{"id":"ASB-A-293602317","details":"In multiple methods of UserManagerService.java, there is a possible failure to persist or enforce user restrictions due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.","aliases":["A-293602317","CVE-2024-0024"],"modified":"2026-05-22T15:55:21.353668239Z","published":"2024-05-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2024-05-01"},{"type":"FIX","url":"https://android.googlesource.com/platform/frameworks/base/+/6a9250ec7fc9801a883cedd7860076f42fb518ac"}],"affected":[{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"14-next:0"},{"fixed":"14-next:2024-05-01"}]}],"versions":["14-next"],"ecosystem_specific":{"types":["EoP"],"severity":"High","fixes":["https://android.googlesource.com/platform/frameworks/base/+/ad66666a7345f233e31f49445d42c74bd7767264"],"vanir_signatures":[{"target":{"file":"services/core/java/com/android/server/pm/UserManagerService.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/ad66666a7345f233e31f49445d42c74bd7767264","signature_version":"v1","signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["9463191120944565777214923587569540280","122948831978021524892316983953446463325","92472102344881644431830790738066790673","167065115139944003153512953068553907891","340215464376248865824947300777503185264","221168945578021651559295763786183083054","131744847661277240634565311564085973108","103367733749084258736728368274322623346","179925580572788879788475130054462708914","196342960548204308401723679118648079086","290321685008039217998855658215928044591","75387723144994033401847672675012393388","67366564525647400157695413450827258220","272780187264705393032792419979498836551","238741401060336175638099375497740303177","259279927726206483199262694158630246435","183029252510547657779880201967699359444","195441015140250236884590713138112717388","154830493048076088366513224219833566639","292349649739903354519742504810837097269","74757550851833025026619482507635734368","335645142261224268762006381740052233188","109183959224805865307895779680093246307","320347336774733139136288916442402746975","153537896584459150438194966513331789145","290138044157543726570565097636556565394","94951731505717292874816718517677494937","212459908943937449820271126626157033223","143346065962046306861345672815340128659","39202483775613760801013793315159228727","223464662744292259328231130015590290691","243196525702888915879421091889262579799","222906682215279304745915779653792229664","2041196555325525214139183417421403394","188099220589577487798346861997025355777"]},"id":"ASB-A-293602317-3607cff1","deprecated":false},{"target":{"file":"services/core/java/com/android/server/pm/UserManagerService.java","function":"createUserInternalUncheckedNoTracing"},"source":"https://android.googlesource.com/platform/frameworks/base/+/ad66666a7345f233e31f49445d42c74bd7767264","signature_version":"v1","signature_type":"Function","digest":{"function_hash":"202562576093626664732976268044019536821","length":6218},"id":"ASB-A-293602317-603c018a","deprecated":false},{"target":{"file":"services/core/java/com/android/server/pm/UserManagerService.java","function":"writeUserLP"},"digest":{"function_hash":"144548358230426864873260022106430419425","length":3635},"source":"https://android.googlesource.com/platform/frameworks/base/+/ad66666a7345f233e31f49445d42c74bd7767264","signature_type":"Function","signature_version":"v1","id":"ASB-A-293602317-a9ea5d47","deprecated":false},{"deprecated":false,"source":"https://android.googlesource.com/platform/frameworks/base/+/ad66666a7345f233e31f49445d42c74bd7767264","signature_version":"v1","signature_type":"Function","digest":{"function_hash":"162974419970696908515454636762840654481","length":527},"id":"ASB-A-293602317-bb4015b1","target":{"file":"services/core/java/com/android/server/pm/UserManagerService.java","function":"setSeedAccountDataNoChecks"}}],"spl":"2024-05-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-293602317.