210963791541"]},"deprecated":false}],"fixes":["https://android.googlesource.com/platform/frameworks/base/+/4bf71d74fc21cd9389dbe00fb750e2f9802eb789"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-278246904.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12L:0"},{"fixed":"12L:2023-10-01"}]}],"versions":["12L"],"ecosystem_specific":{"severity":"High","types":["ID"],"spl":"2023-10-01","vanir_signatures":[{"signature_type":"Function","signature_version":"v1","id":"ASB-A-278246904-2aac263b","source":"https://android.googlesource.com/platform/frameworks/base/+/4bf71d74fc21cd9389dbe00fb750e2f9802eb789","target":{"function":"updateActionViews","file":"libs/WindowManager/Shell/src/com/android/wm/shell/pip/phone/PipMenuView.java"},"digest":{"length":2091,"function_hash":"324042343437714289491964702341013391365"},"deprecated":false},{"signature_type":"Line","signature_version":"v1","id":"ASB-A-278246904-974cac41","source":"https://android.googlesource.com/platform/frameworks/base/+/4bf71d74fc21cd9389dbe00fb750e2f9802eb789","target":{"file":"libs/WindowManager/Shell/src/com/android/wm/shell/pip/phone/PipMenuView.java"},"digest":{"threshold":0.9,"line_hashes":["324847060176059378097650583737936443359","201914426576427113616282003798828523163","263506418221562484969851597863881285854","298693978369705219306289472481635126836","65028353250387951711319638958353438447","136790229638996451871466097405478164680","68170465010301158246315630610819079368","263352302776715897128641062905730961951","69457260422413678554051326443035127416","265017678738522029119583092157254262428","300353328676222188497957249077867958648","132265614032465781347840663960889966374","279619902974470852553413032210963791541"]},"deprecated":false}],"fixes":["https://android.googlesource.com/platform/frameworks/base/+/4bf71d74fc21cd9389dbe00fb750e2f9802eb789"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-278246904.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"13:0"},{"fixed":"13:2023-10-01"}]}],"versions":["13"],"ecosystem_specific":{"severity":"High","types":["ID"],"spl":"2023-10-01","vanir_signatures":[{"signature_type":"Function","signature_version":"v1","id":"ASB-A-278246904-883a9b56","source":"https://android.googlesource.com/platform/frameworks/base/+/1aee65603e262affd815fa53dcc5416c605e4037","target":{"function":"updateActionViews","file":"libs/WindowManager/Shell/src/com/android/wm/shell/pip/phone/PipMenuView.java"},"digest":{"length":2135,"function_hash":"91021012843999924637578713214436470282"},"deprecated":false},{"signature_type":"Line","signature_version":"v1","id":"ASB-A-278246904-b10517f1","source":"https://android.googlesource.com/platform/frameworks/base/+/1aee65603e262affd815fa53dcc5416c605e4037","target":{"file":"libs/WindowManager/Shell/src/com/android/wm/shell/pip/phone/PipMenuView.java"},"digest":{"threshold":0.9,"line_hashes":["324847060176059378097650583737936443359","201914426576427113616282003798828523163","263506418221562484969851597863881285854","298693978369705219306289472481635126836","93521960409155512391593538908610140054","191814625989978002119845273457027502519","149886920230859110625589295097639483924","263352302776715897128641062905730961951","69457260422413678554051326443035127416","265017678738522029119583092157254262428","250766418081665288800895074477766066642","71790000626337845181233356163845532353","13483996012871084488115841999795360436"]},"deprecated":false}],"fixes":["https://android.googlesource.com/platform/frameworks/base/+/1aee65603e262affd815fa53dcc5416c605e4037"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-278246904.json"}}],"schema_version":"1.7.5"}