{"id":"ASB-A-300007708","details":"In setParameter of MtpPacket.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-300007708","CVE-2024-0040"],"modified":"2026-05-15T15:01:37.959123Z","published":"2024-02-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2024-02-01"},{"type":"FIX","url":"https://android.googlesource.com/platform/frameworks/av/+/2ca6c27dc0336fd98f47cfb96dc514efa98e8864"}],"affected":[{"package":{"name":"platform/frameworks/av","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"14-next:0"},{"fixed":"14-next:2024-02-01"}]}],"versions":["14-next"],"ecosystem_specific":{"spl":"2024-02-01","severity":"High","types":["ID"],"vanir_signatures":[{"source":"https://android.googlesource.com/platform/frameworks/av/+/e1494a2d8e7eee25d7ea5469be43740e97294c99","digest":{"threshold":0.9,"line_hashes":["325429838327676121080075683515326448065","129768529294241399848549271647519954458","334674666946550792711235234589636658088","25817773784128918456096976811635035555","178465013067266614784176939361293545155"]},"id":"ASB-A-300007708-19e620ae","deprecated":false,"signature_version":"v1","target":{"file":"media/mtp/MtpPacket.cpp"},"signature_type":"Line"},{"source":"https://android.googlesource.com/platform/frameworks/av/+/e1494a2d8e7eee25d7ea5469be43740e97294c99","digest":{"length":372,"function_hash":"258562940385383442331892322260107070213"},"id":"ASB-A-300007708-b36b90c3","deprecated":false,"signature_version":"v1","target":{"function":"MtpPacket::setParameter","file":"media/mtp/MtpPacket.cpp"},"signature_type":"Function"}],"fixes":["https://android.googlesource.com/platform/frameworks/av/+/e1494a2d8e7eee25d7ea5469be43740e97294c99"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-300007708.json"}},{"package":{"name":"platform/frameworks/av","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"11:0"},{"fixed":"11:2024-02-01"}]}],"versions":["11"],"ecosystem_specific":{"spl":"2024-02-01","severity":"High","types":["ID"],"vanir_signatures":[{"source":"https://android.googlesource.com/platform/frameworks/av/+/edf60c63243903b9f27f58f4954c599470d011fd","digest":{"threshold":0.9,"line_hashes":["325429838327676121080075683515326448065","129768529294241399848549271647519954458","334674666946550792711235234589636658088","25817773784128918456096976811635035555","178465013067266614784176939361293545155"]},"id":"ASB-A-300007708-67bf0cf2","deprecated":false,"signature_version":"v1","target":{"file":"media/mtp/MtpPacket.cpp"},"signature_type":"Line"},{"source":"https://android.googlesource.com/platform/frameworks/av/+/edf60c63243903b9f27f58f4954c599470d011fd","digest":{"length":372,"function_hash":"258562940385383442331892322260107070213"},"id":"ASB-A-300007708-f84b2cc9","deprecated":false,"signature_version":"v1","target":{"function":"MtpPacket::setParameter","file":"media/mtp/MtpPacket.cpp"},"signature_type":"Function"}],"fixes":["https://android.googlesource.com/platform/frameworks/av/+/edf60c63243903b9f27f58f4954c599470d011fd"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-300007708.json"}},{"package":{"name":"platform/frameworks/av","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12:0"},{"fixed":"12:2024-02-01"}]}],"versions":["12"],"ecosystem_specific":{"spl":"2024-02-01","severity":"High","types":["ID"],"vanir_signatures":[{"source":"https://android.googlesource.com/platform/frameworks/av/+/55757c291af9c88bf829e01fda90e626f6ff06eb","digest":{"threshold":0.9,"line_hashes":["325429838327676121080075683515326448065","129768529294241399848549271647519954458","334674666946550792711235234589636658088","25817773784128918456096976811635035555","178465013067266614784176939361293545155"]},"id":"ASB-A-300007708-1a3ba7bc","deprecated":false,"signature_version":"v1","target":{"file":"media/mtp/MtpPacket.cpp"},"signature_type":"Line"},{"source":"https://android.googlesource.com/platform/frameworks/av/+/55757c291af9c88bf829e01fda90e626f6ff06eb","digest":{"length":372,"function_hash":"258562940385383442331892322260107070213"},"id":"ASB-A-300007708-f2c6a8ec","deprecated":false,"signature_version":"v1","target":{"function":"MtpPacket::setParameter","file":"media/mtp/MtpPacket.cpp"},"signature_type