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12:0"},{"fixed":"12:2024-05-01"}]}],"versions":["12"],"ecosystem_specific":{"types":["EoP"],"severity":"High","fixes":["https://android.googlesource.com/platform/frameworks/base/+/46caac641941f2e8865a8d53400f959b3bd98d88"],"vanir_signatures":[{"target":{"file":"services/core/java/com/android/server/pm/UserManagerService.java"},"digest":{"threshold":0.9,"line_hashes":["336770520496282681441314896640216048437","196318341949663620568384875019858555190","58551288301263779771889156118854047197","167065115139944003153512953068553907891","340215464376248865824947300777503185264","221168945578021651559295763786183083054","131744847661277240634565311564085973108","103367733749084258736728368274322623346","179925580572788879788475130054462708914","196342960548204308401723679118648079086","290321685008039217998855658215928044591","75387723144994033401847672675012393388","67366564525647400157695413450827258220","272780187264705393032792419979498836551","238741401060336175638099375497740303177","279577176035107001512934654237869507516","145880162779565741837819676483228499300","127809519349970645360697777428549622625","307980875257337246381009565866838557903","330212089550213811688452876207213689027","292349649739903354519742504810837097269","6127841152270119643958952414669350211","335645142261224268762006381740052233188","109183959224805865307895779680093246307","320347336774733139136288916442402746975","153537896584459150438194966513331789145","290138044157543726570565097636556565394","183149366999774343672822517647013108117","278675113163975809037263769056095463902","143346065962046306861345672815340128659","39202483775613760801013793315159228727","223464662744292259328231130015590290691","243196525702888915879421091889262579799","222906682215279304745915779653792229664","2041196555325525214139183417421403394","188099220589577487798346861997025355777"]},"source":"https://android.googlesource.com/platform/frameworks/base/+/46caac641941f2e8865a8d53400f959b3bd98d88","signature_type":"Line","signature_version":"v1","id":"ASB-A-293602317-3e8fc968","deprecated":false},{"deprecated":false,"source":"https://android.googlesource.com/platform/frameworks/base/+/46caac641941f2e8865a8d53400f959b3bd98d88","signature_version":"v1","signature_type":"Function","digest":{"function_hash":"17478972632755109935792096038178691063","length":565},"id":"ASB-A-293602317-eecf54bd","target":{"file":"services/core/java/com/android/server/pm/UserManagerService.java","function":"setSeedAccountData"}},{"target":{"file":"services/core/java/com/android/server/pm/UserManagerService.java","function":"writeUserLP"},"digest":{"function_hash":"14431357685230850289420472586775119205","length":3298},"source":"https://android.googlesource.com/platform/frameworks/base/+/46caac641941f2e8865a8d53400f959b3bd98d88","signature_type":"Function","signature_version":"v1","id":"ASB-A-293602317-f1299a83","deprecated":false},{"target":{"file":"services/core/java/com/android/server/pm/UserManagerService.java","function":"createUserInternalUncheckedNoTracing"},"signature_version":"v1","signature_type":"Function","source":"https://android.googlesource.com/platform/frameworks/base/+/46caac641941f2e8865a8d53400f959b3bd98d88","digest":{"function_hash":"272657188131738071713369073931175915923","length":5792},"id":"ASB-A-293602317-f4915321","deprecated":false}],"spl":"2024-05-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-293602317.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12L:0"},{"fixed":"12L:2024-05-01"}]}],"versions":["12L"],"ecosystem_specific":{"types":["EoP"],"severity":"High","fixes":["https://android.googlesource.com/platform/frameworks/base/+/59042a32c7e192d160c295ecb6477a09bb5da0bb"],"vanir_signatures":[{"target":{"file":"services/core/java/com/android/server/pm/UserManagerService.java","function":"setSeedAccountData"},"digest":{"function_hash":"17478972632755109935792096038178691063","length":565},"source":"https://android.googlesource.com/platform/frameworks/base/+/59042a32c7e192d160c295ecb6477a09bb5da0bb","signature_type":"Function","signature_version":"v1","id":"ASB-A-293602317-05556f3a","deprecated":false},{"target":{"file":"services/core/java/com/android/server/pm/UserManagerService.java","function":"writeUserLP"},"signature_type":"Function","digest":{"function_hash":"14431357685230850289420472586775119205","length":3298},"source":"https://android.googlesource.com/platform/frameworks/base/+/59042a32c7e192d160c295ecb6477a09bb5da0bb","signature_version":"v1","id":"ASB-A-293602317-13d2e283","deprecated":false},{"target":{"file":"services/core/java/com/android/server/pm/UserManagerService.java","function":"createUserInternalUncheckedNoTracing"},"signature_version":"v1","signature_type":"Function","source":"https://android.googlesource.com/platform/frameworks/base/+/59042a32c7e192d160c295ecb6477a09bb5da0bb","digest":{"function_hash":"272657188131738071713369073931175915923","