{"id":"ASB-A-297517712","details":"In setMimeGroup of PackageManagerService.java, there is a possible way to hide the service from Settings due to a logic error in the code. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.","aliases":["A-297517712","CVE-2024-31331"],"modified":"2026-05-28T15:16:54.500952700Z","published":"2024-07-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2024-07-01"},{"type":"FIX","url":"https://android.googlesource.com/platform/frameworks/base/+/c8694bbccfb9c19aefed536ea710230107c935eb"}],"affected":[{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"14-next:0"},{"fixed":"14-next:2024-07-01"}]}],"versions":["14-next"],"ecosystem_specific":{"severity":"High","vanir_signatures":[{"deprecated":false,"signature_type":"Function","source":"https://android.googlesource.com/platform/frameworks/base/+/a4f979ceb770a9776b86ef8769fb179d32b43f81","target":{"function":"setMimeGroup","file":"services/core/java/com/android/server/pm/PackageManagerService.java"},"id":"ASB-A-297517712-0763322a","signature_version":"v1","digest":{"length":1604,"function_hash":"121793982451317937323918133980639258844"}},{"signature_type":"Line","deprecated":false,"digest":{"threshold":0.9,"line_hashes":["43898851190589870151345559370950240054","3722756200669086134615224001259530836","26749747790373024277228316438749155476","15389118569569891870379845455183193407","123923465873015125532895437246865274222","296852129998447726263867493719311554944"]},"target":{"file":"services/core/java/com/android/server/pm/PackageManagerService.java"},"signature_version":"v1","id":"ASB-A-297517712-62cf727c","source":"https://android.googlesource.com/platform/frameworks/base/+/81eb9f8294645684ce1fad39d5d4a00ef11736e4"},{"source":"https://android.googlesource.com/platform/frameworks/base/+/a4f979ceb770a9776b86ef8769fb179d32b43f81","signature_type":"Line","digest":{"line_hashes":["281217898079777607253697208625083332024","146229514668756794336541144905459975963","259528402462568240443944932916803554143","52734163914074503430726399419540481854","17907351007451030659909782139221481237","253852595020694901824413891859124999497"],"threshold":0.9},"target":{"file":"services/core/java/com/android/server/pm/PackageManagerService.java"},"signature_version":"v1","id":"ASB-A-297517712-715a7fac","deprecated":false},{"deprecated":false,"signature_type":"Function","source":"https://android.googlesource.com/platform/frameworks/base/+/81eb9f8294645684ce1fad39d5d4a00ef11736e4","target":{"function":"setMimeGroup","file":"services/core/java/com/android/server/pm/PackageManagerService.java"},"id":"ASB-A-297517712-bb141cbb","signature_version":"v1","digest":{"length":1156,"function_hash":"61796971250628665338872480005079481287"}}],"spl":"2024-07-01","types":["EoP"],"fixes":["https://android.googlesource.com/platform/frameworks/base/+/81eb9f8294645684ce1fad39d5d4a00ef11736e4","https://android.googlesource.com/platform/frameworks/base/+/a4f979ceb770a9776b86ef8769fb179d32b43f81"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-297517712.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12:0"},{"fixed":"12:2024-07-01"}]}],"versions":["12"],"ecosystem_specific":{"severity":"High","vanir_signatures":[{"deprecated":false,"signature_type":"Function","source":"https://android.googlesource.com/platform/frameworks/base/+/2c0dff90d63674ee0d098219b88f2e01a0ab4612","target":{"function":"applyMimeGroupChanges","file":"services/core/java/com/android/server/pm/PackageManagerService.java"},"id":"ASB-A-297517712-634635dd","signature_version":"v1","digest":{"length":216,"function_hash":"229695439577976291699962189531366943588"}},{"deprecated":false,"signature_type":"Function","source":"https://android.googlesource.com/platform/frameworks/base/+/2c0dff90d63674ee0d098219b88f2e01a0ab4612","target":{"function":"setMimeGroup","file":"services/core/java/com/android/server/pm/PackageManagerService.java"},"signature_version":"v1","id":"ASB-A-297517712-9467e447","digest":{"length":264,"function_hash":"73926186844359611931602009158388012163"}},{"signature_type":"Line","deprecated":false,"digest":{"threshold":0.9,"line_hashes":["72451626362295360863642667400490772683","221365509009852129768503639947100441163","78921830916466288664480393260957595650","116711112061054777405124049529628031955","100897153064631825942624269705907580630","254962480139698697108045341036639678392","244166643604851837244764123769300035454","138224336858627344777001228781243159632","114042982631721800032191970602928791745","179888334619645041252664222737226322258","318468329773541244707331110422369691540","11331976700848638677255514961218849229","14841573831959894229459852614909399646","259703186931554737734791417042462329860","17296091366496366017981748800226353240","287780344097120565973078900866751438757"]},"target":{"file":"services/core/java/com/android/server/pm/PackageManagerService.java"},"signature_version":"v1","id":"ASB-A-297517712-c807ac07","source":"https://android.googlesource.com/platform/frameworks/base/+/2c0dff90d63674ee0d098219b88f2e01a0ab4612"}],"spl":"2024-07-01","fixes":["https://android.googlesource.com/platform/frameworks/base/+/2c0dff90d63674ee0d098219b88f2e01a0ab4612"],"types":["EoP"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-297517712.