{"id":"ASB-A-281665050","details":"In createDatasetItems of DialogFillUi.java, there is a possible way to view another user's image. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-281665050","CVE-2023-40137"],"modified":"2026-04-28T15:17:37.552933Z","published":"2025-02-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2025-02-01"},{"type":"FIX","url":"https://android.googlesource.com/platform/frameworks/base/+/08becc8c600f14c5529115cc1a1e0c97cd503f33"}],"affected":[{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"15-next:0"},{"fixed":"15-next:2025-02-01"}]}],"versions":["15-next"],"ecosystem_specific":{"types":["ID"],"fixes":["https://android.googlesource.com/platform/frameworks/base/+/bf7fbbccd920596e514d1559fb3feaca70e55e78"],"vanir_signatures":[{"source":"https://android.googlesource.com/platform/frameworks/base/+/bf7fbbccd920596e514d1559fb3feaca70e55e78","target":{"file":"services/autofill/java/com/android/server/autofill/ui/DialogFillUi.java"},"signature_version":"v1","deprecated":false,"signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["152706124914265209826722211813105497440","122457438830031755697776489763091500155","9557648870503328618362177008065891024","21424190766785613237481844130356205668","318743049332437221904056720756700357292","19494396699293671953931356471127301788","125685506690105876920915180744054100445","193060436326013056668025233908441392097","45525861848201633409686579962243666914","247171390140834564838122080548466479325","11417974425339281741084590764620266974","63675271650473437443478445002199682738","337643276294840670681719171796552205364","120308007170846405930104003764350781053","110491743816707019839998419656968232453","290369119132319450297915760482112743456","318831208973307593363994768019606516553","118585930299939295491472408901765825976"]},"id":"ASB-A-281665050-06445f7a"},{"source":"https://android.googlesource.com/platform/frameworks/base/+/bf7fbbccd920596e514d1559fb3feaca70e55e78","target":{"function":"applyCustomDescription","file":"services/autofill/java/com/android/server/autofill/ui/SaveUi.java"},"signature_version":"v1","deprecated":false,"signature_type":"Function","digest":{"length":3696,"function_hash":"110995354895912650465302359732992851334"},"id":"ASB-A-281665050-4124815a"},{"source":"https://android.googlesource.com/platform/frameworks/base/+/bf7fbbccd920596e514d1559fb3feaca70e55e78","target":{"function":"initialAuthenticationLayout","file":"services/autofill/java/com/android/server/autofill/ui/DialogFillUi.java"},"signature_version":"v1","deprecated":false,"signature_type":"Function","digest":{"length":754,"function_hash":"49532191195551615746744837755912801092"},"id":"ASB-A-281665050-6438f6a0"},{"source":"https://android.googlesource.com/platform/frameworks/base/+/bf7fbbccd920596e514d1559fb3feaca70e55e78","target":{"file":"services/autofill/java/com/android/server/autofill/ui/FillUi.java"},"signature_version":"v1","deprecated":false,"signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["70384187207969473467724071990317729398","320418546227076084465594181217435078892","139034975296227356350451546793061696188","198840029242654939539433467117586934531","313245536086977364838236582966126120156","9821241575628344625617058172907797661","84864080468086762366722034388010268348","321713212781640076910098641929018121181","60835553322294116645322918846401089571","194254830192584495059033577937727898134","147075656553749944497531376143451541327","11224255276186999251427813799537284016","190000541700740439308365212289947348130"]},"id":"ASB-A-281665050-77854c22"},{"source":"https://android.googlesource.com/platform/frameworks/base/+/bf7fbbccd920596e514d1559fb3feaca70e55e78","target":{"function":"FillUi","file":"services/autofill/java/com/android/server/autofill/ui/FillUi.java"},"signature_version":"v1","deprecated":false,"signature_type":"Function","digest":{"length":6510,"function_hash":"31646391903980341277154471442477253944"},"id":"ASB-A-281665050-80fd7a71"},{"source":"https://android.googlesource.com/platform/frameworks/base/+/bf7fbbccd920596e514d1559fb3feaca70e55e78","target":{"file":"services/autofill/java/com/android/server/autofill/ui/SaveUi.java"},"signature_version":"v1","deprecated":false,"signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["148303161279659643660660451501034279234","125883638802437311423689325172088876430","68109407143103339498063405506151933519","141851605057521366089072764562061264673"]},"id":"ASB-A-281665050-a53a4b64"},{"source":"https://android.googlesource.com/platform/frameworks/base/+/bf7fbbccd920596e514d1559fb3feaca70e55e78","target":{"file":"services/autofill/java/com/android/server/autofill/Helper.java"},"signature_version":"v1","deprecated":false,"signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["195550187764114165661677