{"id":"ASB-A-295334906","details":"In hasPermissionForActivity of PackageManagerHelper.java, there is a possible URI grant due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.","aliases":["A-295334906","CVE-2023-40097"],"modified":"2026-04-17T15:55:28.020024Z","published":"2023-12-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2023-12-01"},{"type":"FIX","url":"https://android.googlesource.com/platform/packages/apps/Launcher3/+/6c9a41117d5a9365cf34e770bbb00138f6bf997e"}],"affected":[{"package":{"name":"platform/packages/apps/Launcher3","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"11:0"},{"fixed":"11:2023-12-01"}]}],"versions":["11"],"ecosystem_specific":{"spl":"2023-12-01","vanir_signatures":[{"target":{"file":"src/com/android/launcher3/util/PackageManagerHelper.java"},"id":"ASB-A-295334906-2679529f","signature_type":"Line","deprecated":false,"digest":{"line_hashes":["156920008884073903039287587172595704404","119150954729635250725035754758066636242","120415687390839430725601293985000699140","252470816520549878971422607581160562258","205162796707141204688852551510115422038","211631520458106056287770074786817744477","170148035384295147311922699382062541041","317686567657638003446736651614121009547","8076585167763604926641413016588997554","188574482038188831960048234590436163317","131301113796914304292314687315221071227"],"threshold":0.9},"source":"https://android.googlesource.com/platform/packages/apps/Launcher3/+/b7b192bd7f24a2aa7d6881ee949657c9760c0305","signature_version":"v1"},{"target":{"function":"hasPermissionForActivity","file":"src/com/android/launcher3/util/PackageManagerHelper.java"},"id":"ASB-A-295334906-463704e8","signature_type":"Function","deprecated":false,"digest":{"length":897,"function_hash":"153625017763408298640989451117780436694"},"source":"https://android.googlesource.com/platform/packages/apps/Launcher3/+/b7b192bd7f24a2aa7d6881ee949657c9760c0305","signature_version":"v1"}],"types":["EoP"],"severity":"High","fixes":["https://android.googlesource.com/platform/packages/apps/Launcher3/+/b7b192bd7f24a2aa7d6881ee949657c9760c0305"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-295334906.json"}},{"package":{"name":"platform/packages/apps/Launcher3","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12:0"},{"fixed":"12:2023-12-01"}]}],"versions":["12"],"ecosystem_specific":{"spl":"2023-12-01","vanir_signatures":[{"target":{"file":"src/com/android/launcher3/util/PackageManagerHelper.java"},"id":"ASB-A-295334906-0aa32f27","signature_type":"Line","deprecated":false,"digest":{"line_hashes":["156920008884073903039287587172595704404","119150954729635250725035754758066636242","120415687390839430725601293985000699140","252470816520549878971422607581160562258","205162796707141204688852551510115422038","211631520458106056287770074786817744477","170148035384295147311922699382062541041","317686567657638003446736651614121009547","8076585167763604926641413016588997554","188574482038188831960048234590436163317","131301113796914304292314687315221071227"],"threshold":0.9},"source":"https://android.googlesource.com/platform/packages/apps/Launcher3/+/b7b192bd7f24a2aa7d6881ee949657c9760c0305","signature_version":"v1"},{"target":{"function":"hasPermissionForActivity","file":"src/com/android/launcher3/util/PackageManagerHelper.java"},"id":"ASB-A-295334906-8b6df6a8","signature_type":"Function","deprecated":false,"digest":{"length":897,"function_hash":"153625017763408298640989451117780436694"},"source":"https://android.googlesource.com/platform/packages/apps/Launcher3/+/b7b192bd7f24a2aa7d6881ee949657c9760c0305","signature_version":"v1"}],"types":["EoP"],"severity":"High","fixes":["https://android.googlesource.com/platform/packages/apps/Launcher3/+/b7b192bd7f24a2aa7d6881ee949657c9760c0305"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-295334906.json"}},{"package":{"name":"platform/packages/apps/Launcher3","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12L:0"},{"fixed":"12L:2023-12-01"}]}],"versions":["12L"],"ecosystem_specific":{"spl":"2023-12-01","vanir_signatures":[{"target":{"function":"hasPermissionForActivity","file":"src/com/android/launcher3/util/PackageManagerHelper.java"},"id":"ASB-A-295334906-23189b51","signature_type":"Function","deprecated":false,"digest":{"length":897,"function_hash":"153625017763408298640989451117780436694"},"source":"https://android.googlesource.com/platform/packages/apps/Launcher3/+/b7b192bd7f24a2aa7d6881ee949657c9760c0305","signature_version":"v1"},{"target":{"file":"src/com/android/launcher3/util/PackageManagerHelper.java"},"id":"ASB-A-295334906-6b059217","signature_type":"Line","deprecated":false,"digest":{"line_hashes":["156920008884073903039287587172595704404","119150954729635250725035754758066636242","120415687390839430725601293985000699140","252470816520549878971422607581160562258","205162796707141204688852551510115422038","211631520458106056287770074786817744477","170148035384295147311922699382062541041","317686567657638003446736651614121009547","8076585167763604926641413016588997554","188574482038188831960048234590436163317","131301113796914304292314687315221071227"],"threshold":0.9},"source":"https://android.googlesource.com/platform/packages/apps/Launcher3/+/b7b192bd7f24a2aa7d6881ee949657c9760c0305","signature_version":"v1"}],"types":["EoP"],"severity":"High","fixes":["https://android.googlesource.com/platform/packages/apps/Launcher3/+/b7b192bd7f24a2aa7d6881ee949657c9760c0305"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-295334906.json"}},{"package":{"name":"platform/packages/apps/Launcher3","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"13:0"},{"fixed":"13:2023-12-01"}]}],"versions":["13"],"ecosystem_specific":{"spl":"2023-12-01","vanir_signatures":[{"target":{"file":"src/com/android/launcher3/util/PackageManagerHelper.java"},"id":"ASB-A-295334906-022f135e","signature_type":"Line","deprecated":false,"digest":{"line_hashes":["156920008884073903039287587172595704404","119150954729635250725035754758066636242","120415687390839430725601293985000699140","252470816520549878971422607581160562258","205162796707141204688852551510115422038","211631520458106056287770074786817744477","170148035384295147311922699382062541041","317686567657638003446736651614121009547","8076585167763604926641413016588997554","188574482038188831960048234590436163317","131301113796914304292314687315221071227"],"threshold":0.9},"source":"https://android.googlesource.com/platform/packages/apps/Launcher3/+/b7b192bd7f24a2aa7d6881ee949657c9760c0305","signature_version":"v1"},{"target":{"function":"hasPermissionForActivity","file":"src/com/android/launcher3/util/PackageManagerHelper.java"},"id":"ASB-A-295334906-442f28f7","signature_type":"Function","deprecated":false,"digest":{"length":897,"function_hash":"153625017763408298640989451117780436694"},"source":"https://android.googlesource.com/platform/packages/apps/Launcher3/+/b7b192bd7f24a2aa7d6881ee949657c9760c0305","signature_version":"v1"}],"types":["EoP"],"severity":"High","fixes":["https://android.googlesource.com/platform/packages/apps/Launcher3/+/b7b192bd7f24a2aa7d6881ee949657c9760c0305"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-295334906.json"}}],"schema_version":"1.7.5"}