{"id":"ASB-A-291299076","details":"In createFromParcel of UsbConfiguration.java, there is a possible background activity launch (BAL) due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.","aliases":["A-291299076","CVE-2023-40109"],"modified":"2026-05-28T15:16:54.500952700Z","published":"2023-11-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2023-11-01"},{"type":"FIX","url":"https://android.googlesource.com/platform/frameworks/base/+/387d258cf10a30537fc48dc0e48d28071efa92e7"}],"affected":[{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"14-next:0"},{"fixed":"14-next:2023-11-01"}]}],"versions":["14-next"],"ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/85d7e6712a9eeeed3bdd68ea3c3862c7e88bfe70"],"vanir_signatures":[{"signature_version":"v1","target":{"file":"core/java/android/hardware/usb/UsbConfiguration.java"},"signature_type":"Line","source":"https://android.googlesource.com/platform/frameworks/base/+/85d7e6712a9eeeed3bdd68ea3c3862c7e88bfe70","id":"ASB-A-291299076-971e97d3","deprecated":false,"digest":{"line_hashes":["64032869180274739073190422895623655539","262484176442339311704902322087541112136","116613418940402835663978091473829914079","230443252710839433367481878379959720256"],"threshold":0.9}},{"signature_version":"v1","signature_type":"Function","id":"ASB-A-291299076-ad22709a","source":"https://android.googlesource.com/platform/frameworks/base/+/85d7e6712a9eeeed3bdd68ea3c3862c7e88bfe70","target":{"function":"createFromParcel","file":"core/java/android/hardware/usb/UsbConfiguration.java"},"deprecated":false,"digest":{"length":326,"function_hash":"269662731154042863602055335981907143040"}}],"types":["EoP"],"severity":"High","spl":"2023-11-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-291299076.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"11:0"},{"fixed":"11:2023-11-01"}]}],"versions":["11"],"ecosystem_specific":{"vanir_signatures":[{"signature_version":"v1","signature_type":"Line","id":"ASB-A-291299076-2ba921b1","source":"https://android.googlesource.com/platform/frameworks/base/+/60bfbde79f2ffb012abced55d358fdf6380c0bae","target":{"file":"core/java/android/hardware/usb/UsbConfiguration.java"},"deprecated":false,"digest":{"line_hashes":["64032869180274739073190422895623655539","262484176442339311704902322087541112136","116613418940402835663978091473829914079","230443252710839433367481878379959720256"],"threshold":0.9}},{"signature_version":"v1","signature_type":"Function","id":"ASB-A-291299076-d64521eb","source":"https://android.googlesource.com/platform/frameworks/base/+/60bfbde79f2ffb012abced55d358fdf6380c0bae","target":{"function":"createFromParcel","file":"core/java/android/hardware/usb/UsbConfiguration.java"},"deprecated":false,"digest":{"length":326,"function_hash":"269662731154042863602055335981907143040"}}],"fixes":["https://android.googlesource.com/platform/frameworks/base/+/60bfbde79f2ffb012abced55d358fdf6380c0bae"],"types":["EoP"],"severity":"High","spl":"2023-11-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-291299076.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12:0"},{"fixed":"12:2023-11-01"}]}],"versions":["12"],"ecosystem_specific":{"vanir_signatures":[{"signature_version":"v1","target":{"function":"createFromParcel","file":"core/java/android/hardware/usb/UsbConfiguration.java"},"signature_type":"Function","source":"https://android.googlesource.com/platform/frameworks/base/+/0362efc06e5e3987270b452f6e2ee8fcd78e2b5a","id":"ASB-A-291299076-999f3f39","deprecated":false,"digest":{"length":326,"function_hash":"269662731154042863602055335981907143040"}},{"signature_version":"v1","target":{"file":"core/java/android/hardware/usb/UsbConfiguration.java"},"signature_type":"Line","source":"https://android.googlesource.com/platform/frameworks/base/+/0362efc06e5e3987270b452f6e2ee8fcd78e2b5a","id":"ASB-A-291299076-d45f92e5","deprecated":false,"digest":{"line_hashes":["64032869180274739073190422895623655539","262484176442339311704902322087541112136","116613418940402835663978091473829914079","230443252710839433367481878379959720256"],"threshold":0.9}}],"spl":"2023-11-01","fixes":["https://android.googlesource.com/platform/frameworks/base/+/0362efc06e5e3987270b452f6e2ee8fcd78e2b5a"],"severity":"High","types":["EoP"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-291299076.