{"id":"ASB-A-281534749","details":"In FillUi of FillUi.java, there is a possible way to view another user's images. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-281534749","CVE-2023-40138"],"modified":"2026-05-22T15:55:21.353668239Z","published":"2025-02-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2025-02-01"},{"type":"FIX","url":"https://android.googlesource.com/platform/frameworks/base/+/08becc8c600f14c5529115cc1a1e0c97cd503f33"}],"affected":[{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"15-next:0"},{"fixed":"15-next:2025-02-01"}]}],"versions":["15-next"],"ecosystem_specific":{"spl":"2025-02-01","types":["ID"],"severity":"High","vanir_signatures":[{"digest":{"threshold":0.9,"line_hashes":["152706124914265209826722211813105497440","122457438830031755697776489763091500155","9557648870503328618362177008065891024","21424190766785613237481844130356205668","318743049332437221904056720756700357292","19494396699293671953931356471127301788","125685506690105876920915180744054100445","193060436326013056668025233908441392097","45525861848201633409686579962243666914","247171390140834564838122080548466479325","11417974425339281741084590764620266974","63675271650473437443478445002199682738","337643276294840670681719171796552205364","120308007170846405930104003764350781053","110491743816707019839998419656968232453","290369119132319450297915760482112743456","318831208973307593363994768019606516553","118585930299939295491472408901765825976"]},"deprecated":false,"signature_version":"v1","signature_type":"Line","source":"https://android.googlesource.com/platform/frameworks/base/+/bf7fbbccd920596e514d1559fb3feaca70e55e78","id":"ASB-A-281534749-06445f7a","target":{"file":"services/autofill/java/com/android/server/autofill/ui/DialogFillUi.java"}},{"digest":{"function_hash":"110995354895912650465302359732992851334","length":3696},"deprecated":false,"signature_version":"v1","signature_type":"Function","source":"https://android.googlesource.com/platform/frameworks/base/+/bf7fbbccd920596e514d1559fb3feaca70e55e78","id":"ASB-A-281534749-4124815a","target":{"function":"applyCustomDescription","file":"services/autofill/java/com/android/server/autofill/ui/SaveUi.java"}},{"digest":{"function_hash":"49532191195551615746744837755912801092","length":754},"deprecated":false,"signature_version":"v1","signature_type":"Function","source":"https://android.googlesource.com/platform/frameworks/base/+/bf7fbbccd920596e514d1559fb3feaca70e55e78","id":"ASB-A-281534749-6438f6a0","target":{"function":"initialAuthenticationLayout","file":"services/autofill/java/com/android/server/autofill/ui/DialogFillUi.java"}},{"digest":{"threshold":0.9,"line_hashes":["70384187207969473467724071990317729398","320418546227076084465594181217435078892","139034975296227356350451546793061696188","198840029242654939539433467117586934531","313245536086977364838236582966126120156","9821241575628344625617058172907797661","84864080468086762366722034388010268348","321713212781640076910098641929018121181","60835553322294116645322918846401089571","194254830192584495059033577937727898134","147075656553749944497531376143451541327","11224255276186999251427813799537284016","190000541700740439308365212289947348130"]},"deprecated":false,"signature_version":"v1","signature_type":"Line","source":"https://android.googlesource.com/platform/frameworks/base/+/bf7fbbccd920596e514d1559fb3feaca70e55e78","id":"ASB-A-281534749-77854c22","target":{"file":"services/autofill/java/com/android/server/autofill/ui/FillUi.java"}},{"digest":{"function_hash":"31646391903980341277154471442477253944","length":6510},"deprecated":false,"signature_version":"v1","signature_type":"Function","source":"https://android.googlesource.com/platform/frameworks/base/+/bf7fbbccd920596e514d1559fb3feaca70e55e78","id":"ASB-A-281534749-80fd7a71","target":{"function":"FillUi","file":"services/autofill/java