033491385867525","207939012160879388942929324645558281641","197882718764834178866649541080794831380","239233852245253813103569443623407063279","44698807005793972678540295405764893919","21183059188807409401714516310665780128","300048194628243201263727493046361281547","303844278245018911624601514776114041871","229695913011207263233075675270896549026","55169701512537227256118636456135333684","198388733492753553705907241123091591212","304920987658179113312826479999607115028","269055928370450172860520757506759510794","237757000885932752970060260599884987089","33379483823330199745001603645193499184"]},"id":"ASB-A-281665050-ad39c60e"},{"source":"https://android.googlesource.com/platform/frameworks/base/+/bf7fbbccd920596e514d1559fb3feaca70e55e78","target":{"function":"createDatasetItems","file":"services/autofill/java/com/android/server/autofill/ui/DialogFillUi.java"},"signature_version":"v1","deprecated":false,"signature_type":"Function","digest":{"length":1677,"function_hash":"14933855057066592257347322952625317997"},"id":"ASB-A-281665050-e69baae4"},{"source":"https://android.googlesource.com/platform/frameworks/base/+/bf7fbbccd920596e514d1559fb3feaca70e55e78","target":{"function":"setHeader","file":"services/autofill/java/com/android/server/autofill/ui/DialogFillUi.java"},"signature_version":"v1","deprecated":false,"signature_type":"Function","digest":{"length":498,"function_hash":"243658678464188710220306003597891618027"},"id":"ASB-A-281665050-eeb818cb"}],"spl":"2025-02-01","severity":"High"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-281665050.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12:0"},{"fixed":"12:2025-02-01"}]}],"versions":["12"],"ecosystem_specific":{"types":["ID"],"fixes":["https://android.googlesource.com/platform/frameworks/base/+/73fa082a7202100da107ae14dd7742ecd86da053"],"vanir_signatures":[{"source":"https://android.googlesource.com/platform/frameworks/base/+/73fa082a7202100da107ae14dd7742ecd86da053","target":{"file":"services/autofill/java/com/android/server/autofill/ui/FillUi.java"},"signature_version":"v1","deprecated":false,"signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["70384187207969473467724071990317729398","320418546227076084465594181217435078892","139034975296227356350451546793061696188","198840029242654939539433467117586934531","313245536086977364838236582966126120156","9821241575628344625617058172907797661","84864080468086762366722034388010268348","321713212781640076910098641929018121181","60835553322294116645322918846401089571","194254830192584495059033577937727898134","147075656553749944497531376143451541327","11224255276186999251427813799537284016","190000541700740439308365212289947348130"]},"id":"ASB-A-281665050-4bba6ff2"},{"source":"https://android.googlesource.com/platform/frameworks/base/+/73fa082a7202100da107ae14dd7742ecd86da053","target":{"file":"services/autofill/java/com/android/server/autofill/Helper.java"},"signature_version":"v1","deprecated":false,"signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["206563368113645024653705304061605275981","197882718764834178866649541080794831380","239233852245253813103569443623407063279","44698807005793972678540295405764893919","21183059188807409401714516310665780128","300048194628243201263727493046361281547","200644165688969314273219891189461360855","77496428704198062703578586753481553588","55169701512537227256118636456135333684","198388733492753553705907241123091591212","304920987658179113312826479999607115028","269055928370450172860520757506759510794","237757000885932752970060260599884987089","33379483823330199745001603645193499184"]},"id":"ASB-A-281665050-5897c9bc"},{"source":"https://android.googlesource.com/platform/frameworks/base/+/73fa082a7202100da107ae14dd7742ecd86da053","target":{"function":"FillUi","file":"services/autofill/java/com/android/server/autofill/ui/FillUi.java"},"signature_version":"v1","deprecated":false,"signature_type":"Function","digest":{"length":6466,"function_hash":"155518773178166328024443815934004657924"},"id":"ASB-A-281665050-9791299f"},{"source":"https://android.googlesource.com/platform/frameworks/base/+/73fa082a7202100da107ae14dd7742ecd86da053","target":{"function":"applyCustomDescription","file":"services/autofill/java/com/android/server/autofill/ui/SaveUi.java"},"signature_version":"v1","deprecated":false,"signature_type":"Function","digest":{"length":3696,"function_hash":"110995354895912650465302359732992851334"},"id":"ASB-A-281665050-be69d6ef"},{"source":"https://android.googlesource.com/platform/frameworks/base/+/73fa082a7202100da107ae14dd7742ecd86da053","target":{"file":"services/autofill/java/com/android/server/autofill/ui/SaveUi.java"},"signature_version":"v1","deprecated":false,"signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["148303161279659643660660451501034279234","125883638802437311423689325172088876430","68109407143103339498063405506151933519","141851605057521366089072764562061264673"]},"id":"ASB-A-281665050-d4299c57"}],"spl":"2025-02-01","severity":"High"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-281665050.