{"id":"ASB-A-298635078","details":"In multiple functions of CompanionDeviceManagerService.java, there is a possible launch NotificationAccessConfirmationActivity of another user profile due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-298635078","CVE-2024-0022"],"modified":"2026-05-22T15:55:21.353668239Z","published":"2024-04-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2024-04-01"},{"type":"FIX","url":"https://android.googlesource.com/platform/frameworks/base/+/bdf1cce569c9700965ff6baee8efd3fb1e8269e8"}],"affected":[{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"14-next:0"},{"fixed":"14-next:2024-04-01"}]}],"versions":["14-next"],"ecosystem_specific":{"spl":"2024-04-01","fixes":["https://android.googlesource.com/platform/frameworks/base/+/38e1e9fb0357a3d0af5551cac83ad9b0b1fd0be2"],"severity":"High","vanir_signatures":[{"signature_type":"Line","deprecated":false,"signature_version":"v1","id":"ASB-A-298635078-6657176a","source":"https://android.googlesource.com/platform/frameworks/base/+/38e1e9fb0357a3d0af5551cac83ad9b0b1fd0be2","digest":{"line_hashes":["235055368570902509845368135688908912691","46914772837610932699393074704245498036","143965187811282397119853525869334576475","207406646097850335216169154541288558099","1541481414671566929650348865673721681","198439889011393407708305208935883938336","68434358367093740788027285675272473764","36383238236546658061563661091805463698","249300913198780888612584497119342926850","258178459221036030024073464284086474097","118788571807013244513436783750616737032","213005690081425911274194467743767865198","201408134120087323544393823627838966732"],"threshold":0.9},"target":{"file":"services/companion/java/com/android/server/companion/CompanionDeviceManagerService.java"}},{"digest":{"length":324,"function_hash":"173029907314831969588352356730720748041"},"deprecated":false,"signature_version":"v1","source":"https://android.googlesource.com/platform/frameworks/base/+/38e1e9fb0357a3d0af5551cac83ad9b0b1fd0be2","id":"ASB-A-298635078-878367c8","target":{"file":"services/companion/java/com/android/server/companion/CompanionDeviceManagerService.java","function":"checkCanCallNotificationApi"},"signature_type":"Function"},{"signature_type":"Function","deprecated":false,"signature_version":"v1","source":"https://android.googlesource.com/platform/frameworks/base/+/38e1e9fb0357a3d0af5551cac83ad9b0b1fd0be2","id":"ASB-A-298635078-af360e4f","digest":{"length":584,"function_hash":"82965898534591532984086544620584104426"},"target":{"file":"services/companion/java/com/android/server/companion/CompanionDeviceManagerService.java","function":"requestNotificationAccess"}},{"digest":{"length":183,"function_hash":"43095038762511238101975353702976297412"},"deprecated":false,"signature_version":"v1","source":"https://android.googlesource.com/platform/frameworks/base/+/38e1e9fb0357a3d0af5551cac83ad9b0b1fd0be2","id":"ASB-A-298635078-eb43ac84","target":{"file":"services/companion/java/com/android/server/companion/CompanionDeviceManagerService.java","function":"hasNotificationAccess"},"signature_type":"Function"}],"types":["ID"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-298635078.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"13:0"},{"fixed":"13:2024-04-01"}]}],"versions":["13"],"ecosystem_specific":{"spl":"2024-04-01","fixes":["https://android.googlesource.com/platform/frameworks/base/+/15eec4872d7b0fdfead3a8f5b4a1bb4d9ad82a0c"],"severity":"High","types":["ID"],"vanir_signatures":[{"digest":{"length":324,"function_hash":"173029907314831969588352356730720748041"},"deprecated":false,"signature_version":"v1","source":"https://android.googlesource.com/platform/frameworks/base/+/15eec4872d7b0fdfead3a8f5b4a1bb4d9ad82a0c","id":"ASB-A-298635078-09511614","target":{"file":"services/companion/java/com/android/server/companion/CompanionDeviceManagerService.java","function":"checkCanCallNotificationApi"},"signature_type":"Function"},{"target":{"file":"services/companion/java/com/android/server/companion/CompanionDeviceManagerService.java","function":"requestNotificationAccess"},"deprecated":false,"signature_version":"v1","id":"ASB-A-298635078-5870c43e","source":"https://android.googlesource.com/platform/frameworks