{"id":"ASB-A-308138085","details":"In mayAdminGrantPermission of AdminRestrictedPermissionsUtils.java, there is a possible way to access the microphone due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-308138085","CVE-2024-40661"],"modified":"2026-05-28T15:16:54.500952700Z","published":"2024-11-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2024-11-01"},{"type":"FIX","url":"https://android.googlesource.com/platform/packages/modules/Permission/+/ffd81f212b5594b498f0ba07645c7a181540e494"}],"affected":[{"package":{"name":"platform/packages/modules/Permission","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"15-next:0"},{"fixed":"15-next:2024-11-01"}]}],"versions":["15-next"],"ecosystem_specific":{"severity":"High","vanir_signatures":[{"digest":{"threshold":0.9,"line_hashes":["5977610278533112799394108797237227875","181066152385082617581071416066582320893","97249959646184958666342524136222994825","188003068610495928035701251781502116256","176490934733286443834973719250826472996","258530133400399656180304593983234643592","201346097777370587976180677698329970310","172063886974261074792075202845972416903","63187281755398356778378086911936239253","105015978386674386640843188140430786953","182548609187235165250868451508823467315","147138771630143450657336996674882770671"]},"id":"ASB-A-308138085-35cc438e","deprecated":false,"source":"https://android.googlesource.com/platform/packages/modules/Permission/+/682c92ee1e47918993a860ddb1ce02277f6f5a8a","signature_type":"Line","signature_version":"v1","target":{"file":"PermissionController/src/com/android/permissioncontroller/permission/utils/v31/AdminRestrictedPermissionsUtils.java"}},{"digest":{"length":324,"function_hash":"108895051496735661778370560613525097993"},"id":"ASB-A-308138085-5ec656b7","signature_version":"v1","source":"https://android.googlesource.com/platform/packages/modules/Permission/+/682c92ee1e47918993a860ddb1ce02277f6f5a8a","signature_type":"Function","deprecated":false,"target":{"file":"PermissionController/src/com/android/permissioncontroller/permission/utils/v31/AdminRestrictedPermissionsUtils.java","function":"mayAdminGrantPermission"}},{"digest":{"threshold":0.9,"line_hashes":["235758072495823610032550908306959227547","126775809132709055840787600879050217565","241637759348343480256067777365735448834","280508384916547576901269567438385634686"]},"id":"ASB-A-308138085-c2335cf1","deprecated":false,"source":"https://android.googlesource.com/platform/packages/modules/Permission/+/682c92ee1e47918993a860ddb1ce02277f6f5a8a","signature_type":"Line","signature_version":"v1","target":{"file":"PermissionController/src/com/android/permissioncontroller/permission/service/PermissionControllerServiceImpl.java"}},{"digest":{"length":2014,"function_hash":"212168720911549275414979624154360876251"},"id":"ASB-A-308138085-c71c0ec3","deprecated":false,"source":"https://android.googlesource.com/platform/packages/modules/Permission/+/682c92ee1e47918993a860ddb1ce02277f6f5a8a","signature_type":"Function","signature_version":"v1","target":{"file":"PermissionController/src/com/android/permissioncontroller/permission/service/PermissionControllerServiceImpl.java","function":"onSetRuntimePermissionGrantStateByDeviceAdmin"}}],"spl":"2024-11-01","fixes":["https://android.googlesource.com/platform/packages/modules/Permission/+/682c92ee1e47918993a860ddb1ce02277f6f5a8a","https://android.googlesource.com/platform/packages/modules/Permission/+/7d68f8c357dda295f9adcf9d3d49438b46d72727"],"types":["EoP"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-308138085.json"}},{"package":{"name":"platform/packages/modules/Permission","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12:0"},{"fixed":"12:2024-11-01"}]}],"versions":["12"],"ecosystem_specific":{"severity":"High","vanir_signatures":[{"digest":{"threshold":0.9,"line_hashes":["5977610278533112799394108797237227875","181066152385082617581071416066582320893","97249959646184958666342524136222994825","188003068610495928035701251781502116256","176490934733286443834973719250826472996","274956509606673407988337690483181355164","93403434017906500815022071656012337428","120339883156921414678146450036402509914","307709675523178807374683846964196361020","180976825026770325236964379717407338615","182548609187235165250868451508823467315","147138771630143450657336996674882770671"]},"id":"ASB-A-308138085-420c9489","signature_version":"v1","source":"https://android.googlesource.com/platform/packages/modules/Permission/+/1402927967512743990abea50482e54708446589","signature_type":"Line","deprecated":false,"target":{"file":"PermissionController/src/com/android/permissioncontroller/permission/utils/AdminRestrictedPermissionsUtils.java"}},{"digest":{"threshold":0.9,"line_hashes":["250278357060064796101495713172652407160","230289112673800829523769362281675260294","113492446165658148277943241753942762290","16459791351330223224549739424635806908"]},"id":"ASB-A-308138085-7a84d440","deprecated":false,"source":"https://android.googlesource.com/platform/packages/modules/Permission/+/1402927967512743990abea50482e54708446589","signature_type":"Line","signature_version":"v1","target":{"file":"PermissionController/src/com/android/permissioncontroller/permission/service/PermissionControllerServiceImpl.java"}},{"digest":{"length":1663,"function_hash":"231131518583073194055839929721980090487"},"id":"ASB-A-308138085-7e77240d","deprecated":false,"source":"https://android.googlesource.com/platform/packages/modules/Permission/+/1402927967512743990abea50482e54708446589","signature_type":"Function","signature_version":"v1","target":{"file":"PermissionController/src/com/android/permissioncontroller/permission/service/PermissionControllerServiceImpl.java","function":"onSetRuntimePermissionGrantStateByDeviceAdmin"}},{"digest":{"length":314,"function_hash":"297088448659959418058363703061105402067"},"id":"ASB-A-308138085-bc194f9e","signature_version":"v1","source":"https://android.googlesource.com/platform/packages/modules/Permission/+/1402927967512743990abea50482e54708446589","signature_type":"Function","deprecated":false,"target":{"file":"PermissionController/src/com/android/permissioncontroller/permission/utils/AdminRestrictedPermissionsUtils.java","function":"mayAdminGrantPermission"}}],"fixes":["https://android.googlesource.com/platform/packages/modules/Permission/+/1402927967512743990abea50482e54708446589"],"spl":"2024-11-01","types":["EoP"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-308138085.json"}},{"package":{"name":"platform/packages/modules/Permission","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12L:0"},{"fixed":"12L:2024-11-01"}]}],"versions":["12L"],"ecosystem_specific":{"severity":"High","vanir_signatures":[{"digest":{"length":1663,"function_hash":"231131518583073194055839929721980090487"},"id":"ASB-A-308138085-5ef9893b","deprecated":false,"source":"https://android.googlesource.com/platform/packages/modules/Permission/+/2beda333ef5a4a3685e30bfdce7d8c6ae6487c1f","signature_type":"Function","signature_version":"v1","target":{"file":"PermissionController/src/com/android/permissioncontroller/permission/service/PermissionControllerServiceImpl.java","function":"onSetRuntimePermissionGrantStateByDeviceAdmin"}},{"digest":{"length":314,"function_hash":"297088448659959418058363703061105402067"},"id":"ASB-A-308138085-bf37c85e","deprecated":false,"source":"https://android.googlesource.com/platform/packages/modules/Permission/+/2beda333ef5a4a3685e30bfdce7d8c6ae6487c1f","signature_type":"Function","signature_version":"v1","target":{"file":"PermissionController/src/com/android/permissioncontroller/permission/utils/AdminRestrictedPermissionsUtils.java","function":"mayAdminGrantPermission"}},{"digest":{"threshold":0.9,"line_hashes":["5977610278533112799394108797237227875","181066152385082617581071416066582320893","97249959646184958666342524136222994825","188003068610495928035701251781502116256","176490934733286443834973719250826472996","274956509606673407988337690483181355164","93403434017906500815022071656012337428","120339883156921414678146450036402509914","307709675523178807374683846964196361020","180976825026770325236964379717407338615","182548609187235165250868451508823467315","147138771630143450657336996674882770671"]},"id":"ASB-A-308138085-c52dd18c","signature_version":"v1","source":"https://android.googlesource.com/platform/packages/modules/Permission/+/2beda333ef5a4a3685e30bfdce7d8c6ae6487c1f","signature_type":"Line","deprecated":false,"target":{"file":"PermissionController/src/com/android/permissioncontroller/permission/utils/AdminRestrictedPermissionsUtils.java"}},{"digest":{"threshold":0.9,"line_hashes":["250278357060064796101495713172652407160","230289112673800829523769362281675260294","113492446165658148277943241753942762290","16459791351330223224549739424635806908"]},"id":"ASB-A-308138085-f4d5da66","deprecated":false,"source":"https://android.googlesource.com/platform/packages/modules/Permission/+/2beda333ef5a4a3685e30bfdce7d8c6ae6487c1f","signature_type":"Line","signature_version":"v1","target":{"file":"PermissionController/src/com/android/permissioncontroller/permission/service/PermissionControllerServiceImpl.java"}}],"fixes":["https://android.googlesource.com/platform/packages/modules/Permission/+/2beda333ef5a4a3685e30bfdce7d8c6ae6487c1f"],"spl":"2024-11-01","types":["EoP"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-308138085.json"}},{"package":{"name":"platform/packages/modules/Permission","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"13:0"},{"fixed":"13:2024-11-01"}]}],"versions":["13"],"ecosystem_specific":{"severity":"High","vanir_signatures":[{"digest":{"length":1663,"function_hash":"231131518583073194055839929721980090487"},"id":"ASB-A-308138085-4c740421","signature_version":"v1","source":"https://android.googlesource.com/platform/packages/modules/Permission/+/cee0dab747af4563998f6225f120db4f318843f1","signature_type":"Function","deprecated":false,"target":{"file":"PermissionController/src/com/android/permissioncontroller/permission/service/PermissionControllerServiceImpl.java","function":"onSetRuntimePermissionGrantStateByDeviceAdmin"}},{"digest":{"threshold":0.9,"line_hashes":["