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12L:0"},{"fixed":"12L:2023-11-01"}]}],"versions":["12L"],"ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/7491a49b633e4eaa4f01d9b12ea4bce15b8dce00"],"vanir_signatures":[{"signature_version":"v1","id":"ASB-A-291299076-7df7f1b8","signature_type":"Line","source":"https://android.googlesource.com/platform/frameworks/base/+/7491a49b633e4eaa4f01d9b12ea4bce15b8dce00","target":{"file":"core/java/android/hardware/usb/UsbConfiguration.java"},"deprecated":false,"digest":{"line_hashes":["64032869180274739073190422895623655539","262484176442339311704902322087541112136","116613418940402835663978091473829914079","230443252710839433367481878379959720256"],"threshold":0.9}},{"signature_version":"v1","signature_type":"Function","id":"ASB-A-291299076-ee8a556b","source":"https://android.googlesource.com/platform/frameworks/base/+/7491a49b633e4eaa4f01d9b12ea4bce15b8dce00","target":{"function":"createFromParcel","file":"core/java/android/hardware/usb/UsbConfiguration.java"},"deprecated":false,"digest":{"length":326,"function_hash":"269662731154042863602055335981907143040"}}],"types":["EoP"],"severity":"High","spl":"2023-11-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-291299076.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"13:0"},{"fixed":"13:2023-11-01"}]}],"versions":["13"],"ecosystem_specific":{"vanir_signatures":[{"signature_version":"v1","target":{"file":"core/java/android/hardware/usb/UsbConfiguration.java"},"signature_type":"Line","source":"https://android.googlesource.com/platform/frameworks/base/+/8c55c8ca3f3646ba15e5f4bda4e28f713860e3f0","id":"ASB-A-291299076-ae658c1f","deprecated":false,"digest":{"line_hashes":["64032869180274739073190422895623655539","262484176442339311704902322087541112136","116613418940402835663978091473829914079","230443252710839433367481878379959720256"],"threshold":0.9}},{"signature_version":"v1","id":"ASB-A-291299076-e9347b54","signature_type":"Function","source":"https://android.googlesource.com/platform/frameworks/base/+/8c55c8ca3f3646ba15e5f4bda4e28f713860e3f0","target":{"function":"createFromParcel","file":"core/java/android/hardware/usb/UsbConfiguration.java"},"deprecated":false,"digest":{"length":326,"function_hash":"269662731154042863602055335981907143040"}}],"fixes":["https://android.googlesource.com/platform/frameworks/base/+/8c55c8ca3f3646ba15e5f4bda4e28f713860e3f0"],"types":["EoP"],"severity":"High","spl":"2023-11-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-291299076.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"14:0"},{"fixed":"14:2023-11-01"}]}],"versions":["14"],"ecosystem_specific":{"vanir_signatures":[{"signature_version":"v1","id":"ASB-A-291299076-77133695","signature_type":"Line","source":"https://android.googlesource.com/platform/frameworks/base/+/2c9931533cf8f85de9feb1db0b9ad38b8837f3b8","target":{"file":"core/java/android/hardware/usb/UsbConfiguration.java"},"deprecated":false,"digest":{"line_hashes":["64032869180274739073190422895623655539","262484176442339311704902322087541112136","116613418940402835663978091473829914079","230443252710839433367481878379959720256"],"threshold":0.9}},{"signature_version":"v1","id":"ASB-A-291299076-cc103027","target":{"function":"createFromParcel","file":"core/java/android/hardware/usb/UsbConfiguration.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/2c9931533cf8f85de9feb1db0b9ad38b8837f3b8","signature_type":"Function","deprecated":false,"digest":{"length":326,"function_hash":"269662731154042863602055335981907143040"}}],"types":["EoP"],"fixes":["https://android.googlesource.com/platform/frameworks/base/+/2c9931533cf8f85de9feb1db0b9ad38b8837f3b8"],"severity":"High","spl":"2023-11-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-291299076.json"}}],"schema_version":"1.7.5"}