{"id":"ASB-A-291299076","details":"In createFromParcel of UsbConfiguration.java, there is a possible background activity launch (BAL) due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.","aliases":["A-291299076","CVE-2023-40109"],"modified":"2026-04-13T15:04:09.269232Z","published":"2023-11-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2023-11-01"},{"type":"FIX","url":"https://android.googlesource.com/platform/frameworks/base/+/387d258cf10a30537fc48dc0e48d28071efa92e7"}],"affected":[{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"14-next:0"},{"fixed":"14-next:2023-11-01"}]}],"versions":["14-next"],"ecosystem_specific":{"spl":"2023-11-01","fixes":["https://android.googlesource.com/platform/frameworks/base/+/85d7e6712a9eeeed3bdd68ea3c3862c7e88bfe70"],"types":["EoP"],"severity":"High","vanir_signatures":[{"signature_version":"v1","target":{"file":"core/java/android/hardware/usb/UsbConfiguration.java"},"id":"ASB-A-291299076-971e97d3","signature_type":"Line","digest":{"line_hashes":["64032869180274739073190422895623655539","262484176442339311704902322087541112136","116613418940402835663978091473829914079","230443252710839433367481878379959720256"],"threshold":0.9},"source":"https://android.googlesource.com/platform/frameworks/base/+/85d7e6712a9eeeed3bdd68ea3c3862c7e88bfe70","deprecated":false},{"signature_version":"v1","target":{"file":"core/java/android/hardware/usb/UsbConfiguration.java","function":"createFromParcel"},"id":"ASB-A-291299076-ad22709a","signature_type":"Function","digest":{"length":326,"function_hash":"269662731154042863602055335981907143040"},"source":"https://android.googlesource.com/platform/frameworks/base/+/85d7e6712a9eeeed3bdd68ea3c3862c7e88bfe70","deprecated":false}]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-291299076.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"11:0"},{"fixed":"11:2023-11-01"}]}],"versions":["11"],"ecosystem_specific":{"spl":"2023-11-01","fixes":["https://android.googlesource.com/platform/frameworks/base/+/60bfbde79f2ffb012abced55d358fdf6380c0bae"],"types":["EoP"],"severity":"High","vanir_signatures":[{"signature_version":"v1","target":{"file":"core/java/android/hardware/usb/UsbConfiguration.java"},"id":"ASB-A-291299076-2ba921b1","signature_type":"Line","digest":{"line_hashes":["64032869180274739073190422895623655539","262484176442339311704902322087541112136","116613418940402835663978091473829914079","230443252710839433367481878379959720256"],"threshold":0.9},"source":"https://android.googlesource.com/platform/frameworks/base/+/60bfbde79f2ffb012abced55d358fdf6380c0bae","deprecated":false},{"signature_version":"v1","target":{"file":"core/java/android/hardware/usb/UsbConfiguration.java","function":"createFromParcel"},"id":"ASB-A-291299076-d64521eb","signature_type":"Function","digest":{"length":326,"function_hash":"269662731154042863602055335981907143040"},"source":"https://android.googlesource.com/platform/frameworks/base/+/60bfbde79f2ffb012abced55d358fdf6380c0bae","deprecated":false}]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-291299076.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12:0"},{"fixed":"12:2023-11-01"}]}],"versions":["12"],"ecosystem_specific":{"spl":"2023-11-01","fixes":["https://android.googlesource.com/platform/frameworks/base/+/0362efc06e5e3987270b452f6e2ee8fcd78e2b5a"],"types":["EoP"],"severity":"High","vanir_signatures":[{"signature_version":"v1","target":{"file":"core/java/android/hardware/usb/UsbConfiguration.java","function":"createFromParcel"},"id":"ASB-A-291299076-999f3f39","signature_type":"Function","digest":{"length":326,"function_hash":"269662731154042863602055335981907143040"},"source":"https://android.googlesource.com/platform/frameworks/base/+/0362efc06e5e3987270b452f6e2ee8fcd78e2b5a","deprecated":false},{"signature_version":"v1","target":{"file":"core/java/android/hardware/usb/UsbConfiguration.java"},"id":"ASB-A-291299076-d45f92e5","signature_type":"Line","digest":{"line_hashes":["64032869180274739073190422895623655539","262484176442339311704902322087541112136","116613418940402835663978091473829914079","230443252710839433367481878379959720256"],"threshold":0.9},"source":"https://android.googlesource.com/platform/frameworks/base/+/0362efc06e5e3987270b452f6e2ee8fcd78e2b5a","deprecated":false}]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-291299076.