{"id":"ASB-A-284297452","details":"In loadMediaDataInBgForResumption of MediaDataManager.kt, there is a possible way to view another user's images  due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-284297452","CVE-2023-40081"],"modified":"2026-05-18T15:08:09.253695Z","published":"2024-03-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2024-03-01"},{"type":"FIX","url":"https://android.googlesource.com/platform/frameworks/base/+/6fab80f141163de4d0008f7cd081cfc4917c3c68"}],"affected":[{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"14-next:0"},{"fixed":"14-next:2024-03-01"}]}],"versions":["14-next"],"ecosystem_specific":{"types":["ID"],"severity":"High","spl":"2024-03-01","fixes":["https://android.googlesource.com/platform/frameworks/base/+/470f62bc8954e45018796f87f56b78f41dad45d6","https://android.googlesource.com/platform/frameworks/base/+/96ad0ecd45a36438b80a809ab4c669f5af8d9df1"],"vanir_signatures":[{"source":"https://android.googlesource.com/platform/frameworks/base/+/96ad0ecd45a36438b80a809ab4c669f5af8d9df1","digest":{"line_hashes":["6861422742356935308781358437954986041","320938097064625856399105781385367184691","140563195996355726159336738084483484049","181332758451393043334121165483858809029","153560322394754509977182755712331720330","122562715670897109600439201331115488857","166673523750221533460663182719239531333","315507946539148082859979337014673660432","206733332151688434163517705028365431633","232975640711783965219677640021016743113","228484795863839999914856991184209348021","176642110138968974820457257637332968327","306964448876893060432434753667276949095","56714197230442957681134960935872326808"],"threshold":0.9},"signature_version":"v1","target":{"file":"core/java/android/view/inputmethod/RemoteInputConnectionImpl.java"},"signature_type":"Line","deprecated":true,"id":"ASB-A-284297452-143f8bc7","match_only_versions":["14-next"]},{"signature_type":"Line","deprecated":true,"id":"ASB-A-284297452-83cb9aab","digest":{"line_hashes":["315148219331921030566269997373448571861","84927060747918175780603861222671478559","332159229995226341690674039300130497150","201959732788354591480747998562276185002","176977018547643727165555349925919150112","61273032671010555112067042498848993705","210952737140323125617952079181036189101","93009082751397301251252160799821283646","314799369627835642921827884396392181379","112759502581764341096944093756514286120","124555838638100306386168115262917624364"],"threshold":0.9},"target":{"file":"services/core/java/com/android/server/uri/UriGrantsManagerService.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/96ad0ecd45a36438b80a809ab4c669f5af8d9df1","signature_version":"v1"},{"signature_type":"Function","deprecated":true,"id":"ASB-A-284297452-b5c1426c","digest":{"length":667,"function_hash":"73032467395090789751693529465866180379"},"target":{"function":"commitContent","file":"core/java/android/view/inputmethod/RemoteInputConnectionImpl.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/96ad0ecd45a36438b80a809ab4c669f5af8d9df1","signature_version":"v1"}]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-284297452.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12:0"},{"fixed":"12:2024-03-01"}]}],"versions":["12"],"ecosystem_specific":{"types":["ID"],"severity":"High","spl":"2024-03-01","fixes":["https://android.googlesource.com/platform/frameworks/base/+/ffae193f19f902d4ae890be579cd44573feeaedc"],"vanir_signatures":[{"signature_type":"Line","deprecated":false,"id":"ASB-A-284297452-f94e6958","digest":{"line_hashes":["315148219331921030566269997373448571861","84927060747918175780603861222671478559","332159229995226341690674039300130497150","201959732788354591480747998562276185002","176977018547643727165555349925919150112","61273032671010555112067042498848993705","210952737140323125617952079181036189101","93009082751397301251252160799821283646","227990557030464011859896503966642626211","52085707954234942960123877579721840727","69709612454831442075279851855499445807"],"threshold":0.9},"target":{"file":"services/core/java/com/android/server/uri/UriGrantsManagerService.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/ffae193f19f902d4ae890be579cd44573feeaedc","signature_version":"v1"}]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-284297452.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12L:0"},{"fixed":"12L:2024-03-01"}]}],"versions":["12L"],"ecosystem_specific":{"types":["ID"],"severity":"High","spl":"2024-03-01","fixes":["https://android.googlesource.com/platform/frameworks/base/+/1f758ee33f19efce1b57270d518e444d13309731"],"vanir_signatures":[{"signature_type":"Line","deprecated":false,"id":"ASB-A-284297452-1034f215","digest":{"line_hashes":["315148219331921030566269997373448571861","84927060747918175780603861222671478559","332159229995226341690674039300130497150","201959732788354591480747998562276185002","176977018547643727165555349925919150112","61273032671010555112067042498848993705","210952737140323125617952079181036189101","93009082751397301251252160799821283646","227990557030464011859896503966642626211","52085707954234942960123877579721840727","69709612454831442075279851855499445807"],"threshold":0.9},"target":{"file":"services/core/java/com/android/server/uri/UriGrantsManagerService.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/1f758ee33f19efce1b57270d518e444d13309731","signature_version":"v1"}]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-284297452.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"13:0"},{"fixed":"13:2024-03-01"}]}],"versions":["13"],"ecosystem_specific":{"types":["ID"],"severity":"High","spl":"2024-03-01","fixes":["https://android.googlesource.com/platform/frameworks/base/+/a3b7a10a15aa41ad75866922d528a4dc02fc8ca3"],"vanir_signatures":[{"signature_type":"Line","deprecated":false,"id":"ASB-A-284297452-bd663be7","digest":{"line_hashes":["315148219331921030566269997373448571861","84927060747918175780603861222671478559","332159229995226341690674039300130497150","201959732788354591480747998562276185002","176977018547643727165555349925919150112","61273032671010555112067042498848993705","210952737140323125617952079181036189101","93009082751397301251252160799821283646","314799369627835642921827884396392181379","112759502581764341096944093756514286120","124555838638100306386168115262917624364"],"threshold":0.9},"target":{"file":"services/core/java/com/android/server/uri/UriGrantsManagerService.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/a3b7a10a15aa41ad75866922d528a4dc02fc8ca3","signature_version":"v1"}]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-284297452.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"14:0"},{"fixed":"14:2024-03-01"}]}],"versions":["14"],"ecosystem_specific":{"types":["ID"],"severity":"High","spl":"2024-03-01","fixes":["https://android.googlesource.com/platform/frameworks/base/+/c8b7d562cfd8006e12ffcd621ec7811a393025f6"],"vanir_signatures":[{"signature_type":"Line","deprecated":false,"id":"ASB-A-284297452-24ddbd74","digest":{"line_hashes":["315148219331921030566269997373448571861","84927060747918175780603861222671478559","332159229995226341690674039300130497150","201959732788354591480747998562276185002","176977018547643727165555349925919150112","61273032671010555112067042498848993705","210952737140323125617952079181036189101","93009082751397301251252160799821283646","314799369627835642921827884396392181379","112759502581764341096944093756514286120","124555838638100306386168115262917624364"],"threshold":0.9},"target":{"file":"services/core/java/com/android/server/uri/UriGrantsManagerService.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/c8b7d562cfd8006e12ffcd621ec7811a393025f6","signature_version":"v1"}]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-284297452.json"}}],"schema_version":"1.7.5"}