{"id":"ASB-A-288110451","details":"In verifyShortcutInfoPackage of ShortcutService.java, there is a possible way to see another user's image due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-288110451","CVE-2023-40092"],"modified":"2026-05-19T16:54:37.272608834Z","published":"2023-12-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2023-12-01"},{"type":"FIX","url":"https://android.googlesource.com/platform/frameworks/base/+/a5e55363e69b3c84d3f4011c7b428edb1a25752c"}],"affected":[{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"14-next:0"},{"fixed":"14-next:2023-12-01"}]}],"versions":["14-next"],"ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/4a12c242e18e83ac209a457e25edecc4055e6929"],"types":["ID"],"spl":"2023-12-01","vanir_signatures":[{"signature_version":"v1","deprecated":false,"target":{"file":"services/core/java/com/android/server/pm/ShortcutService.java","function":"verifyShortcutInfoPackage"},"id":"ASB-A-288110451-9d8b859c","signature_type":"Function","digest":{"length":284,"function_hash":"51460153212983138887742613780005792845"},"source":"https://android.googlesource.com/platform/frameworks/base/+/4a12c242e18e83ac209a457e25edecc4055e6929"},{"signature_version":"v1","source":"https://android.googlesource.com/platform/frameworks/base/+/4a12c242e18e83ac209a457e25edecc4055e6929","deprecated":false,"id":"ASB-A-288110451-e394e1c6","signature_type":"Line","digest":{"line_hashes":["86684569759461002666217921323255425402","245999318849493497398196780292971992927","256396515782213366321165341236267936207","272775078542805382455308614733401320132"],"threshold":0.9},"target":{"file":"services/core/java/com/android/server/pm/ShortcutService.java"}}],"severity":"High"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-288110451.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"11:0"},{"fixed":"11:2023-12-01"}]}],"versions":["11"],"ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/01bfd04ff445db6290ae430d44ea1bf1a115fe3c"],"types":["ID"],"spl":"2023-12-01","vanir_signatures":[{"signature_version":"v1","deprecated":false,"target":{"file":"services/core/java/com/android/server/pm/ShortcutService.java","function":"verifyShortcutInfoPackage"},"id":"ASB-A-288110451-46ac04eb","signature_type":"Function","digest":{"length":284,"function_hash":"51460153212983138887742613780005792845"},"source":"https://android.googlesource.com/platform/frameworks/base/+/01bfd04ff445db6290ae430d44ea1bf1a115fe3c"},{"signature_version":"v1","source":"https://android.googlesource.com/platform/frameworks/base/+/01bfd04ff445db6290ae430d44ea1bf1a115fe3c","target":{"file":"services/core/java/com/android/server/pm/ShortcutService.java"},"id":"ASB-A-288110451-79855b18","signature_type":"Line","digest":{"line_hashes":["86684569759461002666217921323255425402","245999318849493497398196780292971992927","256396515782213366321165341236267936207","272775078542805382455308614733401320132"],"threshold":0.9},"deprecated":false}],"severity":"High"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-288110451.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12:0"},{"fixed":"12:2023-12-01"}]}],"versions":["12"],"ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/01bfd04ff445db6290ae430d44ea1bf1a115fe3c"],"types":["ID"],"spl":"2023-12-01","vanir_signatures":[{"signature_version":"v1","deprecated":false,"target":{"file":"services/core/java/com/android/server/pm/ShortcutService.java","function":"verifyShortcutInfoPackage"},"id":"ASB-A-288110451-29e48883","signature_type":"Function","source":"https://android.googlesource.com/platform/frameworks/base/+/01bfd04ff445db6290ae430d44ea1bf1a115fe3c","digest":{"length":284,"function_hash":"51460153212983138887742613780005792845"}},{"signature_version":"v1","deprecated":false,"target":{"file":"services/core/java/com/android/server/pm/ShortcutService.java"},"id":"ASB-A-288110451-485a903a","signature_type":"Line","source":"https://android.googlesource.com/platform/frameworks/base/+/01bfd04ff445db6290ae430d44ea1bf1a115fe3c","digest":{"line_hashes":["86684569759461002666217921323255425402","245999318849493497398196780292971992927","256396515782213366321165341236267936207","272775078542805382455308614733401320132"],"threshold":0.9}}],"severity":"High"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-288110451.