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12L:0"},{"fixed":"12L:2023-11-01"}]}],"versions":["12L"],"ecosystem_specific":{"spl":"2023-11-01","fixes":["https://android.googlesource.com/platform/frameworks/base/+/7491a49b633e4eaa4f01d9b12ea4bce15b8dce00"],"types":["EoP"],"severity":"High","vanir_signatures":[{"signature_version":"v1","target":{"file":"core/java/android/hardware/usb/UsbConfiguration.java"},"id":"ASB-A-291299076-7df7f1b8","signature_type":"Line","digest":{"line_hashes":["64032869180274739073190422895623655539","262484176442339311704902322087541112136","116613418940402835663978091473829914079","230443252710839433367481878379959720256"],"threshold":0.9},"source":"https://android.googlesource.com/platform/frameworks/base/+/7491a49b633e4eaa4f01d9b12ea4bce15b8dce00","deprecated":false},{"signature_version":"v1","target":{"file":"core/java/android/hardware/usb/UsbConfiguration.java","function":"createFromParcel"},"id":"ASB-A-291299076-ee8a556b","signature_type":"Function","digest":{"length":326,"function_hash":"269662731154042863602055335981907143040"},"source":"https://android.googlesource.com/platform/frameworks/base/+/7491a49b633e4eaa4f01d9b12ea4bce15b8dce00","deprecated":false}]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-291299076.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"13:0"},{"fixed":"13:2023-11-01"}]}],"versions":["13"],"ecosystem_specific":{"spl":"2023-11-01","fixes":["https://android.googlesource.com/platform/frameworks/base/+/8c55c8ca3f3646ba15e5f4bda4e28f713860e3f0"],"types":["EoP"],"severity":"High","vanir_signatures":[{"signature_version":"v1","target":{"file":"core/java/android/hardware/usb/UsbConfiguration.java"},"id":"ASB-A-291299076-ae658c1f","signature_type":"Line","digest":{"line_hashes":["64032869180274739073190422895623655539","262484176442339311704902322087541112136","116613418940402835663978091473829914079","230443252710839433367481878379959720256"],"threshold":0.9},"source":"https://android.googlesource.com/platform/frameworks/base/+/8c55c8ca3f3646ba15e5f4bda4e28f713860e3f0","deprecated":false},{"signature_version":"v1","target":{"file":"core/java/android/hardware/usb/UsbConfiguration.java","function":"createFromParcel"},"id":"ASB-A-291299076-e9347b54","signature_type":"Function","digest":{"length":326,"function_hash":"269662731154042863602055335981907143040"},"source":"https://android.googlesource.com/platform/frameworks/base/+/8c55c8ca3f3646ba15e5f4bda4e28f713860e3f0","deprecated":false}]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-291299076.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"14:0"},{"fixed":"14:2023-11-01"}]}],"versions":["14"],"ecosystem_specific":{"spl":"2023-11-01","fixes":["https://android.googlesource.com/platform/frameworks/base/+/2c9931533cf8f85de9feb1db0b9ad38b8837f3b8"],"types":["EoP"],"severity":"High","vanir_signatures":[{"signature_version":"v1","target":{"file":"core/java/android/hardware/usb/UsbConfiguration.java"},"id":"ASB-A-291299076-77133695","signature_type":"Line","digest":{"line_hashes":["64032869180274739073190422895623655539","262484176442339311704902322087541112136","116613418940402835663978091473829914079","230443252710839433367481878379959720256"],"threshold":0.9},"source":"https://android.googlesource.com/platform/frameworks/base/+/2c9931533cf8f85de9feb1db0b9ad38b8837f3b8","deprecated":false},{"signature_version":"v1","target":{"file":"core/java/android/hardware/usb/UsbConfiguration.java","function":"createFromParcel"},"id":"ASB-A-291299076-cc103027","signature_type":"Function","digest":{"length":326,"function_hash":"269662731154042863602055335981907143040"},"source":"https://android.googlesource.com/platform/frameworks/base/+/2c9931533cf8f85de9feb1db0b9ad38b8837f3b8","deprecated":false}]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-291299076.json"}}],"schema_version":"1.7.5"}