{"id":"ASB-A-288113797","details":"In fixUpIncomingShortcutInfo of ShortcutService.java, there is a possible way to view another user's image due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-288113797","CVE-2023-45774"],"modified":"2026-04-24T15:37:38.793646Z","published":"2023-12-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2023-12-01"},{"type":"FIX","url":"https://android.googlesource.com/platform/frameworks/base/+/f229f0e55b07416badaca0e3493db5af0943c9eb"}],"affected":[{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"14-next:0"},{"fixed":"14-next:2023-12-01"}]}],"versions":["14-next"],"ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/520e266bcb0a37ccfcc50c7f618f83f1d988c13a"],"severity":"High","vanir_signatures":[{"target":{"file":"services/core/java/com/android/server/pm/ShortcutService.java","function":"fixUpIncomingShortcutInfo"},"signature_type":"Function","id":"ASB-A-288113797-08561cc6","signature_version":"v1","source":"https://android.googlesource.com/platform/frameworks/base/+/520e266bcb0a37ccfcc50c7f618f83f1d988c13a","digest":{"function_hash":"147151023695661007597714452911961564894","length":1098},"deprecated":false},{"target":{"file":"services/core/java/com/android/server/pm/ShortcutService.java"},"signature_type":"Line","id":"ASB-A-288113797-4a6b213a","signature_version":"v1","source":"https://android.googlesource.com/platform/frameworks/base/+/520e266bcb0a37ccfcc50c7f618f83f1d988c13a","digest":{"threshold":0.9,"line_hashes":["301714840950827928888260991036186957534","9390781471981044482067523708510232303","144060679038207743109726406051560226052","159971660088949769821375506581406084819","308718612377788454877479964169122779823","62321834771148455616793570555929042846","172053627303588391329126358714964458915","110362571885262099744158688696595844112","304463220540515675967860888327339369583","59943300903481926007344995756636923370","140688207799452736261337108461439383886"]},"deprecated":false}],"spl":"2023-12-01","types":["EoP"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-288113797.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"11:0"},{"fixed":"11:2023-12-01"}]}],"versions":["11"],"ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/3d41fb7620ffb9c81b23977c8367c323e4721e65"],"severity":"High","vanir_signatures":[{"target":{"file":"services/core/java/com/android/server/pm/ShortcutService.java","function":"fixUpIncomingShortcutInfo"},"signature_type":"Function","id":"ASB-A-288113797-598bd21b","signature_version":"v1","source":"https://android.googlesource.com/platform/frameworks/base/+/3d41fb7620ffb9c81b23977c8367c323e4721e65","digest":{"function_hash":"147151023695661007597714452911961564894","length":1098},"deprecated":false},{"target":{"file":"services/core/java/com/android/server/pm/ShortcutService.java"},"signature_type":"Line","id":"ASB-A-288113797-83c78ca3","signature_version":"v1","source":"https://android.googlesource.com/platform/frameworks/base/+/3d41fb7620ffb9c81b23977c8367c323e4721e65","digest":{"threshold":0.9,"line_hashes":["301714840950827928888260991036186957534","9390781471981044482067523708510232303","144060679038207743109726406051560226052","159971660088949769821375506581406084819","308718612377788454877479964169122779823","62321834771148455616793570555929042846","172053627303588391329126358714964458915","110362571885262099744158688696595844112","304463220540515675967860888327339369583","59943300903481926007344995756636923370","140688207799452736261337108461439383886"]},"deprecated":false}],"spl":"2023-12-01","types":["EoP"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-288113797.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12:0"},{"fixed":"12:2023-12-01"}]}],"versions":["12"],"ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/3d41fb7620ffb9c81b23977c8367c323e4721e65"],"severity":"High","vanir_signatures":[{"target":{"file":"services/core/java/com/android/server/pm/ShortcutService.java"},"signature_type":"Line","id":"ASB-A-288113797-9b63d0e0","signature_version":"v1","source":"https://android.googlesource.com/platform/frameworks/base/+/3d41fb7620ffb9c81b23977c8367c323e4721e65","digest":{"threshold":0.9,"line_hashes":["301714840950827928888260991036186957534","9390781471981044482067523708510232303","144060679038207743109726406051560226052","159971660088949769821375506581406084819","308718612377788454877479964169122779823","62321834771148455616793570555929042846","172053627303588391329126358714964458915","110362571885262099744158688696595844112","304463220540515675967860888327339369583","59943300903481926007344995756636923370","140688207799452736261337108461439383886"]},"deprecated":false},{"target":{"file":"services/core/java/com/android/server/pm/ShortcutService.java","function":"fixUpIncomingShortcutInfo"},"signature_type":"Function","id":"ASB-A-288113797-ef8969c4","signature_version":"v1","source":"https://android.googlesource.com/platform/frameworks/base/+/3d41fb7620ffb9c81b23977c8367c323e4721e65","digest":{"function_hash":"147151023695661007597714452911961564894","length":1098},"deprecated":false}],"spl":"2023-12-01","types":["EoP"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-288113797.