{"id":"ASB-A-289549315","details":"In backupAgentCreated of ActivityManagerService.java, there is a possible way to leak sensitive data due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-289549315","CVE-2023-40105"],"modified":"2026-05-25T16:46:24.913870386Z","published":"2023-11-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2023-11-01"},{"type":"FIX","url":"https://android.googlesource.com/platform/frameworks/base/+/935eb5ed6be35860a99ea242fb753f687d54a308"}],"affected":[{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"14-next:0"},{"fixed":"14-next:2023-11-01"}]}],"versions":["14-next"],"ecosystem_specific":{"spl":"2023-11-01","severity":"High","vanir_signatures":[{"signature_type":"Line","source":"https://android.googlesource.com/platform/frameworks/base/+/183d815b456a3dfa8146a90e81a060a57a6b56e0","target":{"file":"services/core/java/com/android/server/am/ActivityManagerService.java"},"digest":{"threshold":0.9,"line_hashes":["295747577431459138783214723720080232905","104986103895883280973484033654450783550","200932986351792462262403114396539000858","13293847349918228768530318403612346856","119089759048065327889787429548575806089","103222781888017295237712909037069379684","305953945846036139880356385746645401116","170762878817648619129649734788323132715","73295037082427983513118367576593935300","31364012517850101724274379464464592783","110469676561001990110449437251258005111","44785600318475085707930050683937806470","213847325994902213538424559586698988120"]},"deprecated":false,"signature_version":"v1","id":"ASB-A-289549315-0e2eedb5"},{"signature_type":"Function","source":"https://android.googlesource.com/platform/frameworks/base/+/183d815b456a3dfa8146a90e81a060a57a6b56e0","target":{"file":"services/core/java/com/android/server/am/ActivityManagerService.java","function":"backupAgentCreated"},"digest":{"length":1160,"function_hash":"288738322659701627884182541415328348424"},"deprecated":false,"signature_version":"v1","id":"ASB-A-289549315-44d6db3c"}],"types":["ID"],"fixes":["https://android.googlesource.com/platform/frameworks/base/+/183d815b456a3dfa8146a90e81a060a57a6b56e0"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-289549315.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"11:0"},{"fixed":"11:2023-11-01"}]}],"versions":["11"],"ecosystem_specific":{"spl":"2023-11-01","severity":"High","vanir_signatures":[{"signature_type":"Line","source":"https://android.googlesource.com/platform/frameworks/base/+/52b91363583c4e2b68f1a818b067cefe04809285","target":{"file":"services/core/java/com/android/server/am/ActivityManagerService.java"},"digest":{"threshold":0.9,"line_hashes":["12259460893973178711972545920123660292","104986103895883280973484033654450783550","200932986351792462262403114396539000858","13293847349918228768530318403612346856","119089759048065327889787429548575806089","103222781888017295237712909037069379684","305953945846036139880356385746645401116","170762878817648619129649734788323132715","73295037082427983513118367576593935300","31364012517850101724274379464464592783","110469676561001990110449437251258005111","44785600318475085707930050683937806470","213847325994902213538424559586698988120"]},"deprecated":false,"signature_version":"v1","id":"ASB-A-289549315-4bee8e2e"},{"target":{"file":"services/core/java/com/android/server/am/ActivityManagerService.java","function":"backupAgentCreated"},"source":"https://android.googlesource.com/platform/frameworks/base/+/52b91363583c4e2b68f1a818b067cefe04809285","signature_version":"v1","digest":{"length":1154,"function_hash":"250283915054302396442595387451130498803"},"deprecated":false,"signature_type":"Function","id":"ASB-A-289549315-c8b48ff3"}],"types":["ID"],"fixes":["https://android.googlesource.com/platform/frameworks/base/+/52b91363583c4e2b68f1a818b067cefe04809285"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-289549315.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12:0"},{"fixed":"12:2023-11-01"}]}],"versions":["12"],"ecosystem_specific":{"spl":"2023-11-01","severity":"High","types":["ID"],"vanir_signatures":[{"signature_type":"Line","source":"https://android.googlesource.com/platform/frameworks/base/+/ebdcc72a235d6b2a65e1d1c99d7a9eb89f309357","target":{"file":"services/core/java/com/android/server/am/ActivityManagerService.java"},"digest":{"threshold":0.9,"line_hashes":["12259460893973178711972545920123660292","104986103895883280973484033654450783550","200932986351792462262403114396539000858","13293847349918228768530318403612346856","119089759048065327889787429548575806089","103222781888017295237712909037069379684","305953945846036139880356385746645401116","170762878817648619129649734788323132715","73295037082427983513118367576593935300","31364012517850101724274379464464592783","110469676561001990110449437251258005111","44785600318475085707930050683937806470","213847325994902213538424559586698988120"]},"deprecated":false,"signature_version":"v1","id":"ASB-A-289549315-4ce1b6e7"},{"signature_version":"v1","source":"https://android.googlesource.com/platform/frameworks/base/+/ebdcc72a235d6b2a65e1d1c99d7a9eb89f309357","signature_type":"Function","digest":{"length":1160,"function_hash":"288738322659701627884182541415328348424"},"deprecated":false,"target":{"file":"services/core/java/com/android/server/am/ActivityManagerService.java","function":"backupAgentCreated"},"id":"ASB-A-289549315-e72cdff0"}],"fixes":["https://android.googlesource.com/platform/frameworks/base/+/ebdcc72a235d6b2a65e1d1c99d7a9eb89f309357"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-289549315.