{"id":"ASB-A-300090204","details":"In convertToComponentName of DreamService.java, there is a possible way to launch arbitrary protected activities due to intent redirection. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-300090204","CVE-2024-0015"],"modified":"2026-05-01T15:24:27.653932Z","published":"2024-01-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2024-01-01"},{"type":"FIX","url":"https://android.googlesource.com/platform/frameworks/base/+/2ce1b7fd37273ea19fbbb6daeeaa6212357b9a70"}],"affected":[{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"14-next:0"},{"fixed":"14-next:2024-01-01"}]}],"versions":["14-next"],"ecosystem_specific":{"spl":"2024-01-01","fixes":["https://android.googlesource.com/platform/frameworks/base/+/2ce1b7fd37273ea19fbbb6daeeaa6212357b9a70"],"severity":"High","types":["EoP"],"vanir_signatures":[{"signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["142275142473583811656257925932801215932","80607861949381175184438557088515049005","28754939496718491312327854094553077963","161741354498231441500213550542794601380","31810291832700185900069539269853300952","76201736618210912462135528215241407154","13572015017283725455848689928188277669","123200632612740350257613156920026447093","99189086500324707981847462972527388857","238865122492803814029196695279813184174","135188360535559844316574743883758800389","28496705184192827839311415886852564114","130169205191785451277261575911863144490","12884332751236020770911350680320607449","27175867381462649513143951036261802049","85940367650815511313909572387718700761","330677813483266743538214358220343613206","123797315748070501987140919842285346625","56771758489640633155088313326080049367"]},"target":{"file":"core/java/android/service/dreams/DreamService.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/2ce1b7fd37273ea19fbbb6daeeaa6212357b9a70","deprecated":false,"signature_type":"Line","id":"ASB-A-300090204-16f5859a"},{"digest":{"function_hash":"42220059353017145088428329988357325663","length":572},"deprecated":false,"match_only_versions":["14-next"],"id":"ASB-A-300090204-b8a29ebb","signature_version":"v1","source":"https://android.googlesource.com/platform/frameworks/base/+/2ce1b7fd37273ea19fbbb6daeeaa6212357b9a70","target":{"function":"getDreamMetadata","file":"core/java/android/service/dreams/DreamService.java"},"signature_type":"Function"},{"signature_version":"v1","digest":{"function_hash":"95995390880890190389146015024656609599","length":212},"target":{"function":"convertToComponentName","file":"core/java/android/service/dreams/DreamService.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/2ce1b7fd37273ea19fbbb6daeeaa6212357b9a70","deprecated":false,"signature_type":"Function","id":"ASB-A-300090204-edef98e7"}]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-300090204.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"11:0"},{"fixed":"11:2024-01-01"}]}],"versions":["11"],"ecosystem_specific":{"spl":"2024-01-01","fixes":["https://android.googlesource.com/platform/frameworks/base/+/6926fd15fb16c51468dde270bd61ee68772b8c14"],"severity":"High","types":["EoP"],"vanir_signatures":[{"signature_version":"v1","digest":{"function_hash":"96258658890430209807344348180496553242","length":1446},"target":{"function":"getSettingsComponentName","file":"packages/SettingsLib/src/com/android/settingslib/dream/DreamBackend.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/6926fd15fb16c51468dde270bd61ee68772b8c14","deprecated":false,"signature_type":"Function","id":"ASB-A-300090204-483aa553"},{"signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["234723719755661055601629732360349019693","138731044910258141424481377194987602346","91263052745282201238370258976369237336","255658402388288149290082503730355880643"]},"target":{"file":"packages/SettingsLib/src/com/android/settingslib/dream/DreamBackend.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/6926fd15fb16c51468dde270bd61ee68772b8c14","deprecated":false,"signature_type":"Line","id":"ASB-A-300090204-f5c4428d"}]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-300090204.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12:0"},{"fixed":"12:2024-01-01"}]}],"versions":["12"],"ecosystem_specific":{"spl":"2024-01-01","fixes":["https://android.googlesource.com/platform/frameworks/base/+/6926fd15fb16c51468dde270bd61ee68772b8c14"],"severity":"High","types":["EoP"],"vanir_signatures":[{"signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["234723719755661055601629732360349019693","138731044910258141424481377194987602346","91263052745282201238370258976369237336","255658402388288149290082503730355880643"]},"target":{"file":"packages/SettingsLib/src/com/android/settingslib/dream/DreamBackend.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/6926fd15fb16c51468dde270bd61ee68772b8c14","deprecated":false,"signature_type":"Line","id":"ASB-A-300090204-816d1262"},{"signature_version":"v1","digest":{"function_hash":"96258658890430209807344348180496553242","length":1446},"target":{"function":"getSettingsComponentName","file":"packages/SettingsLib/src/com/android/settingslib/dream/DreamBackend.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/6926fd15fb16c51468dde270bd61ee68772b8c14","deprecated":false,"signature_type":"Function","id":"ASB-A-300090204-d28c02c4"}]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-300090204.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12L:0"},{"fixed":"12L:2024-01-01"}]}],"versions":["12L"],"ecosystem_specific":{"spl":"2024-01-01","fixes":["https://android.googlesource.com/platform/frameworks/base/+/6926fd15fb16c51468dde270bd61ee68772b8c14"],"severity":"High","types":["EoP"],"vanir_signatures":[{"signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["234723719755661055601629732360349019693","138731044910258141424481377194987602346","91263052745282201238370258976369237336","255658402388288149290082503730355880643"]},"target":{"file":"packages/SettingsLib/src/com/android/settingslib/dream/DreamBackend.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/6926fd15fb16c51468dde270bd61ee68772b8c14","deprecated":false,"signature_type":"Line","id":"ASB-A-300090204-60971f8d"},{"signature_version":"v1","digest":{"function_hash":"96258658890430209807344348180496553242","length":1446},"target":{"function":"getSettingsComponentName","file":"packages/SettingsLib/src/com/android/settingslib/dream/DreamBackend.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/6926fd15fb16c51468dde270bd61ee68772b8c14","deprecated":false,"signature_type":"Function","id":"ASB-A-300090204-c94e54e6"}]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-300090204.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"13:0"},{"fixed":"13:2024-01-01"}]}],"versions":["13"],"ecosystem_specific":{"spl":"2024-01-01","fixes":["https://android.googlesource.com/platform/frameworks/base/+/bf8ff047eb25960720a688cb16aa44b3775799da"],"severity":"High","types":["EoP"],"vanir_signatures":[{"signature_version":"v1","digest":{"function_hash":"95995390880890190389146015024656609599","length":212},"target":{"function":"convertToComponentName","file":"core/java/android/service/dreams/DreamService.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/bf8ff047eb25960720a688cb16aa44b3775799da","deprecated":false,"signature_type":"Function","id":"ASB-A-300090204-10c7fd51"},{"signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["130169205191785451277261575911863144490","12884332751236020770911350680320607449","27175867381462649513143951036261802049","85940367650815511313909572387718700761"]},"target":{"file":"core/java/android/service/dreams/DreamService.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/bf8ff047eb25960720a688cb16aa44b3775799da","deprecated":false,"signature_type":"Line","id":"ASB-A-300090204-d046b762"}]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-300090204.json"}}],"schema_version":"1.7.5"}