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12L:0"},{"fixed":"12L:2024-07-01"}]}],"versions":["12L"],"ecosystem_specific":{"severity":"High","vanir_signatures":[{"deprecated":false,"signature_type":"Line","source":"https://android.googlesource.com/platform/frameworks/base/+/0c83491b22258b6edc4c38aa24b1b19038d35d73","target":{"file":"services/core/java/com/android/server/pm/PackageManagerService.java"},"id":"ASB-A-297517712-173ed429","signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["72451626362295360863642667400490772683","221365509009852129768503639947100441163","78921830916466288664480393260957595650","116711112061054777405124049529628031955","100897153064631825942624269705907580630","254962480139698697108045341036639678392","244166643604851837244764123769300035454","138224336858627344777001228781243159632","114042982631721800032191970602928791745","179888334619645041252664222737226322258","318468329773541244707331110422369691540","11331976700848638677255514961218849229","14841573831959894229459852614909399646","259703186931554737734791417042462329860","17296091366496366017981748800226353240","287780344097120565973078900866751438757"]}},{"digest":{"length":264,"function_hash":"73926186844359611931602009158388012163"},"deprecated":false,"source":"https://android.googlesource.com/platform/frameworks/base/+/0c83491b22258b6edc4c38aa24b1b19038d35d73","target":{"function":"setMimeGroup","file":"services/core/java/com/android/server/pm/PackageManagerService.java"},"id":"ASB-A-297517712-542b180d","signature_version":"v1","signature_type":"Function"},{"deprecated":false,"signature_type":"Function","source":"https://android.googlesource.com/platform/frameworks/base/+/0c83491b22258b6edc4c38aa24b1b19038d35d73","target":{"function":"applyMimeGroupChanges","file":"services/core/java/com/android/server/pm/PackageManagerService.java"},"signature_version":"v1","id":"ASB-A-297517712-767f3b7c","digest":{"length":216,"function_hash":"229695439577976291699962189531366943588"}}],"spl":"2024-07-01","types":["EoP"],"fixes":["https://android.googlesource.com/platform/frameworks/base/+/0c83491b22258b6edc4c38aa24b1b19038d35d73"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-297517712.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"13:0"},{"fixed":"13:2024-07-01"}]}],"versions":["13"],"ecosystem_specific":{"severity":"High","vanir_signatures":[{"signature_type":"Line","deprecated":false,"digest":{"line_hashes":["43898851190589870151345559370950240054","3722756200669086134615224001259530836","26749747790373024277228316438749155476","15389118569569891870379845455183193407","123923465873015125532895437246865274222","296852129998447726263867493719311554944"],"threshold":0.9},"target":{"file":"services/core/java/com/android/server/pm/PackageManagerService.java"},"signature_version":"v1","id":"ASB-A-297517712-7fe3e9da","source":"https://android.googlesource.com/platform/frameworks/base/+/6d9520bb9be2e31fd43bb08f0017838bbd389883"},{"deprecated":false,"signature_type":"Function","source":"https://android.googlesource.com/platform/frameworks/base/+/6d9520bb9be2e31fd43bb08f0017838bbd389883","target":{"function":"setMimeGroup","file":"services/core/java/com/android/server/pm/PackageManagerService.java"},"signature_version":"v1","id":"ASB-A-297517712-83c4af4b","digest":{"length":1111,"function_hash":"90970067071737852714091444372224632873"}}],"spl":"2024-07-01","fixes":["https://android.googlesource.com/platform/frameworks/base/+/6d9520bb9be2e31fd43bb08f0017838bbd389883"],"types":["EoP"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-297517712.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"14:0"},{"fixed":"14:2024-07-01"}]}],"versions":["14"],"ecosystem_specific":{"severity":"High","vanir_signatures":[{"signature_type":"Function","deprecated":false,"digest":{"length":1111,"function_hash":"90970067071737852714091444372224632873"},"target":{"function":"setMimeGroup","file":"services/core/java/com/android/server/pm/PackageManagerService.java"},"signature_version":"v1","id":"ASB-A-297517712-5eb72b3d","source":"https://android.googlesource.com/platform/frameworks/base/+/4217415dbe8e83ba4c8bf56ac6ff21523187f59f"},{"source":"https://android.googlesource.com/platform/frameworks/base/+/4217415dbe8e83ba4c8bf56ac6ff21523187f59f","signature_type":"Line","digest":{"line_hashes":["43898851190589870151345559370950240054","3722756200669086134615224001259530836","26749747790373024277228316438749155476","15389118569569891870379845455183193407","123923465873015125532895437246865274222","296852129998447726263867493719311554944"],"threshold":0.9},"target":{"file":"services/core/java/com/android/server/pm/PackageManagerService.java"},"signature_version":"v1","id":"ASB-A-297517712-af3fbdba","deprecated":false}],"spl":"2024-07-01","types":["EoP"],"fixes":["https://android.googlesource.com/platform/frameworks/base/+/4217415dbe8e83ba4c8bf56ac6ff21523187f59f"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-297517712.json"}}],"schema_version":"1.7.5"}