{"id":"ASB-A-287640400","details":"In visitUris of Notification.java, there is a possible cross-user media read due to Confused Deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-287640400","CVE-2023-40073"],"modified":"2026-04-30T15:48:46.890647Z","published":"2023-12-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2023-12-01"},{"type":"FIX","url":"https://android.googlesource.com/platform/frameworks/base/+/fe6fef4f9c1f75c12bffa4a1d16d9990cc3fbc35"}],"affected":[{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"14-next:0"},{"fixed":"14-next:2023-12-01"}]}],"versions":["14-next"],"ecosystem_specific":{"severity":"High","types":["ID"],"fixes":["https://android.googlesource.com/platform/frameworks/base/+/f681073d91a5f1461324d829b6cd6c1b56ae71bd"],"vanir_signatures":[{"id":"ASB-A-287640400-0132a93e","target":{"file":"core/java/android/app/Notification.java","function":"visitUris"},"source":"https://android.googlesource.com/platform/frameworks/base/+/f681073d91a5f1461324d829b6cd6c1b56ae71bd","digest":{"function_hash":"201985218415011711560751470036948186349","length":2769},"signature_type":"Function","deprecated":false,"signature_version":"v1"},{"id":"ASB-A-287640400-604655c7","target":{"file":"core/java/android/app/Notification.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/f681073d91a5f1461324d829b6cd6c1b56ae71bd","digest":{"line_hashes":["147145125135629588391615947816063029025","281732678064438727946495070623556209283","142686402721790116739280597824549437236","85278780104695710719872825570651375143","7417117942208748972418722929560296056","43131416255491976861669527594031932808","108905658301692973882570739318435011551","108587633537507210242609878158511307392","209214712958229127365277677898883133842","4422083245898015211383055637752888781","103552041863994905675684917208281704433","37632166122149386811223787386280723680","73849403225311842655267071472360173532","291957484433081372285600943892667379318","66861139576724940568902264861670360430","244669392767242786024723497502983957733","17517019758488840952545588009142151325"],"threshold":0.9},"signature_type":"Line","deprecated":false,"signature_version":"v1"}],"spl":"2023-12-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-287640400.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"11:0"},{"fixed":"11:2023-12-01"}]}],"versions":["11"],"ecosystem_specific":{"severity":"High","types":["ID"],"fixes":["https://android.googlesource.com/platform/frameworks/base/+/a7e0c6585fd155d5bd9354b8b15516f4788c33a7"],"vanir_signatures":[{"id":"ASB-A-287640400-c28387b8","target":{"file":"core/java/android/app/Notification.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/a7e0c6585fd155d5bd9354b8b15516f4788c33a7","digest":{"line_hashes":["17209269953019172130702873434132132722","273011446949303099690139840038706141544","87619567163106936680864857850098689141","220635192558347618428557710966537549630","147390288046710788454631021817366760429","227971850139857560975030153672215940307","187870482558217037897344299771329252057","108587633537507210242609878158511307392","238482942521325421166953426418539953961","336609230544111782529988548778564228079","173394939516140047102879135056767743279","54400578888695249090798415271074078221"],"threshold":0.9},"signature_type":"Line","deprecated":false,"signature_version":"v1"},{"id":"ASB-A-287640400-eca5c718","target":{"file":"core/java/android/app/Notification.java","function":"visitUris"},"source":"https://android.googlesource.com/platform/frameworks/base/+/a7e0c6585fd155d5bd9354b8b15516f4788c33a7","digest":{"function_hash":"262132017175392463767878872766108479421","length":2581},"signature_type":"Function","deprecated":false,"signature_version":"v1"}],"spl":"2023-12-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-287640400.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12:0"},{"fixed":"12:2023-12-01"}]}],"versions":["12"],"ecosystem_specific":{"severity":"High","types":["ID"],"fixes":["https://android.googlesource.com/platform/frameworks/base/+/87db980ca1270083a2ba3c7317402a0cd289fd65"],"vanir_signatures":[{"id":"ASB-A-287640400-96c98107","target":{"file":"core/java/android/app/Notification.java","function":"visitUris"},"source":"https://android.googlesource.com/platform/frameworks/base/+/87db980ca1270083a2ba3c7317402a0cd289fd65","digest":{"function_hash":"330302221767727683507046250836261280812","length":2904},"signature_type":"Function","deprecated":false,"signature_version":"v1"},{"id":"ASB-A-287640400-d8921592","target":{"file":"core/java/android/app/Notification.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/87db980ca1270083a2ba3c7317402a0cd289fd65","digest":{"line_hashes":["149682647126246980450813888265983878136","139268105701371031712134097557714266014","197585125163988185987062498860316791841","293871498699140096628809383344655540256","157168360506007279060120465614609954899","227971850139857560975030153672215940307","187870482558217037897344299771329252057","108587633537507210242609878158511307392","209214712958229127365277677898883133842","247274710125108089918752834510465687719","275420439690197521529143529770472213140","90544060682381301178915754424100445601","234444926472905264221245843932327875381","249140699872570335116461996548423358221","101803455055234848959300302164930637449","160755499569831398663180417212296914663","173820567809165489649736099919517038060"],"threshold":0.9},"signature_type":"Line","deprecated":false,"signature_version":"v1"}],"spl":"2023-12-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-287640400.