{"id":"ASB-A-308138085","details":"In mayAdminGrantPermission of AdminRestrictedPermissionsUtils.java, there is a possible way to access the microphone due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-308138085","CVE-2024-40661"],"modified":"2026-04-10T16:16:18.068628Z","published":"2024-11-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2024-11-01"},{"type":"FIX","url":"https://android.googlesource.com/platform/packages/modules/Permission/+/ffd81f212b5594b498f0ba07645c7a181540e494"}],"affected":[{"package":{"name":"platform/packages/modules/Permission","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"15-next:0"},{"fixed":"15-next:2024-11-01"}]}],"versions":["15-next"],"ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/packages/modules/Permission/+/682c92ee1e47918993a860ddb1ce02277f6f5a8a","https://android.googlesource.com/platform/packages/modules/Permission/+/7d68f8c357dda295f9adcf9d3d49438b46d72727"],"severity":"High","spl":"2024-11-01","vanir_signatures":[{"target":{"file":"PermissionController/src/com/android/permissioncontroller/permission/utils/v31/AdminRestrictedPermissionsUtils.java"},"signature_type":"Line","deprecated":false,"id":"ASB-A-308138085-35cc438e","source":"https://android.googlesource.com/platform/packages/modules/Permission/+/682c92ee1e47918993a860ddb1ce02277f6f5a8a","digest":{"threshold":0.9,"line_hashes":["5977610278533112799394108797237227875","181066152385082617581071416066582320893","97249959646184958666342524136222994825","188003068610495928035701251781502116256","176490934733286443834973719250826472996","258530133400399656180304593983234643592","201346097777370587976180677698329970310","172063886974261074792075202845972416903","63187281755398356778378086911936239253","105015978386674386640843188140430786953","182548609187235165250868451508823467315","147138771630143450657336996674882770671"]},"signature_version":"v1"},{"target":{"file":"PermissionController/src/com/android/permissioncontroller/permission/utils/v31/AdminRestrictedPermissionsUtils.java","function":"mayAdminGrantPermission"},"signature_type":"Function","deprecated":false,"id":"ASB-A-308138085-5ec656b7","source":"https://android.googlesource.com/platform/packages/modules/Permission/+/682c92ee1e47918993a860ddb1ce02277f6f5a8a","digest":{"function_hash":"108895051496735661778370560613525097993","length":324},"signature_version":"v1"},{"target":{"file":"PermissionController/src/com/android/permissioncontroller/permission/service/PermissionControllerServiceImpl.java"},"signature_type":"Line","deprecated":false,"id":"ASB-A-308138085-c2335cf1","source":"https://android.googlesource.com/platform/packages/modules/Permission/+/682c92ee1e47918993a860ddb1ce02277f6f5a8a","digest":{"threshold":0.9,"line_hashes":["235758072495823610032550908306959227547","126775809132709055840787600879050217565","241637759348343480256067777365735448834","280508384916547576901269567438385634686"]},"signature_version":"v1"},{"target":{"file":"PermissionController/src/com/android/permissioncontroller/permission/service/PermissionControllerServiceImpl.java","function":"onSetRuntimePermissionGrantStateByDeviceAdmin"},"signature_type":"Function","deprecated":false,"id":"ASB-A-308138085-c71c0ec3","source":"https://android.googlesource.com/platform/packages/modules/Permission/+/682c92ee1e47918993a860ddb1ce02277f6f5a8a","digest":{"function_hash":"212168720911549275414979624154360876251","length":2014},"signature_version":"v1"}],"types":["EoP"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-308138085.json"}},{"package":{"name":"platform/packages/modules/Permission","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12:0"},{"fixed":"12:2024-11-01"}]}],"versions":["12"],"ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/packages/modules/Permission/+/1402927967512743990abea50482e54708446589"],"severity":"High","spl":"2024-11-01","vanir_signatures":[{"target":{"file":"PermissionController/src/com/android/permissioncontroller/permission/utils/AdminRestrictedPermissionsUtils.java"},"signature_type":"Line","deprecated":false,"id":"ASB-A-308138085-420c9489","source":"https://android.googlesource.com/platform/packages/modules/Permission/+/1402927967512743990abea50482e54708446589","digest":{"threshold":0.9,"line_hashes":["5977610278533112799394108797237227875","181066152385082617581071416066582320893","97249959646184958666342524136222994825","188003068610495928035701251781502116256","176490934733286443834973719250826472996","274956509606673407988337690483181355164","93403434017906500815022071656012337428","120339883156921414678146450036402509914","307709675523178807374683846964196361020","180976825026770325236964379717407338615","182548609187235165250868451508823467315","147138771630143450657336996674882770671"]},"signature_version":"v1"},{"target":{"file":"PermissionController/src/com/android/permissioncontroller/permission/service/PermissionControllerServiceImpl.java"},"signature_type":"Line","deprecated":false,"id":"ASB-A-308138085-7a84d440","source":"https://android.googlesource.com/platform/packages/modules/Permission/+/1402927967512743990abea50482e54708446589","digest":{"threshold":0.9,"line_hashes":["250278357060064796101495713172652407160","230289112673800829523769362281675260294","113492446165658148277943241753942762290","16459791351330223224549739424635806908"]},"signature_version":"v1"},{"target":{"file":"PermissionController/src/com/android/permissioncontroller/permission/service/PermissionControllerServiceImpl.java","function":"onSetRuntimePermissionGrantStateByDeviceAdmin"},"signature_type":"Function","deprecated":false,"id":"ASB-A-308138085-7e77240d","source":"https://android.googlesource.com/platform/packages/modules/Permission/+/1402927967512743990abea50482e54708446589","digest":{"function_hash":"231131518583073194055839929721980090487","length":1663},"signature_version":"v1"},{"target":{"file":"PermissionController/src/com/android/permissioncontroller/permission/utils/AdminRestrictedPermissionsUtils.java","function":"mayAdminGrantPermission"},"signature_type":"Function","deprecated":false,"id":"ASB-A-308138085-bc194f9e","source":"https://android.googlesource.com/platform/packages/modules/Permission/+/1402927967512743990abea50482e54708446589","digest":{"function_hash":"297088448659959418058363703061105402067","length":314},"signature_version":"v1"}],"types":["EoP"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-308138085.json"}},{"package":{"name":"platform/packages/modules/Permission","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12L:0"},{"fixed":"12L:2024-11-01"}]}],"versions":["12L"],"ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/packages/modules/Permission/+/2beda333ef5a4a3685e30bfdce7d8c6ae6487c1f"],"severity":"High","spl":"2024-11-01","vanir_signatures":[{"target":{"file":"PermissionController/src/com/android/permissioncontroller/permission/service/PermissionControllerServiceImpl.java","function":"onSetRuntimePermissionGrantStateByDeviceAdmin"},"signature_type":"Function","deprecated":false,"id":"ASB-A-308138085-5ef9893b","source":"https://android.googlesource.com/platform/packages/modules/Permission/+/2beda333ef5a4a3685e30bfdce7d8c6ae6487c1f","digest":{"function_hash":"231131518583073194055839929721980090487","length":1663},"signature_version":"v1"},{"target":{"file":"PermissionController/src/com/android/permissioncontroller/permission/utils/AdminRestrictedPermissionsUtils.java","function":"mayAdminGrantPermission"},"signature_type":"Function","deprecated":false,"id":"ASB-A-308138085-bf37c85e","source":"https://android.googlesource.com/platform/packages/modules/Permission/+/2beda333ef5a4a3685e30bfdce7d8c6ae6487c1f","digest":{"function_hash":"297088448659959418058363703061105402067","length":314},"signature_version":"v1"},{"target":{"file":"PermissionController/src/com/android/permissioncontroller/permission/utils/AdminRestrictedPermissionsUtils.java"},"signature_type":"Line","deprecated":false,"id":"ASB-A-308138085-c52dd18c","source":"https://android.googlesource.com/platform/packages/modules/Permission/+/2beda333ef5a4a3685e30bfdce7d8c6ae6487c1f","digest":{"threshold":0.9,"line_hashes":["5977610278533112799394108797237227875","181066152385082617581071416066582320893","97249959646184958666342524136222994825","188003068610495928035701251781502116256","176490934733286443834973719250826472996","274956509606673407988337690483181355164","93403434017906500815022071656012337428","120339883156921414678146450036402509914","307709675523178807374683846964196361020","180976825026770325236964379717407338615","182548609187235165250868451508823467315","147138771630143450657336996674882770671"]},"signature_version":"v1"},{"target":{"file":"PermissionController/src/com/android/permissioncontroller/permission/service/PermissionControllerServiceImpl.java"},"signature_type":"Line","deprecated":false,"id":"ASB-A-308138085-f4d5da66","source":"https://android.googlesource.com/platform/packages/modules/Permission/+/2beda333ef5a4a3685e30bfdce7d8c6ae6487c1f","digest":{"threshold":0.9,"line_hashes":["250278357060064796101495713172652407160","230289112673800829523769362281675260294","113492446165658148277943241753942762290","16459791351330223224549739424635806908"]},"signature_version":"v1"}],"types":["EoP"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-308138085.json"}},{"package":{"name":"platform/packages/modules/Permission","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"13:0"},{"fixed":"13:2024-11-01"}]}],"versions":["13"],"ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/packages/modules/Permission/+/cee0dab747af4563998f6225f120db4f318843f1"],"severity":"High","spl":"2024-11-01","vanir_signatures":[{"target":{"file":"PermissionController/src/com/android/permissioncontroller/permission/service/PermissionControllerServiceImpl.java","function":"onSetRuntimePermissionGrantStateByDeviceAdmin"},"signature_type":"Function","deprecated":false,"id":"ASB-A-308138085-4c740421","source":"https://android.googlesource.com/platform/packages/modules/Permission/+/cee0dab747af4563998f6225f120db4f318843f1","digest":{"function_hash