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12L:0"},{"fixed":"12L:2025-02-01"}]}],"versions":["12L"],"ecosystem_specific":{"types":["ID"],"fixes":["https://android.googlesource.com/platform/frameworks/base/+/f7ca136c514dc975c3f46d95c53fd6b3752c577a"],"vanir_signatures":[{"source":"https://android.googlesource.com/platform/frameworks/base/+/f7ca136c514dc975c3f46d95c53fd6b3752c577a","target":{"file":"services/autofill/java/com/android/server/autofill/Helper.java"},"signature_version":"v1","deprecated":false,"signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["206563368113645024653705304061605275981","197882718764834178866649541080794831380","239233852245253813103569443623407063279","44698807005793972678540295405764893919","21183059188807409401714516310665780128","300048194628243201263727493046361281547","200644165688969314273219891189461360855","77496428704198062703578586753481553588","55169701512537227256118636456135333684","198388733492753553705907241123091591212","304920987658179113312826479999607115028","269055928370450172860520757506759510794","237757000885932752970060260599884987089","33379483823330199745001603645193499184"]},"id":"ASB-A-281665050-4b9be62e"},{"source":"https://android.googlesource.com/platform/frameworks/base/+/f7ca136c514dc975c3f46d95c53fd6b3752c577a","target":{"function":"FillUi","file":"services/autofill/java/com/android/server/autofill/ui/FillUi.java"},"signature_version":"v1","deprecated":false,"signature_type":"Function","digest":{"length":6466,"function_hash":"155518773178166328024443815934004657924"},"id":"ASB-A-281665050-69bfefd7"},{"source":"https://android.googlesource.com/platform/frameworks/base/+/f7ca136c514dc975c3f46d95c53fd6b3752c577a","target":{"function":"applyCustomDescription","file":"services/autofill/java/com/android/server/autofill/ui/SaveUi.java"},"signature_version":"v1","deprecated":false,"signature_type":"Function","digest":{"length":3696,"function_hash":"110995354895912650465302359732992851334"},"id":"ASB-A-281665050-c0f2a3a7"},{"source":"https://android.googlesource.com/platform/frameworks/base/+/f7ca136c514dc975c3f46d95c53fd6b3752c577a","target":{"file":"services/autofill/java/com/android/server/autofill/ui/SaveUi.java"},"signature_version":"v1","deprecated":false,"signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["148303161279659643660660451501034279234","125883638802437311423689325172088876430","68109407143103339498063405506151933519","141851605057521366089072764562061264673"]},"id":"ASB-A-281665050-d7552cd1"},{"source":"https://android.googlesource.com/platform/frameworks/base/+/f7ca136c514dc975c3f46d95c53fd6b3752c577a","target":{"file":"services/autofill/java/com/android/server/autofill/ui/FillUi.java"},"signature_version":"v1","deprecated":false,"signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["70384187207969473467724071990317729398","320418546227076084465594181217435078892","139034975296227356350451546793061696188","198840029242654939539433467117586934531","313245536086977364838236582966126120156","9821241575628344625617058172907797661","84864080468086762366722034388010268348","321713212781640076910098641929018121181","60835553322294116645322918846401089571","194254830192584495059033577937727898134","147075656553749944497531376143451541327","11224255276186999251427813799537284016","190000541700740439308365212289947348130"]},"id":"ASB-A-281665050-f36bcf55"}],"spl":"2025-02-01","severity":"High"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-281665050.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"13:0"},{"fixed":"13:2025-02-01"}]}],"versions":["13"],"ecosystem_specific":{"types":["ID"],"fixes":["https://android.googlesource.com/platform/frameworks/base/+/93810ba1c0a4d31f49adbf9454731e2b7defdfc0"],"vanir_signatures":[{"source":"https://android.googlesource.com/platform/frameworks/base/+/93810ba1c0a4d31f49adbf9454731e2b7defdfc0","target":{"function":"applyCustomDescription","file":"services/autofill/java/com/android/server/autofill/ui/SaveUi.java"},"signature_version":"v1","deprecated":false,"signature_type":"Function","digest":{"length":3696,"function_hash":"110995354895912650465302359732992851334"},"id":"ASB-A-281665050-0d2943f4"},{"source":"https://android.googlesource.com/platform/frameworks/base/+/93810ba1c0a4d31f49adbf9454731e2b7defdfc0","target":{"file":"services/autofill/java/com/android/server/autofill/ui/FillUi.java"},"signature_version":"v1","deprecated":false,"signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["70384187207969473467724071990317729398","320418546227076084465594181