":"Function"}],"fixes":["https://android.googlesource.com/platform/frameworks/av/+/55757c291af9c88bf829e01fda90e626f6ff06eb"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-300007708.json"}},{"package":{"name":"platform/frameworks/av","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12L:0"},{"fixed":"12L:2024-02-01"}]}],"versions":["12L"],"ecosystem_specific":{"spl":"2024-02-01","severity":"High","types":["ID"],"vanir_signatures":[{"source":"https://android.googlesource.com/platform/frameworks/av/+/d5d10d821f05e8d03104921c4320d9739c0c475f","digest":{"threshold":0.9,"line_hashes":["325429838327676121080075683515326448065","129768529294241399848549271647519954458","334674666946550792711235234589636658088","25817773784128918456096976811635035555","178465013067266614784176939361293545155"]},"id":"ASB-A-300007708-344ed643","deprecated":false,"signature_version":"v1","target":{"file":"media/mtp/MtpPacket.cpp"},"signature_type":"Line"},{"source":"https://android.googlesource.com/platform/frameworks/av/+/d5d10d821f05e8d03104921c4320d9739c0c475f","digest":{"length":372,"function_hash":"258562940385383442331892322260107070213"},"id":"ASB-A-300007708-7fec4db4","deprecated":false,"signature_version":"v1","target":{"function":"MtpPacket::setParameter","file":"media/mtp/MtpPacket.cpp"},"signature_type":"Function"}],"fixes":["https://android.googlesource.com/platform/frameworks/av/+/d5d10d821f05e8d03104921c4320d9739c0c475f"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-300007708.json"}},{"package":{"name":"platform/frameworks/av","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"13:0"},{"fixed":"13:2024-02-01"}]}],"versions":["13"],"ecosystem_specific":{"spl":"2024-02-01","severity":"High","types":["ID"],"vanir_signatures":[{"source":"https://android.googlesource.com/platform/frameworks/av/+/960d83c60805bd0991e02cd72224a4063097af89","digest":{"length":372,"function_hash":"258562940385383442331892322260107070213"},"id":"ASB-A-300007708-a3fce1cd","deprecated":false,"signature_version":"v1","target":{"function":"MtpPacket::setParameter","file":"media/mtp/MtpPacket.cpp"},"signature_type":"Function"},{"source":"https://android.googlesource.com/platform/frameworks/av/+/960d83c60805bd0991e02cd72224a4063097af89","digest":{"threshold":0.9,"line_hashes":["325429838327676121080075683515326448065","129768529294241399848549271647519954458","334674666946550792711235234589636658088","25817773784128918456096976811635035555","178465013067266614784176939361293545155"]},"id":"ASB-A-300007708-af900d65","deprecated":false,"signature_version":"v1","target":{"file":"media/mtp/MtpPacket.cpp"},"signature_type":"Line"}],"fixes":["https://android.googlesource.com/platform/frameworks/av/+/960d83c60805bd0991e02cd72224a4063097af89"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-300007708.json"}},{"package":{"name":"platform/frameworks/av","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"14:0"},{"fixed":"14:2024-02-01"}]}],"versions":["14"],"ecosystem_specific":{"spl":"2024-02-01","severity":"High","types":["ID"],"vanir_signatures":[{"source":"https://android.googlesource.com/platform/frameworks/av/+/38852806102bb7e9d46f4b0de8a3b4918d625ad4","digest":{"length":372,"function_hash":"258562940385383442331892322260107070213"},"id":"ASB-A-300007708-2054454b","deprecated":false,"signature_version":"v1","target":{"function":"MtpPacket::setParameter","file":"media/mtp/MtpPacket.cpp"},"signature_type":"Function"},{"source":"https://android.googlesource.com/platform/frameworks/av/+/38852806102bb7e9d46f4b0de8a3b4918d625ad4","digest":{"threshold":0.9,"line_hashes":["325429838327676121080075683515326448065","129768529294241399848549271647519954458","334674666946550792711235234589636658088","25817773784128918456096976811635035555","178465013067266614784176939361293545155"]},"id":"ASB-A-300007708-8f2f84c7","deprecated":false,"signature_version":"v1","target":{"file":"media/mtp/MtpPacket.cpp"},"signature_type":"Line"}],"fixes":["https://android.googlesource.com/platform/frameworks/av/+/38852806102bb7e9d46f4b0de8a3b4918d625ad4"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-300007708.json"}}],"schema_version":"1.7.5"}