{"id":"ASB-A-300904123","details":"In bindAndGetCallIdentification of CallScreeningServiceHelper.java, there is a possible way to maintain a while-in-use permission in the background due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.","aliases":["A-300904123","CVE-2024-40655"],"modified":"2026-05-26T15:46:26.044149249Z","published":"2024-09-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2024-09-01"},{"type":"FIX","url":"https://android.googlesource.com/platform/packages/services/Telecomm/+/eeef54b37a362f506ea3aa155baddc545b6a909a"}],"affected":[{"package":{"name":"platform/packages/services/Telecomm","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"15-next:0"},{"fixed":"15-next:2024-09-01"}]}],"versions":["15-next"],"ecosystem_specific":{"spl":"2024-09-01","fixes":["https://android.googlesource.com/platform/packages/services/Telecomm/+/9d97cd5825066ac8e15bbf97f6755663c5341afb"],"vanir_signatures":[{"deprecated":false,"source":"https://android.googlesource.com/platform/packages/services/Telecomm/+/9d97cd5825066ac8e15bbf97f6755663c5341afb","signature_version":"v1","id":"ASB-A-300904123-757ae549","signature_type":"Function","digest":{"length":2168,"function_hash":"198401407537733887006058687753261895269"},"target":{"file":"src/com/android/server/telecom/CallScreeningServiceHelper.java","function":"bindAndGetCallIdentification"}},{"deprecated":false,"source":"https://android.googlesource.com/platform/packages/services/Telecomm/+/9d97cd5825066ac8e15bbf97f6755663c5341afb","signature_version":"v1","id":"ASB-A-300904123-afd8bf7c","signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["273007395339179459318524592803684622704","142951750098190853354393223095975446028","204579555969700246112803004237674141628","108473673675401684701075550158319777465"]},"target":{"file":"src/com/android/server/telecom/CallScreeningServiceHelper.java"}}],"types":["EoP"],"severity":"High"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-300904123.json"}},{"package":{"name":"platform/packages/services/Telecomm","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12:0"},{"fixed":"12:2024-09-01"}]}],"versions":["12"],"ecosystem_specific":{"spl":"2024-09-01","fixes":["https://android.googlesource.com/platform/packages/services/Telecomm/+/d57f25311acb7fb887fb0296364526345cc905bb"],"vanir_signatures":[{"deprecated":false,"source":"https://android.googlesource.com/platform/packages/services/Telecomm/+/d57f25311acb7fb887fb0296364526345cc905bb","signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["273007395339179459318524592803684622704","142951750098190853354393223095975446028","204579555969700246112803004237674141628","108473673675401684701075550158319777465"]},"signature_type":"Line","id":"ASB-A-300904123-84928286","target":{"file":"src/com/android/server/telecom/CallScreeningServiceHelper.java"}},{"deprecated":false,"source":"https://android.googlesource.com/platform/packages/services/Telecomm/+/d57f25311acb7fb887fb0296364526345cc905bb","signature_version":"v1","digest":{"length":2168,"function_hash":"118735567341144056654850713330831375971"},"signature_type":"Function","id":"ASB-A-300904123-8fd9a854","target":{"file":"src/com/android/server/telecom/CallScreeningServiceHelper.java","function":"bindAndGetCallIdentification"}}],"types":["EoP"],"severity":"High"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-300904123.json"}},{"package":{"name":"platform/packages/services/Telecomm","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12L:0"},{"fixed":"12L:2024-09-01"}]}],"versions":["12L"],"ecosystem_specific":{"spl":"2024-09-01","fixes":["https://android.googlesource.com/platform/packages/services/Telecomm/+/d57f25311acb7fb887fb0296364526345cc905bb"],"types":["EoP"],"vanir_signatures":[{"deprecated":false,"source":"https://android.googlesource.com/platform/packages/services/Telecomm/+/d57f25311acb7fb887fb0296364526345cc905bb","signature_version":"v1","id":"ASB-A-300904123-2a3fca47","signature_type":"Function","digest":{"length":2168,"function_hash":"118735567341144056654850713330831375971"},"target":{"file":"src/com/android/server/telecom/CallScreeningServiceHelper.java","function":"bindAndGetCallIdentification"}},{"deprecated":false,"source":"https://android.googlesource.com/platform/packages/services/Telecomm/+/d57f25311acb7fb887fb0296364526345cc905bb","signature_version":"v1","id":"ASB-A-300904123-fb525faf","signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["273007395339179459318524592803684622704","142951750098190853354393223095975446028","204579555969700246112803004237674141628","108473673675401684701075550158319777465"]},"target":{"file":"src/com/android/server/telecom/CallScreeningServiceHelper.java"}}],"severity":"High"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-300904123.json"}},{"package":{"name":"platform/packages/services/Telecomm","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"13:0"},{"fixed":"13:2024-09-01"}]}],"versions":["13"],"ecosystem_specific":{"spl":"2024-09-01","fixes":["https://android.googlesource.com/platform/packages/services/Telecomm/+/d57f25311acb7fb887fb0296364526345cc905bb"],"types":["EoP"],"vanir_signatures":[{"deprecated":false,"source":"https://android.googlesource.com/platform/packages/services/Telecomm/+/d57f25311acb7fb887fb0296364526345cc905bb","signature_version":"v1","id":"ASB-A-300904123-b64e576a","signature_type":"Function","digest":{"length":2168,"function_hash":"118735567341144056654850713330831375971"},"target":{"file":"src/com/android/server/telecom/CallScreeningServiceHelper.java","function":"bindAndGetCallIdentification"}},{"deprecated":false,"source":"https://android.googlesource.com/platform/packages/services/Telecomm/+/d57f25311acb7fb887fb0296364526345cc905bb","signature_version":"v1","id":"ASB-A-300904123-f92483be","signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["273007395339179459318524592803684622704","142951750098190853354393223095975446028","204579555969700246112803004237674141628","108473673675401684701075550158319777465"]},"target":{"file":"src/com/android/server/telecom/CallScreeningServiceHelper.java"}}],"severity":"High"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-300904123.json"}},{"package":{"name":"platform/packages/services/Telecomm","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"14:0"},{"fixed":"14:2024-09-01"}]}],"versions":["14"],"ecosystem_specific":{"spl":"2024-09-01","fixes":["https://android.googlesource.com/platform/packages/services/Telecomm/+/d57f25311acb7fb887fb0296364526345cc905bb"],"types":["EoP"],"vanir_signatures":[{"deprecated":false,"source":"https://android.googlesource.com/platform/packages/services/Telecomm/+/d57f25311acb7fb887fb0296364526345cc905bb","signature_version":"v1","digest":{"length":2168,"function_hash":"118735567341144056654850713330831375971"},"signature_type":"Function","id":"ASB-A-300904123-b832ea34","target":{"file":"src/com/android/server/telecom/CallScreeningServiceHelper.java","function":"bindAndGetCallIdentification"}},{"deprecated":false,"source":"https://android.googlesource.com/platform/packages/services/Telecomm/+/d57f25311acb7fb887fb0296364526345cc905bb","signature_version":"v1","id":"ASB-A-300904123-d42f19f0","signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["273007395339179459318524592803684622704","142951750098190853354393223095975446028","204579555969700246112803004237674141628","108473673675401684701075550158319777465"]},"target":{"file":"src/com/android/server/telecom/CallScreeningServiceHelper.java"}}],"severity":"High"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-300904123.json"}}],"schema_version":"1.7.5"}