/com/android/server/autofill/ui/FillUi.java"}},{"digest":{"threshold":0.9,"line_hashes":["148303161279659643660660451501034279234","125883638802437311423689325172088876430","68109407143103339498063405506151933519","141851605057521366089072764562061264673"]},"deprecated":false,"signature_version":"v1","signature_type":"Line","source":"https://android.googlesource.com/platform/frameworks/base/+/bf7fbbccd920596e514d1559fb3feaca70e55e78","id":"ASB-A-281534749-a53a4b64","target":{"file":"services/autofill/java/com/android/server/autofill/ui/SaveUi.java"}},{"digest":{"threshold":0.9,"line_hashes":["195550187764114165661677033491385867525","207939012160879388942929324645558281641","197882718764834178866649541080794831380","239233852245253813103569443623407063279","44698807005793972678540295405764893919","21183059188807409401714516310665780128","300048194628243201263727493046361281547","303844278245018911624601514776114041871","229695913011207263233075675270896549026","55169701512537227256118636456135333684","198388733492753553705907241123091591212","304920987658179113312826479999607115028","269055928370450172860520757506759510794","237757000885932752970060260599884987089","33379483823330199745001603645193499184"]},"deprecated":false,"signature_version":"v1","signature_type":"Line","source":"https://android.googlesource.com/platform/frameworks/base/+/bf7fbbccd920596e514d1559fb3feaca70e55e78","id":"ASB-A-281534749-ad39c60e","target":{"file":"services/autofill/java/com/android/server/autofill/Helper.java"}},{"id":"ASB-A-281534749-e69baae4","deprecated":false,"signature_version":"v1","signature_type":"Function","source":"https://android.googlesource.com/platform/frameworks/base/+/bf7fbbccd920596e514d1559fb3feaca70e55e78","digest":{"function_hash":"14933855057066592257347322952625317997","length":1677},"target":{"function":"createDatasetItems","file":"services/autofill/java/com/android/server/autofill/ui/DialogFillUi.java"}},{"digest":{"function_hash":"243658678464188710220306003597891618027","length":498},"deprecated":false,"signature_version":"v1","signature_type":"Function","source":"https://android.googlesource.com/platform/frameworks/base/+/bf7fbbccd920596e514d1559fb3feaca70e55e78","id":"ASB-A-281534749-eeb818cb","target":{"function":"setHeader","file":"services/autofill/java/com/android/server/autofill/ui/DialogFillUi.java"}}],"fixes":["https://android.googlesource.com/platform/frameworks/base/+/bf7fbbccd920596e514d1559fb3feaca70e55e78"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-281534749.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12:0"},{"fixed":"12:2025-02-01"}]}],"versions":["12"],"ecosystem_specific":{"spl":"2025-02-01","types":["ID"],"severity":"High","vanir_signatures":[{"digest":{"threshold":0.9,"line_hashes":["70384187207969473467724071990317729398","320418546227076084465594181217435078892","139034975296227356350451546793061696188","198840029242654939539433467117586934531","313245536086977364838236582966126120156","9821241575628344625617058172907797661","84864080468086762366722034388010268348","321713212781640076910098641929018121181","60835553322294116645322918846401089571","194254830192584495059033577937727898134","147075656553749944497531376143451541327","11224255276186999251427813799537284016","190000541700740439308365212289947348130"]},"deprecated":false,"signature_version":"v1","signature_type":"Line","source":"https://android.googlesource.com/platform/frameworks/base/+/73fa082a7202100da107ae14dd7742ecd86da053","id":"ASB-A-281534749-4bba6ff2","target":{"file":"services/autofill/java/com/android/server/autofill/ui/FillUi.java"}},{"digest":{"threshold":0.9,"line_hashes":["206563368113645024653705304061605275981","197882718764834178866649541080794831380","239233852245253813103569443623407063279","44698807005793972678540295405764893919","21183059188807409401714516310665780128","300048