length":5792},"id":"ASB-A-293602317-2050492b","deprecated":false},{"target":{"file":"services/core/java/com/android/server/pm/UserManagerService.java"},"signature_version":"v1","signature_type":"Line","source":"https://android.googlesource.com/platform/frameworks/base/+/59042a32c7e192d160c295ecb6477a09bb5da0bb","digest":{"threshold":0.9,"line_hashes":["336770520496282681441314896640216048437","196318341949663620568384875019858555190","58551288301263779771889156118854047197","167065115139944003153512953068553907891","340215464376248865824947300777503185264","221168945578021651559295763786183083054","131744847661277240634565311564085973108","103367733749084258736728368274322623346","179925580572788879788475130054462708914","196342960548204308401723679118648079086","290321685008039217998855658215928044591","75387723144994033401847672675012393388","67366564525647400157695413450827258220","272780187264705393032792419979498836551","238741401060336175638099375497740303177","279577176035107001512934654237869507516","145880162779565741837819676483228499300","127809519349970645360697777428549622625","307980875257337246381009565866838557903","330212089550213811688452876207213689027","292349649739903354519742504810837097269","6127841152270119643958952414669350211","335645142261224268762006381740052233188","109183959224805865307895779680093246307","320347336774733139136288916442402746975","153537896584459150438194966513331789145","290138044157543726570565097636556565394","183149366999774343672822517647013108117","278675113163975809037263769056095463902","143346065962046306861345672815340128659","39202483775613760801013793315159228727","223464662744292259328231130015590290691","243196525702888915879421091889262579799","222906682215279304745915779653792229664","2041196555325525214139183417421403394","188099220589577487798346861997025355777"]},"id":"ASB-A-293602317-a1d3211d","deprecated":false}],"spl":"2024-05-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-293602317.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"13:0"},{"fixed":"13:2024-05-01"}]}],"versions":["13"],"ecosystem_specific":{"types":["EoP"],"severity":"High","fixes":["https://android.googlesource.com/platform/frameworks/base/+/59042a32c7e192d160c295ecb6477a09bb5da0bb"],"vanir_signatures":[{"target":{"file":"services/core/java/com/android/server/pm/UserManagerService.java","function":"setSeedAccountData"},"digest":{"function_hash":"17478972632755109935792096038178691063","length":565},"source":"https://android.googlesource.com/platform/frameworks/base/+/59042a32c7e192d160c295ecb6477a09bb5da0bb","signature_type":"Function","signature_version":"v1","id":"ASB-A-293602317-2418bb06","deprecated":false},{"target":{"file":"services/core/java/com/android/server/pm/UserManagerService.java"},"signature_version":"v1","signature_type":"Line","source":"https://android.googlesource.com/platform/frameworks/base/+/59042a32c7e192d160c295ecb6477a09bb5da0bb","digest":{"threshold":0.9,"line_hashes":["336770520496282681441314896640216048437","196318341949663620568384875019858555190","58551288301263779771889156118854047197","167065115139944003153512953068553907891","340215464376248865824947300777503185264","221168945578021651559295763786183083054","131744847661277240634565311564085973108","103367733749084258736728368274322623346","179925580572788879788475130054462708914","196342960548204308401723679118648079086","290321685008039217998855658215928044591","75387723144994033401847672675012393388","67366564525647400157695413450827258220","272780187264705393032792419979498836551","238741401060336175638099375497740303177","279577176035107001512934654237869507516","145880162779565741837819676483228499300","127809519349970645360697777428549622625","307980875257337246381009565866838557903","330212089550213811688452876207213689027","292349649739903354519742504810837097269","6127841152270119643958952414669350211","335645142261224268762006381740052233188","109183959224805865307895779680093246307","320347336774733139136288916442402746975","153537896584459150438194966513331789145","290138044157543726570565097636556565394","183149366999774343672822517647013108117","278675113163975809037263769056095463902","143346065962046306861345672815340128659","39202483775613760801013793315159228727","223464662744292259328231130015590290691","243196525702888915879421091889262579799","222906682215279304745915779653792229664","2041196555325525214139183417421403394","188099220