":"231131518583073194055839929721980090487","length":1663},"signature_version":"v1"},{"target":{"file":"PermissionController/src/com/android/permissioncontroller/permission/service/PermissionControllerServiceImpl.java"},"signature_type":"Line","deprecated":false,"id":"ASB-A-308138085-60a92c01","source":"https://android.googlesource.com/platform/packages/modules/Permission/+/cee0dab747af4563998f6225f120db4f318843f1","digest":{"threshold":0.9,"line_hashes":["250278357060064796101495713172652407160","230289112673800829523769362281675260294","113492446165658148277943241753942762290","16459791351330223224549739424635806908"]},"signature_version":"v1"},{"target":{"file":"PermissionController/src/com/android/permissioncontroller/permission/utils/AdminRestrictedPermissionsUtils.java","function":"mayAdminGrantPermission"},"signature_type":"Function","deprecated":false,"id":"ASB-A-308138085-7dc34130","source":"https://android.googlesource.com/platform/packages/modules/Permission/+/cee0dab747af4563998f6225f120db4f318843f1","digest":{"function_hash":"297088448659959418058363703061105402067","length":314},"signature_version":"v1"},{"target":{"file":"PermissionController/src/com/android/permissioncontroller/permission/utils/AdminRestrictedPermissionsUtils.java"},"signature_type":"Line","deprecated":false,"id":"ASB-A-308138085-df6069ff","source":"https://android.googlesource.com/platform/packages/modules/Permission/+/cee0dab747af4563998f6225f120db4f318843f1","digest":{"threshold":0.9,"line_hashes":["5977610278533112799394108797237227875","181066152385082617581071416066582320893","97249959646184958666342524136222994825","188003068610495928035701251781502116256","176490934733286443834973719250826472996","274956509606673407988337690483181355164","93403434017906500815022071656012337428","120339883156921414678146450036402509914","307709675523178807374683846964196361020","180976825026770325236964379717407338615","182548609187235165250868451508823467315","147138771630143450657336996674882770671"]},"signature_version":"v1"}],"types":["EoP"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-308138085.json"}},{"package":{"name":"platform/packages/modules/Permission","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"14:0"},{"fixed":"14:2024-11-01"}]}],"versions":["14"],"ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/packages/modules/Permission/+/4857b928217abcbed4c24a180b6285a23174e565"],"severity":"High","spl":"2024-11-01","vanir_signatures":[{"target":{"file":"PermissionController/src/com/android/permissioncontroller/permission/utils/v31/AdminRestrictedPermissionsUtils.java"},"signature_type":"Line","deprecated":false,"id":"ASB-A-308138085-28573adb","source":"https://android.googlesource.com/platform/packages/modules/Permission/+/4857b928217abcbed4c24a180b6285a23174e565","digest":{"threshold":0.9,"line_hashes":["5977610278533112799394108797237227875","181066152385082617581071416066582320893","97249959646184958666342524136222994825","188003068610495928035701251781502116256","176490934733286443834973719250826472996","258530133400399656180304593983234643592","201346097777370587976180677698329970310","172063886974261074792075202845972416903","63187281755398356778378086911936239253","105015978386674386640843188140430786953","182548609187235165250868451508823467315","147138771630143450657336996674882770671"]},"signature_version":"v1"},{"target":{"file":"PermissionController/src/com/android/permissioncontroller/permission/utils/v31/AdminRestrictedPermissionsUtils.java","function":"mayAdminGrantPermission"},"signature_type":"Function","deprecated":false,"id":"ASB-A-308138085-307968da","source":"https://android.googlesource.com/platform/packages/modules/Permission/+/4857b928217abcbed4c24a180b6285a23174e565","digest":{"function_hash":"108895051496735661778370560613525097993","length":324},"signature_version":"v1"},{"target":{"file":"PermissionController/src/com/android/permissioncontroller/permission/service/PermissionControllerServiceImpl.java"},"signature_type":"Line","deprecated":false,"id":"ASB-A-308138085-63ad00e8","source":"https://android.googlesource.com/platform/packages/modules/Permission/+/4857b928217abcbed4c24a180b6285a23174e565","digest":{"threshold":0.9,"line_hashes":["235758072495823610032550908306959227547","126775809132709055840787600879050217565","241637759348343480256067777365735448834","280508384916547576901269567438385634686"]},"signature_version":"v1"},{"target":{"file":"PermissionController/src/com/android/permissioncontroller/permission/service/PermissionControllerServiceImpl.java","function":"onSetRuntimePermissionGrantStateByDeviceAdmin"},"signature_type":"Function","deprecated":false,"id":"ASB-A-308138085-8f123e05","source":"https://android.googlesource.com/platform/packages/modules/Permission/+/4857b928217abcbed4c24a180b6285a23174e565","digest":{"function_hash":"190184821802661765368295455242639825038","length":1710},"signature_version":"v1"}],"types":["EoP"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-308138085.json"}}],"schema_version":"1.7.5"}