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12L:0"},{"fixed":"12L:2023-12-01"}]}],"versions":["12L"],"ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/3d41fb7620ffb9c81b23977c8367c323e4721e65"],"severity":"High","vanir_signatures":[{"target":{"file":"services/core/java/com/android/server/pm/ShortcutService.java"},"signature_type":"Line","id":"ASB-A-288113797-89a7ffd5","signature_version":"v1","source":"https://android.googlesource.com/platform/frameworks/base/+/3d41fb7620ffb9c81b23977c8367c323e4721e65","digest":{"threshold":0.9,"line_hashes":["301714840950827928888260991036186957534","9390781471981044482067523708510232303","144060679038207743109726406051560226052","159971660088949769821375506581406084819","308718612377788454877479964169122779823","62321834771148455616793570555929042846","172053627303588391329126358714964458915","110362571885262099744158688696595844112","304463220540515675967860888327339369583","59943300903481926007344995756636923370","140688207799452736261337108461439383886"]},"deprecated":false},{"target":{"file":"services/core/java/com/android/server/pm/ShortcutService.java","function":"fixUpIncomingShortcutInfo"},"signature_type":"Function","id":"ASB-A-288113797-de39437a","signature_version":"v1","source":"https://android.googlesource.com/platform/frameworks/base/+/3d41fb7620ffb9c81b23977c8367c323e4721e65","digest":{"function_hash":"147151023695661007597714452911961564894","length":1098},"deprecated":false}],"spl":"2023-12-01","types":["EoP"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-288113797.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"13:0"},{"fixed":"13:2023-12-01"}]}],"versions":["13"],"ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/3d41fb7620ffb9c81b23977c8367c323e4721e65"],"severity":"High","vanir_signatures":[{"target":{"file":"services/core/java/com/android/server/pm/ShortcutService.java","function":"fixUpIncomingShortcutInfo"},"signature_type":"Function","id":"ASB-A-288113797-a31c4416","signature_version":"v1","source":"https://android.googlesource.com/platform/frameworks/base/+/3d41fb7620ffb9c81b23977c8367c323e4721e65","digest":{"function_hash":"147151023695661007597714452911961564894","length":1098},"deprecated":false},{"target":{"file":"services/core/java/com/android/server/pm/ShortcutService.java"},"signature_type":"Line","id":"ASB-A-288113797-a56369ad","signature_version":"v1","source":"https://android.googlesource.com/platform/frameworks/base/+/3d41fb7620ffb9c81b23977c8367c323e4721e65","digest":{"threshold":0.9,"line_hashes":["301714840950827928888260991036186957534","9390781471981044482067523708510232303","144060679038207743109726406051560226052","159971660088949769821375506581406084819","308718612377788454877479964169122779823","62321834771148455616793570555929042846","172053627303588391329126358714964458915","110362571885262099744158688696595844112","304463220540515675967860888327339369583","59943300903481926007344995756636923370","140688207799452736261337108461439383886"]},"deprecated":false}],"spl":"2023-12-01","types":["EoP"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-288113797.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"14:0"},{"fixed":"14:2023-12-01"}]}],"versions":["14"],"ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/3d41fb7620ffb9c81b23977c8367c323e4721e65"],"severity":"High","vanir_signatures":[{"target":{"file":"services/core/java/com/android/server/pm/ShortcutService.java","function":"fixUpIncomingShortcutInfo"},"signature_type":"Function","id":"ASB-A-288113797-486eb889","signature_version":"v1","source":"https://android.googlesource.com/platform/frameworks/base/+/3d41fb7620ffb9c81b23977c8367c323e4721e65","digest":{"function_hash":"147151023695661007597714452911961564894","length":1098},"deprecated":false},{"target":{"file":"services/core/java/com/android/server/pm/ShortcutService.java"},"signature_type":"Line","id":"ASB-A-288113797-a404e843","signature_version":"v1","source":"https://android.googlesource.com/platform/frameworks/base/+/3d41fb7620ffb9c81b23977c8367c323e4721e65","digest":{"threshold":0.9,"line_hashes":["301714840950827928888260991036186957534","9390781471981044482067523708510232303","144060679038207743109726406051560226052","159971660088949769821375506581406084819","308718612377788454877479964169122779823","62321834771148455616793570555929042846","172053627303588391329126358714964458915","110362571885262099744158688696595844112","304463220540515675967860888327339369583","59943300903481926007344995756636923370","140688207799452736261337108461439383886"]},"deprecated":false}],"spl":"2023-12-01","types":["EoP"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-288113797.json"}}],"schema_version":"1.7.5"}