194628243201263727493046361281547","200644165688969314273219891189461360855","77496428704198062703578586753481553588","55169701512537227256118636456135333684","198388733492753553705907241123091591212","304920987658179113312826479999607115028","269055928370450172860520757506759510794","237757000885932752970060260599884987089","33379483823330199745001603645193499184"]},"deprecated":false,"signature_version":"v1","signature_type":"Line","source":"https://android.googlesource.com/platform/frameworks/base/+/73fa082a7202100da107ae14dd7742ecd86da053","id":"ASB-A-281534749-5897c9bc","target":{"file":"services/autofill/java/com/android/server/autofill/Helper.java"}},{"digest":{"function_hash":"155518773178166328024443815934004657924","length":6466},"deprecated":false,"signature_version":"v1","signature_type":"Function","source":"https://android.googlesource.com/platform/frameworks/base/+/73fa082a7202100da107ae14dd7742ecd86da053","id":"ASB-A-281534749-9791299f","target":{"function":"FillUi","file":"services/autofill/java/com/android/server/autofill/ui/FillUi.java"}},{"digest":{"function_hash":"110995354895912650465302359732992851334","length":3696},"deprecated":false,"signature_version":"v1","signature_type":"Function","source":"https://android.googlesource.com/platform/frameworks/base/+/73fa082a7202100da107ae14dd7742ecd86da053","id":"ASB-A-281534749-be69d6ef","target":{"function":"applyCustomDescription","file":"services/autofill/java/com/android/server/autofill/ui/SaveUi.java"}},{"digest":{"threshold":0.9,"line_hashes":["148303161279659643660660451501034279234","125883638802437311423689325172088876430","68109407143103339498063405506151933519","141851605057521366089072764562061264673"]},"deprecated":false,"signature_version":"v1","signature_type":"Line","source":"https://android.googlesource.com/platform/frameworks/base/+/73fa082a7202100da107ae14dd7742ecd86da053","id":"ASB-A-281534749-d4299c57","target":{"file":"services/autofill/java/com/android/server/autofill/ui/SaveUi.java"}}],"fixes":["https://android.googlesource.com/platform/frameworks/base/+/73fa082a7202100da107ae14dd7742ecd86da053"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-281534749.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12L:0"},{"fixed":"12L:2025-02-01"}]}],"versions":["12L"],"ecosystem_specific":{"spl":"2025-02-01","types":["ID"],"severity":"High","vanir_signatures":[{"id":"ASB-A-281534749-4b9be62e","deprecated":false,"signature_version":"v1","signature_type":"Line","source":"https://android.googlesource.com/platform/frameworks/base/+/f7ca136c514dc975c3f46d95c53fd6b3752c577a","digest":{"threshold":0.9,"line_hashes":["206563368113645024653705304061605275981","197882718764834178866649541080794831380","239233852245253813103569443623407063279","44698807005793972678540295405764893919","21183059188807409401714516310665780128","300048194628243201263727493046361281547","200644165688969314273219891189461360855","77496428704198062703578586753481553588","55169701512537227256118636456135333684","198388733492753553705907241123091591212","304920987658179113312826479999607115028","269055928370450172860520757506759510794","237757000885932752970060260599884987089","33379483823330199745001603645193499184"]},"target":{"file":"services/autofill/java/com/android/server/autofill/Helper.java"}},{"digest":{"function_hash":"155518773178166328024443815934004657924","length":6466},"deprecated":false,"signature_version":"v1","signature_type":"Function","source":"https://android.googlesource.com/platform/frameworks/base/+/f7ca136c514dc975c3f46d95c53fd6b3752c577a","id":"ASB-A-281534749-69bfefd7","target":{"function":"FillUi","file":"services/autofill/java/com/android/server/autofill/ui/FillUi.java"}},{"digest":{"function_hash":"110995354895912650465302359732992851334","length":3696},"deprecated":false,"signature_version":"v1","signature_type":"Function","source