{"id":"ASB-A-294105066","details":"In shouldRestrictOverlayActivities of UsbProfileGroupSettingsManager.java, there is a possible escape from SUW due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.","aliases":["A-294105066","CVE-2024-34739"],"modified":"2026-04-10T16:16:18.068628Z","published":"2025-05-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2025-05-01"},{"type":"FIX","url":"https://android.googlesource.com/platform/frameworks/base/+/50e1f8f36e32928d10e72324c05a203a6db9f7fb"}],"affected":[{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"15-next:0"},{"fixed":"15-next:2025-05-01"}]}],"versions":["15-next"],"ecosystem_specific":{"severity":"High","vanir_signatures":[{"signature_version":"v1","signature_type":"Function","target":{"file":"services/usb/java/com/android/server/usb/UsbProfileGroupSettingsManager.java","function":"shouldRestrictOverlayActivities"},"digest":{"function_hash":"293592115087675525965099928377831645388","length":1362},"id":"ASB-A-294105066-4d805519","source":"https://android.googlesource.com/platform/frameworks/base/+/76feb3795672beacbc534683825bb7f871157e2f","deprecated":false},{"signature_version":"v1","signature_type":"Line","target":{"file":"services/usb/java/com/android/server/usb/UsbProfileGroupSettingsManager.java"},"digest":{"line_hashes":["132320200496910416633144091387043070799","9222264376772789956722737820518927664","39510485349635931364974729363780694415","105403762334205416195417938083360044750","181287731695673520138842956822233905586","174713173314741838000960625363681242208","183049458506848410960649018406972328386","72075619583929205928583179512331277472","190591185431082954046842447426409791922","100052405192186497741302472074187627355"],"threshold":0.9},"id":"ASB-A-294105066-bcee7e53","source":"https://android.googlesource.com/platform/frameworks/base/+/76feb3795672beacbc534683825bb7f871157e2f","deprecated":false}],"types":["EoP"],"spl":"2025-05-01","fixes":["https://android.googlesource.com/platform/frameworks/base/+/76feb3795672beacbc534683825bb7f871157e2f"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-294105066.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"13:0"},{"fixed":"13:2025-05-01"}]}],"versions":["13"],"ecosystem_specific":{"severity":"High","vanir_signatures":[{"signature_version":"v1","signature_type":"Line","target":{"file":"services/usb/java/com/android/server/usb/UsbProfileGroupSettingsManager.java"},"digest":{"line_hashes":["24391601699875178468681340548252595920","9222264376772789956722737820518927664","39510485349635931364974729363780694415","105403762334205416195417938083360044750","181287731695673520138842956822233905586","32776859473314783020600580527272918548","268287025647145217601171883020346811649","298008157779326890226920484526372729606","193635173819899355219600486103369665717","21543297871747000018628982777714197655"],"threshold":0.9},"id":"ASB-A-294105066-463eca58","source":"https://android.googlesource.com/platform/frameworks/base/+/b459bcaac52d162a81a64aafe9e5f201d85a17f0","deprecated":false},{"signature_version":"v1","match_only_versions":["13"],"digest":{"function_hash":"327865267837982666497546201968089274906","length":447},"id":"ASB-A-294105066-743ecccb","target":{"file":"services/usb/java/com/android/server/usb/UsbProfileGroupSettingsManager.java","function":"resolveActivity"},"signature_type":"Function","source":"https://android.googlesource.com/platform/frameworks/base/+/b459bcaac52d162a81a64aafe9e5f201d85a17f0","deprecated":false}],"types":["EoP"],"spl":"2025-05-01","fixes":["https://android.googlesource.com/platform/frameworks/base/+/b459bcaac52d162a81a64aafe9e5f201d85a17f0"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-294105066.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"14:0"},{"fixed":"14:2025-05-01"}]}],"versions":["14"],"ecosystem_specific":{"severity":"High","vanir_signatures":[{"signature_version":"v1","signature_type":"Line","target":{"file":"services/usb/java/com/android/server/usb/UsbProfileGroupSettingsManager.java"},"digest":{"line_hashes":["24391601699875178468681340548252595920","9222264376772789956722737820518927664","39510485349635931364974729363780694415","105403762334205416195417938083360044750","181287731695673520138842956822233905586","32776859473314783020600580527272918548","268287025647145217601171883020346811649","298008157779326890226920484526372729606","193635173819899355219600486103369665717","21543297871747000018628982777714197655"],"threshold":0.9},"id":"ASB-A-294105066-cc515bae","source":"https://android.googlesource.com/platform/frameworks/base/+/71042ac086b3470f4086c5c76fc2b6c4e3dff263","deprecated":false},{"signature_version":"v1","match_only_versions":["14"],"digest":{"function_hash":"327865267837982666497546201968089274906","length":447},"id":"ASB-A-294105066-ef20f456","target":{"file":"services/usb/java/com/android/server/usb/UsbProfileGroupSettingsManager.java","function":"resolveActivity"},"signature_type":"Function","source":"https://android.googlesource.com/platform/frameworks/base/+/71042ac086b3470f4086c5c76fc2b6c4e3dff263","deprecated":false}],"types":["EoP"],"spl":"2025-05-01","fixes":["https://android.googlesource.com/platform/frameworks/base/+/71042ac086b3470f4086c5c76fc2b6c4e3dff263"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-294105066.json"}}],"schema_version":"1.7.5"}