{"id":"ASB-A-288896339","details":"In keyguardGoingAway of ActivityTaskManagerService.java, there is a possible lock screen bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-288896339","CVE-2023-40094"],"modified":"2026-05-29T15:55:33.750044621Z","published":"2023-12-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2023-12-01"},{"type":"FIX","url":"https://android.googlesource.com/platform/frameworks/base/+/1120bc7e511710b1b774adf29ba47106292365e7"}],"affected":[{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"14-next:0"},{"fixed":"14-next:2023-12-01"}]}],"versions":["14-next"],"ecosystem_specific":{"severity":"High","fixes":["https://android.googlesource.com/platform/frameworks/base/+/bd2aa5d309c5bf8e73161975bd5aba7945b25e84"],"types":["EoP"],"spl":"2023-12-01","vanir_signatures":[{"digest":{"function_hash":"18450793016039751882161471123903104771","length":618},"source":"https://android.googlesource.com/platform/frameworks/base/+/bd2aa5d309c5bf8e73161975bd5aba7945b25e84","id":"ASB-A-288896339-1c661055","deprecated":false,"signature_version":"v1","signature_type":"Function","target":{"file":"services/core/java/com/android/server/wm/ActivityTaskManagerService.java","function":"keyguardGoingAway"}},{"digest":{"threshold":0.9,"line_hashes":["130489095145400917776813713537007795442","278193841134142408998192934093106006356","330932791736218819777175471699729872299","56211969826742766420930325550656389895","127224605848258698820843035590132556834","264741881997647552184624361309976979613","101117958547520561979416695057660209376"]},"signature_version":"v1","id":"ASB-A-288896339-2a158430","deprecated":false,"source":"https://android.googlesource.com/platform/frameworks/base/+/bd2aa5d309c5bf8e73161975bd5aba7945b25e84","signature_type":"Line","target":{"file":"services/core/java/com/android/server/wm/ActivityTaskManagerService.java"}}]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-288896339.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"11:0"},{"fixed":"11:2023-12-01"}]}],"versions":["11"],"ecosystem_specific":{"severity":"High","fixes":["https://android.googlesource.com/platform/frameworks/base/+/ad8e7e3b1db22684988a179e23639567a4096ca6"],"types":["EoP"],"spl":"2023-12-01","vanir_signatures":[{"digest":{"threshold":0.9,"line_hashes":["130489095145400917776813713537007795442","104423481067330968789877443750909090044","23336195211901233531059176708158255384","56211969826742766420930325550656389895","127224605848258698820843035590132556834","264741881997647552184624361309976979613","101117958547520561979416695057660209376"]},"signature_version":"v1","id":"ASB-A-288896339-10749946","deprecated":false,"source":"https://android.googlesource.com/platform/frameworks/base/+/ad8e7e3b1db22684988a179e23639567a4096ca6","signature_type":"Line","target":{"file":"services/core/java/com/android/server/wm/ActivityTaskManagerService.java"}},{"digest":{"function_hash":"220605962547549702920589314919307302123","length":235},"signature_version":"v1","id":"ASB-A-288896339-6bf98c35","deprecated":false,"source":"https://android.googlesource.com/platform/frameworks/base/+/ad8e7e3b1db22684988a179e23639567a4096ca6","signature_type":"Function","target":{"file":"services/core/java/com/android/server/wm/ActivityTaskManagerService.java","function":"keyguardGoingAway"}}]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-288896339.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12:0"},{"fixed":"12:2023-12-01"}]}],"versions":["12"],"ecosystem_specific":{"severity":"High","fixes":["https://android.googlesource.com/platform/frameworks/base/+/7f28e3eaaf7c91c6b22ef89a9f18bfe081ba5b1e"],"types":["EoP"],"spl":"2023-12-01","vanir_signatures":[{"digest":{"threshold":0.9,"line_hashes":["130489095145400917776813713537007795442","104423481067330968789877443750909090044","23336195211901233531059176708158255384","56211969826742766420930325550656389895","127224605848258698820843035590132556834","264741881997647552184624361309976979613","101117958547520561979416695057660209376"]},"signature_version":"v1","deprecated":false,"id":"ASB-A-288896339-2cffc941","source":"https://android.googlesource.com/platform/frameworks/base/+/7f28e3eaaf7c91c6b22ef89a9f18bfe081ba5b1e","signature_type":"Line","target":{"file":"services/core/java/com/android/server/wm/ActivityTaskManagerService.java"}},{"digest":{"function_hash":"220605962547549702920589314919307302123","length":235},"signature_version":"v1","id":"ASB-A-288896339-79f795f4","deprecated":false,"source":"https://android.googlesource.com/platform/frameworks/base/+/7f28e3eaaf7c91c6b22ef89a9f18bfe081ba5b1e","signature_type":"Function","target":{"file":"services/core/java/com/android/server/wm/ActivityTaskManagerService.java","function":"keyguardGoingAway"}}]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-288896339.