{"id":"ASB-A-294228721","details":"In getCredentialManagerPolicy of DevicePolicyManagerService.java, there is a possible method for users to select credential managers without permission due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-294228721","CVE-2023-40089"],"modified":"2026-05-22T15:55:21.353668239Z","published":"2023-12-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2023-12-01"},{"type":"FIX","url":"https://android.googlesource.com/platform/frameworks/base/+/e2e05f488da6abc765a62e7faf10cb74e729732e"}],"affected":[{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"14-next:0"},{"fixed":"14-next:2023-12-01"}]}],"versions":["14-next"],"ecosystem_specific":{"types":["EoP"],"fixes":["https://android.googlesource.com/platform/frameworks/base/+/892ba1d6f6b08667d3a7741e698c1ccfbd3841f5"],"severity":"High","vanir_signatures":[{"signature_type":"Function","source":"https://android.googlesource.com/platform/frameworks/base/+/892ba1d6f6b08667d3a7741e698c1ccfbd3841f5","target":{"function":"getCredentialManagerPolicy","file":"services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java"},"signature_version":"v1","deprecated":false,"digest":{"length":307,"function_hash":"74449242559593116633127182544354130666"},"id":"ASB-A-294228721-001b2075"},{"signature_type":"Function","source":"https://android.googlesource.com/platform/frameworks/base/+/892ba1d6f6b08667d3a7741e698c1ccfbd3841f5","target":{"function":"getCredentialManagerPolicy","file":"core/java/android/app/admin/DevicePolicyManager.java"},"signature_version":"v1","deprecated":false,"digest":{"length":206,"function_hash":"273187886863558320177264236917531010900"},"id":"ASB-A-294228721-0d7ed67a"},{"target":{"file":"core/java/android/app/admin/DevicePolicyManager.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/892ba1d6f6b08667d3a7741e698c1ccfbd3841f5","signature_version":"v1","signature_type":"Line","deprecated":false,"digest":{"line_hashes":["27048490247006646627419795221021812496","175284641402637478608390869535606810161","234065406732064679832854187106009601004","197420965643697283682808876633612224374","234819912256778732340493599341448481647","300102070284684225849613243206591386726","340068429391398980206455874537492563893","216495480719551252986048293592306024957"],"threshold":0.9},"id":"ASB-A-294228721-633b9ba6"},{"signature_version":"v1","source":"https://android.googlesource.com/platform/frameworks/base/+/892ba1d6f6b08667d3a7741e698c1ccfbd3841f5","signature_type":"Line","digest":{"line_hashes":["332219673355443387379256206211042897860","35632985352020364848489662231319506689","76320284361625687917528082129015246115","73129828535204244091363231259897667037","250217290926877900967568290098458981441","270938730645888615323830826130448163534","305815705679108351074771310580648973669","208232285445090970418086043977411258726","264785142350393791605780235158664188932","162567613217633417994253022385408772313","295760383498470438294263347900256242793","202167732107955505056331426613111159753"],"threshold":0.9},"deprecated":false,"target":{"file":"services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java"},"id":"ASB-A-294228721-ae13115d"}],"spl":"2023-12-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-294228721.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"14:0"},{"fixed":"14:2023-12-01"}]}],"versions":["14"],"ecosystem_specific":{"types":["EoP"],"fixes":["https://android.googlesource.com/platform/frameworks/base/+/0951b28bd94a514eded9503d802228a3591579d6"],"severity":"High","vanir_signatures":[{"signature_version":"v1","source":"https://android.googlesource.com/platform/frameworks/base/+/0951b28bd94a514eded9503d802228a3591579d6","signature_type":"Function","digest":{"length":206,"function_hash":"273187886863558320177264236917531010900"},"deprecated":false,"target":{"function":"getCredentialManagerPolicy","file":"core/java/android/app/admin/DevicePolicyManager.java"},"id":"ASB-A-294228721-46a2bd8e"},{"signature_type":"Function","source":"https://android.googlesource.com/platform/frameworks/base/+/0951b28bd94a514eded9503d802228a3591579d6","target":{"function":"getCredentialManagerPolicy","file":"services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java"},"signature_version":"v1","deprecated":false,"digest":{"length":307,"function_hash":"74449242559593116633127182544354130666"},"id":"ASB-A-294228721-6e5e602b"},{"signature_type":"Line","source":"https://android.googlesource.com/platform/frameworks/base/+/0951b28bd94a514eded9503d802228a3591579d6","digest":{"line_hashes":["332219673355443387379256206211042897860","35632985352020364848489662231319506689","76320284361625687917528082129015246115","73129828535204244091363231259897667037","250217290926877900967568290098458981441","270938730645888615323830826130448163534","305815705679108351074771310580648973669","208232285445090970418086043977411258726","264785142350393791605780235158664188932","162567613217633417994253022385408772313","295760383498470438294263347900256242793","202167732107955505056331426613111159753"],"threshold":0.9},"target":{"file":"services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyManagerService.java"},"deprecated":false,"signature_version":"v1","id":"ASB-A-294228721-70b6de26"},{"id":"ASB-A-294228721-d90e9513","source":"https://android.googlesource.com/platform/frameworks/base/+/0951b28bd94a514eded9503d802228a3591579d6","digest":{"line_hashes":["27048490247006646627419795221021812496","175284641402637478608390869535606810161","234065406732064679832854187106009601004","197420965643697283682808876633612224374","234819912256778732340493599341448481647","300102070284684225849613243206591386726","340068429391398980206455874537492563893","216495480719551252986048293592306024957"],"threshold":0.9},"target":{"file":"core/java/android/app/admin/DevicePolicyManager.java"},"deprecated":false,"signature_version":"v1","signature_type":"Line"}],"spl":"2023-12-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-294228721.json"}}],"schema_version":"1.7.5"}