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12L:0"},{"fixed":"12L:2023-11-01"}]}],"versions":["12L"],"ecosystem_specific":{"spl":"2023-11-01","severity":"High","vanir_signatures":[{"signature_type":"Function","source":"https://android.googlesource.com/platform/frameworks/base/+/4a82aa857eb738d3334a896dac525abf3b32c5bf","target":{"file":"services/core/java/com/android/server/am/ActivityManagerService.java","function":"backupAgentCreated"},"digest":{"length":1160,"function_hash":"288738322659701627884182541415328348424"},"deprecated":false,"signature_version":"v1","id":"ASB-A-289549315-0f9c47fe"},{"signature_type":"Line","source":"https://android.googlesource.com/platform/frameworks/base/+/4a82aa857eb738d3334a896dac525abf3b32c5bf","target":{"file":"services/core/java/com/android/server/am/ActivityManagerService.java"},"digest":{"threshold":0.9,"line_hashes":["12259460893973178711972545920123660292","104986103895883280973484033654450783550","200932986351792462262403114396539000858","13293847349918228768530318403612346856","119089759048065327889787429548575806089","103222781888017295237712909037069379684","305953945846036139880356385746645401116","170762878817648619129649734788323132715","73295037082427983513118367576593935300","31364012517850101724274379464464592783","110469676561001990110449437251258005111","44785600318475085707930050683937806470","213847325994902213538424559586698988120"]},"deprecated":false,"signature_version":"v1","id":"ASB-A-289549315-7b2c915c"}],"types":["ID"],"fixes":["https://android.googlesource.com/platform/frameworks/base/+/4a82aa857eb738d3334a896dac525abf3b32c5bf"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-289549315.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"13:0"},{"fixed":"13:2023-11-01"}]}],"versions":["13"],"ecosystem_specific":{"spl":"2023-11-01","severity":"High","types":["ID"],"vanir_signatures":[{"signature_type":"Line","source":"https://android.googlesource.com/platform/frameworks/base/+/c31434d6a097f815e8daec899ba92348487cbfac","target":{"file":"services/core/java/com/android/server/am/ActivityManagerService.java"},"digest":{"threshold":0.9,"line_hashes":["295747577431459138783214723720080232905","104986103895883280973484033654450783550","200932986351792462262403114396539000858","13293847349918228768530318403612346856","119089759048065327889787429548575806089","103222781888017295237712909037069379684","305953945846036139880356385746645401116","170762878817648619129649734788323132715","73295037082427983513118367576593935300","31364012517850101724274379464464592783","110469676561001990110449437251258005111","44785600318475085707930050683937806470","213847325994902213538424559586698988120"]},"deprecated":false,"signature_version":"v1","id":"ASB-A-289549315-06f46722"},{"target":{"file":"services/core/java/com/android/server/am/ActivityManagerService.java","function":"backupAgentCreated"},"source":"https://android.googlesource.com/platform/frameworks/base/+/c31434d6a097f815e8daec899ba92348487cbfac","signature_version":"v1","digest":{"length":1160,"function_hash":"288738322659701627884182541415328348424"},"deprecated":false,"signature_type":"Function","id":"ASB-A-289549315-72dff895"}],"fixes":["https://android.googlesource.com/platform/frameworks/base/+/c31434d6a097f815e8daec899ba92348487cbfac"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-289549315.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"14:0"},{"fixed":"14:2023-11-01"}]}],"versions":["14"],"ecosystem_specific":{"spl":"2023-11-01","severity":"High","types":["ID"],"vanir_signatures":[{"signature_type":"Line","source":"https://android.googlesource.com/platform/frameworks/base/+/859abb58cdc7d66dbd22e7d02994509c4bba0416","signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["295747577431459138783214723720080232905","104986103895883280973484033654450783550","200932986351792462262403114396539000858","13293847349918228768530318403612346856","119089759048065327889787429548575806089","103222781888017295237712909037069379684","305953945846036139880356385746645401116","170762878817648619129649734788323132715","73295037082427983513118367576593935300","31364012517850101724274379464464592783","110469676561001990110449437251258005111","44785600318475085707930050683937806470","213847325994902213538424559586698988120"]},"deprecated":false,"target":{"file":"services/core/java/com/android/server/am/ActivityManagerService.java"},"id":"ASB-A-289549315-093c9362"},{"target":{"file":"services/core/java/com/android/server/am/ActivityManagerService.java","function":"backupAgentCreated"},"source":"https://android.googlesource.com/platform/frameworks/base/+/859abb58cdc7d66dbd22e7d02994509c4bba0416","signature_version":"v1","digest":{"length":1160,"function_hash":"288738322659701627884182541415328348424"},"deprecated":false,"signature_type":"Function","id":"ASB-A-289549315-8266a20a"}],"fixes":["https://android.googlesource.com/platform/frameworks/base/+/859abb58cdc7d66dbd22e7d02994509c4bba0416"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-289549315.json"}}],"schema_version":"1.7.5"}