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12L:0"},{"fixed":"12L:2023-12-01"}]}],"versions":["12L"],"ecosystem_specific":{"severity":"High","fixes":["https://android.googlesource.com/platform/frameworks/base/+/6568e40be92a15def8e0b6da9c3a18633a71cc3b"],"types":["EoP"],"spl":"2023-12-01","vanir_signatures":[{"digest":{"function_hash":"220605962547549702920589314919307302123","length":235},"signature_version":"v1","id":"ASB-A-288896339-026a0854","deprecated":false,"source":"https://android.googlesource.com/platform/frameworks/base/+/6568e40be92a15def8e0b6da9c3a18633a71cc3b","signature_type":"Function","target":{"file":"services/core/java/com/android/server/wm/ActivityTaskManagerService.java","function":"keyguardGoingAway"}},{"digest":{"threshold":0.9,"line_hashes":["130489095145400917776813713537007795442","104423481067330968789877443750909090044","23336195211901233531059176708158255384","56211969826742766420930325550656389895","127224605848258698820843035590132556834","264741881997647552184624361309976979613","101117958547520561979416695057660209376"]},"signature_version":"v1","id":"ASB-A-288896339-38c5aaf8","deprecated":false,"source":"https://android.googlesource.com/platform/frameworks/base/+/6568e40be92a15def8e0b6da9c3a18633a71cc3b","signature_type":"Line","target":{"file":"services/core/java/com/android/server/wm/ActivityTaskManagerService.java"}}]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-288896339.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"13:0"},{"fixed":"13:2023-12-01"}]}],"versions":["13"],"ecosystem_specific":{"severity":"High","fixes":["https://android.googlesource.com/platform/frameworks/base/+/41bc7c0042f1dd004179f32376f72a8811d83c6e"],"types":["EoP"],"spl":"2023-12-01","vanir_signatures":[{"digest":{"function_hash":"305551150509788336900740638482705596740","length":463},"signature_version":"v1","id":"ASB-A-288896339-18d69855","deprecated":false,"source":"https://android.googlesource.com/platform/frameworks/base/+/41bc7c0042f1dd004179f32376f72a8811d83c6e","signature_type":"Function","target":{"file":"services/core/java/com/android/server/wm/ActivityTaskManagerService.java","function":"keyguardGoingAway"}},{"digest":{"threshold":0.9,"line_hashes":["130489095145400917776813713537007795442","104423481067330968789877443750909090044","23336195211901233531059176708158255384","56211969826742766420930325550656389895","127224605848258698820843035590132556834","264741881997647552184624361309976979613","101117958547520561979416695057660209376"]},"source":"https://android.googlesource.com/platform/frameworks/base/+/41bc7c0042f1dd004179f32376f72a8811d83c6e","id":"ASB-A-288896339-a8923c81","deprecated":false,"signature_version":"v1","signature_type":"Line","target":{"file":"services/core/java/com/android/server/wm/ActivityTaskManagerService.java"}}]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-288896339.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"14:0"},{"fixed":"14:2023-12-01"}]}],"versions":["14"],"ecosystem_specific":{"severity":"High","fixes":["https://android.googlesource.com/platform/frameworks/base/+/d41eb87422d238a5c854e67ef73d300c9d1caf0c"],"types":["EoP"],"spl":"2023-12-01","vanir_signatures":[{"digest":{"threshold":0.9,"line_hashes":["130489095145400917776813713537007795442","278193841134142408998192934093106006356","330932791736218819777175471699729872299","56211969826742766420930325550656389895","127224605848258698820843035590132556834","264741881997647552184624361309976979613","101117958547520561979416695057660209376"]},"signature_version":"v1","id":"ASB-A-288896339-c635eb41","deprecated":false,"source":"https://android.googlesource.com/platform/frameworks/base/+/d41eb87422d238a5c854e67ef73d300c9d1caf0c","signature_type":"Line","target":{"file":"services/core/java/com/android/server/wm/ActivityTaskManagerService.java"}},{"digest":{"function_hash":"18450793016039751882161471123903104771","length":618},"signature_version":"v1","deprecated":false,"id":"ASB-A-288896339-fe32f71d","source":"https://android.googlesource.com/platform/frameworks/base/+/d41eb87422d238a5c854e67ef73d300c9d1caf0c","signature_type":"Function","target":{"file":"services/core/java/com/android/server/wm/ActivityTaskManagerService.java","function":"keyguardGoingAway"}}]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-288896339.json"}}],"schema_version":"1.7.5"}