":"https://android.googlesource.com/platform/frameworks/base/+/f7ca136c514dc975c3f46d95c53fd6b3752c577a","id":"ASB-A-281534749-c0f2a3a7","target":{"function":"applyCustomDescription","file":"services/autofill/java/com/android/server/autofill/ui/SaveUi.java"}},{"digest":{"threshold":0.9,"line_hashes":["148303161279659643660660451501034279234","125883638802437311423689325172088876430","68109407143103339498063405506151933519","141851605057521366089072764562061264673"]},"deprecated":false,"signature_version":"v1","signature_type":"Line","source":"https://android.googlesource.com/platform/frameworks/base/+/f7ca136c514dc975c3f46d95c53fd6b3752c577a","id":"ASB-A-281534749-d7552cd1","target":{"file":"services/autofill/java/com/android/server/autofill/ui/SaveUi.java"}},{"digest":{"threshold":0.9,"line_hashes":["70384187207969473467724071990317729398","320418546227076084465594181217435078892","139034975296227356350451546793061696188","198840029242654939539433467117586934531","313245536086977364838236582966126120156","9821241575628344625617058172907797661","84864080468086762366722034388010268348","321713212781640076910098641929018121181","60835553322294116645322918846401089571","194254830192584495059033577937727898134","147075656553749944497531376143451541327","11224255276186999251427813799537284016","190000541700740439308365212289947348130"]},"deprecated":false,"signature_version":"v1","signature_type":"Line","source":"https://android.googlesource.com/platform/frameworks/base/+/f7ca136c514dc975c3f46d95c53fd6b3752c577a","id":"ASB-A-281534749-f36bcf55","target":{"file":"services/autofill/java/com/android/server/autofill/ui/FillUi.java"}}],"fixes":["https://android.googlesource.com/platform/frameworks/base/+/f7ca136c514dc975c3f46d95c53fd6b3752c577a"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-281534749.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"13:0"},{"fixed":"13:2025-02-01"}]}],"versions":["13"],"ecosystem_specific":{"spl":"2025-02-01","types":["ID"],"severity":"High","vanir_signatures":[{"digest":{"function_hash":"110995354895912650465302359732992851334","length":3696},"deprecated":false,"signature_version":"v1","signature_type":"Function","source":"https://android.googlesource.com/platform/frameworks/base/+/93810ba1c0a4d31f49adbf9454731e2b7defdfc0","id":"ASB-A-281534749-0d2943f4","target":{"function":"applyCustomDescription","file":"services/autofill/java/com/android/server/autofill/ui/SaveUi.java"}},{"digest":{"threshold":0.9,"line_hashes":["70384187207969473467724071990317729398","320418546227076084465594181217435078892","139034975296227356350451546793061696188","198840029242654939539433467117586934531","313245536086977364838236582966126120156","9821241575628344625617058172907797661","84864080468086762366722034388010268348","321713212781640076910098641929018121181","60835553322294116645322918846401089571","194254830192584495059033577937727898134","147075656553749944497531376143451541327","11224255276186999251427813799537284016","190000541700740439308365212289947348130"]},"deprecated":false,"signature_version":"v1","signature_type":"Line","source":"https://android.googlesource.com/platform/frameworks/base/+/93810ba1c0a4d31f49adbf9454731e2b7defdfc0","id":"ASB-A-281534749-27c06beb","target":{"file":"services/autofill/java/com/android/server/autofill/ui/FillUi.java"}},{"digest":{"function_hash":"14933855057066592257347322952625317997","length":1677},"deprecated":false,"signature_version":"v1","signature_type":"Function","source":"https://android.googlesource.com/platform/frameworks/base/+/93810ba1c0a4d31f49adbf9454731e2b7defdfc0","id":"ASB-A-281534749-2b9e0a47","target":{"function":"createDatasetItems","file":"services/autofill/java/com/android/server/autofill/ui/DialogFillUi.java"}},{"digest":{"function_hash":"49532191195551615746744837755912801092","length":754},"deprecated":false,"signature_version