589577487798346861997025355777"]},"id":"ASB-A-293602317-26d5e4b2","deprecated":false},{"target":{"file":"services/core/java/com/android/server/pm/UserManagerService.java","function":"writeUserLP"},"digest":{"function_hash":"14431357685230850289420472586775119205","length":3298},"source":"https://android.googlesource.com/platform/frameworks/base/+/59042a32c7e192d160c295ecb6477a09bb5da0bb","signature_type":"Function","signature_version":"v1","id":"ASB-A-293602317-6089c84d","deprecated":false},{"target":{"file":"services/core/java/com/android/server/pm/UserManagerService.java","function":"createUserInternalUncheckedNoTracing"},"digest":{"function_hash":"272657188131738071713369073931175915923","length":5792},"source":"https://android.googlesource.com/platform/frameworks/base/+/59042a32c7e192d160c295ecb6477a09bb5da0bb","signature_type":"Function","signature_version":"v1","id":"ASB-A-293602317-6b276ef8","deprecated":false}],"spl":"2024-05-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-293602317.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"14:0"},{"fixed":"14:2024-05-01"}]}],"versions":["14"],"ecosystem_specific":{"types":["EoP"],"severity":"High","fixes":["https://android.googlesource.com/platform/frameworks/base/+/1bc8e28626843225b09b2b070685f81fbadefc08"],"vanir_signatures":[{"target":{"file":"services/core/java/com/android/server/pm/UserManagerService.java","function":"setSeedAccountDataNoChecks"},"signature_type":"Function","digest":{"function_hash":"162974419970696908515454636762840654481","length":527},"source":"https://android.googlesource.com/platform/frameworks/base/+/1bc8e28626843225b09b2b070685f81fbadefc08","signature_version":"v1","id":"ASB-A-293602317-380cc354","deprecated":false},{"target":{"file":"services/core/java/com/android/server/pm/UserManagerService.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/1bc8e28626843225b09b2b070685f81fbadefc08","signature_version":"v1","signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["9463191120944565777214923587569540280","122948831978021524892316983953446463325","92472102344881644431830790738066790673","167065115139944003153512953068553907891","340215464376248865824947300777503185264","221168945578021651559295763786183083054","131744847661277240634565311564085973108","103367733749084258736728368274322623346","179925580572788879788475130054462708914","196342960548204308401723679118648079086","290321685008039217998855658215928044591","75387723144994033401847672675012393388","67366564525647400157695413450827258220","272780187264705393032792419979498836551","238741401060336175638099375497740303177","259279927726206483199262694158630246435","183029252510547657779880201967699359444","195441015140250236884590713138112717388","154830493048076088366513224219833566639","292349649739903354519742504810837097269","74757550851833025026619482507635734368","335645142261224268762006381740052233188","109183959224805865307895779680093246307","320347336774733139136288916442402746975","153537896584459150438194966513331789145","290138044157543726570565097636556565394","94951731505717292874816718517677494937","212459908943937449820271126626157033223","143346065962046306861345672815340128659","39202483775613760801013793315159228727","223464662744292259328231130015590290691","243196525702888915879421091889262579799","222906682215279304745915779653792229664","2041196555325525214139183417421403394","188099220589577487798346861997025355777"]},"id":"ASB-A-293602317-591df365","deprecated":false},{"target":{"file":"services/core/java/com/android/server/pm/UserManagerService.java","function":"writeUserLP"},"digest":{"function_hash":"144548358230426864873260022106430419425","length":3635},"source":"https://android.googlesource.com/platform/frameworks/base/+/1bc8e28626843225b09b2b070685f81fbadefc08","signature_type":"Function","signature_version":"v1","id":"ASB-A-293602317-59fe4ee5","deprecated":false},{"target":{"file":"services/core/java/com/android/server/pm/UserManagerService.java","function":"createUserInternalUncheckedNoTracing"},"digest":{"function_hash":"137805121615530708957201457640858822254","length":5798},"source":"https://android.googlesource.com/platform/frameworks/base/+/1bc8e28626843225b09b2b070685f81fbadefc08","signature_type":"Function","signature_version":"v1","id":"ASB-A-293602317-bb732334","deprecated":false}],"spl":"2024-05-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-293602317.json"}}],"schema_version":"1.7.5"}