/base/+/15eec4872d7b0fdfead3a8f5b4a1bb4d9ad82a0c","signature_type":"Function","digest":{"length":584,"function_hash":"82965898534591532984086544620584104426"}},{"target":{"file":"services/companion/java/com/android/server/companion/CompanionDeviceManagerService.java","function":"hasNotificationAccess"},"deprecated":false,"signature_version":"v1","id":"ASB-A-298635078-bd83d046","source":"https://android.googlesource.com/platform/frameworks/base/+/15eec4872d7b0fdfead3a8f5b4a1bb4d9ad82a0c","signature_type":"Function","digest":{"length":183,"function_hash":"43095038762511238101975353702976297412"}},{"target":{"file":"services/companion/java/com/android/server/companion/CompanionDeviceManagerService.java"},"deprecated":false,"signature_version":"v1","source":"https://android.googlesource.com/platform/frameworks/base/+/15eec4872d7b0fdfead3a8f5b4a1bb4d9ad82a0c","id":"ASB-A-298635078-fb811839","signature_type":"Line","digest":{"line_hashes":["235055368570902509845368135688908912691","46914772837610932699393074704245498036","143965187811282397119853525869334576475","207406646097850335216169154541288558099","1541481414671566929650348865673721681","198439889011393407708305208935883938336","68434358367093740788027285675272473764","36383238236546658061563661091805463698","114977226342569734230072593037231426736","68725759236570820763792637467364251579","118788571807013244513436783750616737032","213005690081425911274194467743767865198","201408134120087323544393823627838966732"],"threshold":0.9}}]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-298635078.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"14:0"},{"fixed":"14:2024-04-01"}]}],"versions":["14"],"ecosystem_specific":{"spl":"2024-04-01","fixes":["https://android.googlesource.com/platform/frameworks/base/+/12bb4ed9ab46d3e42326ef1c5e7b90aae80a9bfc"],"types":["ID"],"severity":"High","vanir_signatures":[{"target":{"file":"services/companion/java/com/android/server/companion/CompanionDeviceManagerService.java","function":"requestNotificationAccess"},"deprecated":false,"signature_version":"v1","source":"https://android.googlesource.com/platform/frameworks/base/+/12bb4ed9ab46d3e42326ef1c5e7b90aae80a9bfc","id":"ASB-A-298635078-177c6cce","signature_type":"Function","digest":{"length":584,"function_hash":"82965898534591532984086544620584104426"}},{"target":{"file":"services/companion/java/com/android/server/companion/CompanionDeviceManagerService.java"},"deprecated":false,"signature_version":"v1","id":"ASB-A-298635078-5ce7c935","source":"https://android.googlesource.com/platform/frameworks/base/+/12bb4ed9ab46d3e42326ef1c5e7b90aae80a9bfc","signature_type":"Line","digest":{"line_hashes":["235055368570902509845368135688908912691","46914772837610932699393074704245498036","143965187811282397119853525869334576475","207406646097850335216169154541288558099","1541481414671566929650348865673721681","198439889011393407708305208935883938336","68434358367093740788027285675272473764","36383238236546658061563661091805463698","249300913198780888612584497119342926850","258178459221036030024073464284086474097","118788571807013244513436783750616737032","213005690081425911274194467743767865198","201408134120087323544393823627838966732"],"threshold":0.9}},{"signature_type":"Function","deprecated":false,"signature_version":"v1","source":"https://android.googlesource.com/platform/frameworks/base/+/12bb4ed9ab46d3e42326ef1c5e7b90aae80a9bfc","id":"ASB-A-298635078-f6f10872","digest":{"length":183,"function_hash":"43095038762511238101975353702976297412"},"target":{"file":"services/companion/java/com/android/server/companion/CompanionDeviceManagerService.java","function":"hasNotificationAccess"}},{"digest":{"length":324,"function_hash":"173029907314831969588352356730720748041"},"deprecated":false,"signature_version":"v1","source":"https://android.googlesource.com/platform/frameworks/base/+/12bb4ed9ab46d3e42326ef1c5e7b90aae80a9bfc","id":"ASB-A-298635078-fa093a43","target":{"file":"services/companion/java/com/android/server/companion/CompanionDeviceManagerService.java","function":"checkCanCallNotificationApi"},"signature_type":"Function"}]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-298635078.json"}}],"schema_version":"1.7.5"}