217435078892","139034975296227356350451546793061696188","198840029242654939539433467117586934531","313245536086977364838236582966126120156","9821241575628344625617058172907797661","84864080468086762366722034388010268348","321713212781640076910098641929018121181","60835553322294116645322918846401089571","194254830192584495059033577937727898134","147075656553749944497531376143451541327","11224255276186999251427813799537284016","190000541700740439308365212289947348130"]},"id":"ASB-A-281665050-27c06beb"},{"source":"https://android.googlesource.com/platform/frameworks/base/+/93810ba1c0a4d31f49adbf9454731e2b7defdfc0","target":{"function":"createDatasetItems","file":"services/autofill/java/com/android/server/autofill/ui/DialogFillUi.java"},"signature_version":"v1","deprecated":false,"signature_type":"Function","digest":{"length":1677,"function_hash":"14933855057066592257347322952625317997"},"id":"ASB-A-281665050-2b9e0a47"},{"source":"https://android.googlesource.com/platform/frameworks/base/+/93810ba1c0a4d31f49adbf9454731e2b7defdfc0","target":{"function":"initialAuthenticationLayout","file":"services/autofill/java/com/android/server/autofill/ui/DialogFillUi.java"},"signature_version":"v1","deprecated":false,"signature_type":"Function","digest":{"length":754,"function_hash":"49532191195551615746744837755912801092"},"id":"ASB-A-281665050-8e58e6f9"},{"source":"https://android.googlesource.com/platform/frameworks/base/+/93810ba1c0a4d31f49adbf9454731e2b7defdfc0","target":{"function":"setHeader","file":"services/autofill/java/com/android/server/autofill/ui/DialogFillUi.java"},"signature_version":"v1","deprecated":false,"signature_type":"Function","digest":{"length":498,"function_hash":"243658678464188710220306003597891618027"},"id":"ASB-A-281665050-979c9889"},{"source":"https://android.googlesource.com/platform/frameworks/base/+/93810ba1c0a4d31f49adbf9454731e2b7defdfc0","target":{"file":"services/autofill/java/com/android/server/autofill/Helper.java"},"signature_version":"v1","deprecated":false,"signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["206563368113645024653705304061605275981","197882718764834178866649541080794831380","239233852245253813103569443623407063279","44698807005793972678540295405764893919","21183059188807409401714516310665780128","300048194628243201263727493046361281547","200644165688969314273219891189461360855","77496428704198062703578586753481553588","55169701512537227256118636456135333684","198388733492753553705907241123091591212","304920987658179113312826479999607115028","269055928370450172860520757506759510794","237757000885932752970060260599884987089","33379483823330199745001603645193499184"]},"id":"ASB-A-281665050-a1b813d7"},{"source":"https://android.googlesource.com/platform/frameworks/base/+/93810ba1c0a4d31f49adbf9454731e2b7defdfc0","target":{"function":"FillUi","file":"services/autofill/java/com/android/server/autofill/ui/FillUi.java"},"signature_version":"v1","deprecated":false,"signature_type":"Function","digest":{"length":6466,"function_hash":"155518773178166328024443815934004657924"},"id":"ASB-A-281665050-acd70eb0"},{"source":"https://android.googlesource.com/platform/frameworks/base/+/93810ba1c0a4d31f49adbf9454731e2b7defdfc0","target":{"file":"services/autofill/java/com/android/server/autofill/ui/DialogFillUi.java"},"signature_version":"v1","deprecated":false,"signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["152706124914265209826722211813105497440","122457438830031755697776489763091500155","9557648870503328618362177008065891024","21424190766785613237481844130356205668","318743049332437221904056720756700357292","19494396699293671953931356471127301788","125685506690105876920915180744054100445","193060436326013056668025233908441392097","45525861848201633409686579962243666914","247171390140834564838122080548466479325","11417974425339281741084590764620266974","63675271650473437443478445002199682738","337643276294840670681719171796552205364","120308007170846405930104003764350781053","110491743816707019839998419656968232453","290369119132319450297915760482112743456","318831208973307593363994768019606516553","118585930299939295491472408901765825976"]},"id":"ASB-A-281665050-b901e226"},{"source":"https://android.googlesource.com/platform/frameworks/base/+/93810ba1c0a4d31f49adbf9454731e2b7defdfc0","target":{"file":"services/autofill/java/com/android/server/autofill/ui/SaveUi.java"},"signature_version":"v1","deprecated":false,"signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["148303161279659643660660451501034279234","125883638802437311423689325172088876430","68109407143103339498063405506151933519","141851605057521366089072764562061264673"]},"id":"ASB-A-281665050-d2b5895d"}],"spl":"2025-02-01","severity":"High"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-281665050.json"}}],"schema_version":"1.7.5"}