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12L:0"},{"fixed":"12L:2023-12-01"}]}],"versions":["12L"],"ecosystem_specific":{"severity":"High","types":["ID"],"fixes":["https://android.googlesource.com/platform/frameworks/base/+/87db980ca1270083a2ba3c7317402a0cd289fd65"],"vanir_signatures":[{"id":"ASB-A-287640400-19572b02","target":{"file":"core/java/android/app/Notification.java","function":"visitUris"},"source":"https://android.googlesource.com/platform/frameworks/base/+/87db980ca1270083a2ba3c7317402a0cd289fd65","digest":{"function_hash":"330302221767727683507046250836261280812","length":2904},"signature_type":"Function","deprecated":false,"signature_version":"v1"},{"id":"ASB-A-287640400-8b070e85","target":{"file":"core/java/android/app/Notification.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/87db980ca1270083a2ba3c7317402a0cd289fd65","digest":{"line_hashes":["149682647126246980450813888265983878136","139268105701371031712134097557714266014","197585125163988185987062498860316791841","293871498699140096628809383344655540256","157168360506007279060120465614609954899","227971850139857560975030153672215940307","187870482558217037897344299771329252057","108587633537507210242609878158511307392","209214712958229127365277677898883133842","247274710125108089918752834510465687719","275420439690197521529143529770472213140","90544060682381301178915754424100445601","234444926472905264221245843932327875381","249140699872570335116461996548423358221","101803455055234848959300302164930637449","160755499569831398663180417212296914663","173820567809165489649736099919517038060"],"threshold":0.9},"signature_type":"Line","deprecated":false,"signature_version":"v1"}],"spl":"2023-12-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-287640400.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"13:0"},{"fixed":"13:2023-12-01"}]}],"versions":["13"],"ecosystem_specific":{"severity":"High","types":["ID"],"fixes":["https://android.googlesource.com/platform/frameworks/base/+/3c2ebb81ff064cdf1fbe58c15920f44d343e9391"],"vanir_signatures":[{"id":"ASB-A-287640400-63958040","target":{"file":"core/java/android/app/Notification.java","function":"visitUris"},"source":"https://android.googlesource.com/platform/frameworks/base/+/3c2ebb81ff064cdf1fbe58c15920f44d343e9391","digest":{"function_hash":"218611055744708306518163908548631465702","length":2952},"signature_type":"Function","deprecated":false,"signature_version":"v1"},{"id":"ASB-A-287640400-adfe55c7","target":{"file":"core/java/android/app/Notification.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/3c2ebb81ff064cdf1fbe58c15920f44d343e9391","digest":{"line_hashes":["155754717432209013017543167464952632511","114249688477433304223182082335439108100","22721810471636571311748513428527171493","209530810119055766998990867496632062624","781225146328105575814677055182072393","201520778652802430645411465180549161940","275031627355662767670014368247287897901","281732678064438727946495070623556209283","119091735977763546063692168043607642164","250638055627944970047384174701610575040","88299794168774314635044546257261857265","180262050703456585785769205171919383845","108905658301692973882570739318435011551","108587633537507210242609878158511307392","209214712958229127365277677898883133842","247274710125108089918752834510465687719","275420439690197521529143529770472213140","90544060682381301178915754424100445601","174773538391543390547072899090801225263","208846296421393991542105520785753736042","16915267631876370560627816182013625710","37169510279397837687069754429310609330","239494160250163390723174443656735345545","183671867846423336259288113830564499130","234444926472905264221245843932327875381","249140699872570335116461996548423358221","101803455055234848959300302164930637449","160755499569831398663180417212296914663","173820567809165489649736099919517038060","149572172347206097383450124856241791941","216047209128885008134994698672488946183","230604067347090329615129250887209897007","34747155296587682055564506055647708681","216543036933530589877677361988555716890"],"threshold":0.9},"signature_type":"Line","deprecated":false,"signature_version":"v1"}],"spl":"2023-12-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-287640400.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"14:0"},{"fixed":"14:2023-12-01"}]}],"versions":["14"],"ecosystem_specific":{"severity":"High","types":["ID"],"fixes":["https://android.googlesource.com/platform/frameworks/base/+/3054c3ba40319490281562bdd2adb1456f5b1dc9"],"vanir_signatures":[{"id":"ASB-A-287640400-12e5860a","target":{"file":"core/java/android/app/Notification.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/3054c3ba40319490281562bdd2adb1456f5b1dc9","digest":{"line_hashes":["275031627355662767670014368247287897901","281732678064438727946495070623556209283","119091735977763546063692168043607642164","250638055627944970047384174701610575040","88299794168774314635044546257261857265","180262050703456585785769205171919383845","108905658301692973882570739318435011551","108587633537507210242609878158511307392","209214712958229127365277677898883133842","4422083245898015211383055637752888781","103552041863994905675684917208281704433","37632166122149386811223787386280723680","73849403225311842655267071472360173532","291957484433081372285600943892667379318","66861139576724940568902264861670360430","244669392767242786024723497502983957733","46092162532536089214777198820882741896"],"threshold":0.9},"signature_type":"Line","deprecated":false,"signature_version":"v1"},{"id":"ASB-A-287640400-b6d5660a","target":{"file":"core/java/android/app/Notification.java","function":"visitUris"},"source":"https://android.googlesource.com/platform/frameworks/base/+/3054c3ba40319490281562bdd2adb1456f5b1dc9","digest":{"function_hash":"16480000897640145369319295520833400692","length":3048},"signature_type":"Function","deprecated":false,"signature_version":"v1"}],"spl":"2023-12-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-287640400.json"}}],"schema_version":"1.7.5"}