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12L:0"},{"fixed":"12L:2023-12-01"}]}],"versions":["12L"],"ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/01bfd04ff445db6290ae430d44ea1bf1a115fe3c"],"types":["ID"],"spl":"2023-12-01","vanir_signatures":[{"signature_version":"v1","deprecated":false,"target":{"file":"services/core/java/com/android/server/pm/ShortcutService.java","function":"verifyShortcutInfoPackage"},"id":"ASB-A-288110451-403c427e","signature_type":"Function","digest":{"length":284,"function_hash":"51460153212983138887742613780005792845"},"source":"https://android.googlesource.com/platform/frameworks/base/+/01bfd04ff445db6290ae430d44ea1bf1a115fe3c"},{"signature_version":"v1","deprecated":false,"target":{"file":"services/core/java/com/android/server/pm/ShortcutService.java"},"id":"ASB-A-288110451-4bd1cbaf","signature_type":"Line","source":"https://android.googlesource.com/platform/frameworks/base/+/01bfd04ff445db6290ae430d44ea1bf1a115fe3c","digest":{"line_hashes":["86684569759461002666217921323255425402","245999318849493497398196780292971992927","256396515782213366321165341236267936207","272775078542805382455308614733401320132"],"threshold":0.9}}],"severity":"High"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-288110451.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"13:0"},{"fixed":"13:2023-12-01"}]}],"versions":["13"],"ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/01bfd04ff445db6290ae430d44ea1bf1a115fe3c"],"types":["ID"],"spl":"2023-12-01","vanir_signatures":[{"signature_version":"v1","source":"https://android.googlesource.com/platform/frameworks/base/+/01bfd04ff445db6290ae430d44ea1bf1a115fe3c","deprecated":false,"id":"ASB-A-288110451-88d8be83","signature_type":"Function","digest":{"length":284,"function_hash":"51460153212983138887742613780005792845"},"target":{"file":"services/core/java/com/android/server/pm/ShortcutService.java","function":"verifyShortcutInfoPackage"}},{"signature_version":"v1","deprecated":false,"target":{"file":"services/core/java/com/android/server/pm/ShortcutService.java"},"id":"ASB-A-288110451-b758b546","signature_type":"Line","source":"https://android.googlesource.com/platform/frameworks/base/+/01bfd04ff445db6290ae430d44ea1bf1a115fe3c","digest":{"line_hashes":["86684569759461002666217921323255425402","245999318849493497398196780292971992927","256396515782213366321165341236267936207","272775078542805382455308614733401320132"],"threshold":0.9}}],"severity":"High"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-288110451.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"14:0"},{"fixed":"14:2023-12-01"}]}],"versions":["14"],"ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/01bfd04ff445db6290ae430d44ea1bf1a115fe3c"],"types":["ID"],"spl":"2023-12-01","vanir_signatures":[{"signature_version":"v1","source":"https://android.googlesource.com/platform/frameworks/base/+/01bfd04ff445db6290ae430d44ea1bf1a115fe3c","deprecated":false,"id":"ASB-A-288110451-29f365d4","signature_type":"Line","digest":{"line_hashes":["86684569759461002666217921323255425402","245999318849493497398196780292971992927","256396515782213366321165341236267936207","272775078542805382455308614733401320132"],"threshold":0.9},"target":{"file":"services/core/java/com/android/server/pm/ShortcutService.java"}},{"signature_version":"v1","deprecated":false,"target":{"file":"services/core/java/com/android/server/pm/ShortcutService.java","function":"verifyShortcutInfoPackage"},"id":"ASB-A-288110451-86987fd9","signature_type":"Function","source":"https://android.googlesource.com/platform/frameworks/base/+/01bfd04ff445db6290ae430d44ea1bf1a115fe3c","digest":{"length":284,"function_hash":"51460153212983138887742613780005792845"}}],"severity":"High"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-288110451.json"}}],"schema_version":"1.7.5"}