":"v1","signature_type":"Function","source":"https://android.googlesource.com/platform/frameworks/base/+/93810ba1c0a4d31f49adbf9454731e2b7defdfc0","id":"ASB-A-281534749-8e58e6f9","target":{"function":"initialAuthenticationLayout","file":"services/autofill/java/com/android/server/autofill/ui/DialogFillUi.java"}},{"digest":{"function_hash":"243658678464188710220306003597891618027","length":498},"deprecated":false,"signature_version":"v1","signature_type":"Function","source":"https://android.googlesource.com/platform/frameworks/base/+/93810ba1c0a4d31f49adbf9454731e2b7defdfc0","id":"ASB-A-281534749-979c9889","target":{"function":"setHeader","file":"services/autofill/java/com/android/server/autofill/ui/DialogFillUi.java"}},{"digest":{"threshold":0.9,"line_hashes":["206563368113645024653705304061605275981","197882718764834178866649541080794831380","239233852245253813103569443623407063279","44698807005793972678540295405764893919","21183059188807409401714516310665780128","300048194628243201263727493046361281547","200644165688969314273219891189461360855","77496428704198062703578586753481553588","55169701512537227256118636456135333684","198388733492753553705907241123091591212","304920987658179113312826479999607115028","269055928370450172860520757506759510794","237757000885932752970060260599884987089","33379483823330199745001603645193499184"]},"deprecated":false,"signature_version":"v1","signature_type":"Line","source":"https://android.googlesource.com/platform/frameworks/base/+/93810ba1c0a4d31f49adbf9454731e2b7defdfc0","id":"ASB-A-281534749-a1b813d7","target":{"file":"services/autofill/java/com/android/server/autofill/Helper.java"}},{"digest":{"function_hash":"155518773178166328024443815934004657924","length":6466},"deprecated":false,"signature_version":"v1","signature_type":"Function","source":"https://android.googlesource.com/platform/frameworks/base/+/93810ba1c0a4d31f49adbf9454731e2b7defdfc0","id":"ASB-A-281534749-acd70eb0","target":{"function":"FillUi","file":"services/autofill/java/com/android/server/autofill/ui/FillUi.java"}},{"digest":{"threshold":0.9,"line_hashes":["152706124914265209826722211813105497440","122457438830031755697776489763091500155","9557648870503328618362177008065891024","21424190766785613237481844130356205668","318743049332437221904056720756700357292","19494396699293671953931356471127301788","125685506690105876920915180744054100445","193060436326013056668025233908441392097","45525861848201633409686579962243666914","247171390140834564838122080548466479325","11417974425339281741084590764620266974","63675271650473437443478445002199682738","337643276294840670681719171796552205364","120308007170846405930104003764350781053","110491743816707019839998419656968232453","290369119132319450297915760482112743456","318831208973307593363994768019606516553","118585930299939295491472408901765825976"]},"deprecated":false,"signature_version":"v1","signature_type":"Line","source":"https://android.googlesource.com/platform/frameworks/base/+/93810ba1c0a4d31f49adbf9454731e2b7defdfc0","id":"ASB-A-281534749-b901e226","target":{"file":"services/autofill/java/com/android/server/autofill/ui/DialogFillUi.java"}},{"digest":{"threshold":0.9,"line_hashes":["148303161279659643660660451501034279234","125883638802437311423689325172088876430","68109407143103339498063405506151933519","141851605057521366089072764562061264673"]},"deprecated":false,"signature_version":"v1","signature_type":"Line","source":"https://android.googlesource.com/platform/frameworks/base/+/93810ba1c0a4d31f49adbf9454731e2b7defdfc0","id":"ASB-A-281534749-d2b5895d","target":{"file":"services/autofill/java/com/android/server/autofill/ui/SaveUi.java"}}],"fixes":["https://android.googlesource.com/platform/frameworks/base/+/93810ba1c0a4d31f49adbf9454731e2b7defdfc0"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-281534749.json"}}],"schema_version":"1.7.5"}