250278357060064796101495713172652407160","230289112673800829523769362281675260294","113492446165658148277943241753942762290","16459791351330223224549739424635806908"]},"id":"ASB-A-308138085-60a92c01","deprecated":false,"source":"https://android.googlesource.com/platform/packages/modules/Permission/+/cee0dab747af4563998f6225f120db4f318843f1","signature_type":"Line","signature_version":"v1","target":{"file":"PermissionController/src/com/android/permissioncontroller/permission/service/PermissionControllerServiceImpl.java"}},{"digest":{"length":314,"function_hash":"297088448659959418058363703061105402067"},"id":"ASB-A-308138085-7dc34130","deprecated":false,"source":"https://android.googlesource.com/platform/packages/modules/Permission/+/cee0dab747af4563998f6225f120db4f318843f1","signature_type":"Function","signature_version":"v1","target":{"file":"PermissionController/src/com/android/permissioncontroller/permission/utils/AdminRestrictedPermissionsUtils.java","function":"mayAdminGrantPermission"}},{"digest":{"threshold":0.9,"line_hashes":["5977610278533112799394108797237227875","181066152385082617581071416066582320893","97249959646184958666342524136222994825","188003068610495928035701251781502116256","176490934733286443834973719250826472996","274956509606673407988337690483181355164","93403434017906500815022071656012337428","120339883156921414678146450036402509914","307709675523178807374683846964196361020","180976825026770325236964379717407338615","182548609187235165250868451508823467315","147138771630143450657336996674882770671"]},"id":"ASB-A-308138085-df6069ff","signature_version":"v1","source":"https://android.googlesource.com/platform/packages/modules/Permission/+/cee0dab747af4563998f6225f120db4f318843f1","signature_type":"Line","deprecated":false,"target":{"file":"PermissionController/src/com/android/permissioncontroller/permission/utils/AdminRestrictedPermissionsUtils.java"}}],"spl":"2024-11-01","fixes":["https://android.googlesource.com/platform/packages/modules/Permission/+/cee0dab747af4563998f6225f120db4f318843f1"],"types":["EoP"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-308138085.json"}},{"package":{"name":"platform/packages/modules/Permission","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"14:0"},{"fixed":"14:2024-11-01"}]}],"versions":["14"],"ecosystem_specific":{"severity":"High","vanir_signatures":[{"digest":{"threshold":0.9,"line_hashes":["5977610278533112799394108797237227875","181066152385082617581071416066582320893","97249959646184958666342524136222994825","188003068610495928035701251781502116256","176490934733286443834973719250826472996","258530133400399656180304593983234643592","201346097777370587976180677698329970310","172063886974261074792075202845972416903","63187281755398356778378086911936239253","105015978386674386640843188140430786953","182548609187235165250868451508823467315","147138771630143450657336996674882770671"]},"id":"ASB-A-308138085-28573adb","signature_version":"v1","source":"https://android.googlesource.com/platform/packages/modules/Permission/+/4857b928217abcbed4c24a180b6285a23174e565","signature_type":"Line","deprecated":false,"target":{"file":"PermissionController/src/com/android/permissioncontroller/permission/utils/v31/AdminRestrictedPermissionsUtils.java"}},{"digest":{"length":324,"function_hash":"108895051496735661778370560613525097993"},"id":"ASB-A-308138085-307968da","deprecated":false,"source":"https://android.googlesource.com/platform/packages/modules/Permission/+/4857b928217abcbed4c24a180b6285a23174e565","signature_type":"Function","signature_version":"v1","target":{"file":"PermissionController/src/com/android/permissioncontroller/permission/utils/v31/AdminRestrictedPermissionsUtils.java","function":"mayAdminGrantPermission"}},{"digest":{"threshold":0.9,"line_hashes":["235758072495823610032550908306959227547","126775809132709055840787600879050217565","241637759348343480256067777365735448834","280508384916547576901269567438385634686"]},"id":"ASB-A-308138085-63ad00e8","deprecated":false,"source":"https://android.googlesource.com/platform/packages/modules/Permission/+/4857b928217abcbed4c24a180b6285a23174e565","signature_type":"Line","signature_version":"v1","target":{"file":"PermissionController/src/com/android/permissioncontroller/permission/service/PermissionControllerServiceImpl.java"}},{"digest":{"length":1710,"function_hash":"190184821802661765368295455242639825038"},"id":"ASB-A-308138085-8f123e05","deprecated":false,"source":"https://android.googlesource.com/platform/packages/modules/Permission/+/4857b928217abcbed4c24a180b6285a23174e565","signature_type":"Function","signature_version":"v1","target":{"file":"PermissionController/src/com/android/permissioncontroller/permission/service/PermissionControllerServiceImpl.java","function":"onSetRuntimePermissionGrantStateByDeviceAdmin"}}],"fixes":["https://android.googlesource.com/platform/packages/modules/Permission/+/4857b928217abcbed4c24a180b6285a23174e565"],"spl":"2024-11-01","types":["EoP"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-308138085.json"}}],"schema_version":"1.7.5"}