{"id":"ASB-A-311374917","details":"In assertPackageWithSharedUserIdIsPrivileged of InstallPackageHelper.java, there is a possible execution of arbitrary app code as a privileged app due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-311374917","CVE-2024-23710"],"modified":"2026-05-26T15:46:26.044149249Z","published":"2024-04-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2024-04-01"},{"type":"FIX","url":"https://android.googlesource.com/platform/frameworks/base/+/c7c1193ca7554fc3182ca9ab0f711bd118bdeef2"}],"affected":[{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"14-next:0"},{"fixed":"14-next:2024-04-01"}]}],"versions":["14-next"],"ecosystem_specific":{"vanir_signatures":[{"signature_type":"Function","digest":{"length":826,"function_hash":"12505857345462554148293220598473537586"},"source":"https://android.googlesource.com/platform/frameworks/base/+/3ee5dfdcba047051ce81dca0696d6ddfeafe2d98","id":"ASB-A-311374917-4baa5877","target":{"function":"assertPackageWithSharedUserIdIsPrivileged","file":"services/core/java/com/android/server/pm/InstallPackageHelper.java"},"deprecated":false,"signature_version":"v1"},{"signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["142272491796128858570440272336916841188","279513179055953760729743009432046388456","305308426858841051546586543972104519175","12567486933665733474173183015902248950","220165907536449690886217814456094827069","337285818131042692911390527263006087866","295521679009619897283679069777166742903","103793691344167099316723857210348471246"]},"source":"https://android.googlesource.com/platform/frameworks/base/+/3ee5dfdcba047051ce81dca0696d6ddfeafe2d98","id":"ASB-A-311374917-8f39f074","target":{"file":"services/core/java/com/android/server/pm/InstallPackageHelper.java"},"deprecated":false,"signature_version":"v1"},{"signature_type":"Function","digest":{"length":906,"function_hash":"320528743116069756233733524950064869206"},"target":{"function":"adjustScanFlags","file":"services/core/java/com/android/server/pm/InstallPackageHelper.java"},"id":"ASB-A-311374917-a813b5fd","source":"https://android.googlesource.com/platform/frameworks/base/+/3ee5dfdcba047051ce81dca0696d6ddfeafe2d98","deprecated":false,"signature_version":"v1"}],"fixes":["https://android.googlesource.com/platform/frameworks/base/+/3ee5dfdcba047051ce81dca0696d6ddfeafe2d98"],"severity":"High","types":["EoP"],"spl":"2024-04-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-311374917.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"13:0"},{"fixed":"13:2024-04-01"}]}],"versions":["13"],"ecosystem_specific":{"vanir_signatures":[{"signature_type":"Function","digest":{"length":621,"function_hash":"191194278411708660071297782892624782688"},"source":"https://android.googlesource.com/platform/frameworks/base/+/e336c7d7c9ceb49d934bbef0d27ecef344ad80ed","id":"ASB-A-311374917-b71bb36a","target":{"function":"assertPackageWithSharedUserIdIsPrivileged","file":"services/core/java/com/android/server/pm/InstallPackageHelper.java"},"deprecated":false,"signature_version":"v1"},{"signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["206097091774536576018069377390071347857","167175873591918855041008216592605271338","68082544462925368784189733918983487616","33804489427121108605448402949784032527","211358728494272279338184300418741513918","98771344621410748120718196559108324712","295521679009619897283679069777166742903","103793691344167099316723857210348471246"]},"source":"https://android.googlesource.com/platform/frameworks/base/+/e336c7d7c9ceb49d934bbef0d27ecef344ad80ed","id":"ASB-A-311374917-d5d29578","target":{"file":"services/core/java/com/android/server/pm/InstallPackageHelper.java"},"deprecated":false,"signature_version":"v1"},{"source":"https://android.googlesource.com/platform/frameworks/base/+/e336c7d7c9ceb49d934bbef0d27ecef344ad80ed","digest":{"length":878,"function_hash":"225627056482186595609933045230434181366"},"signature_version":"v1","id":"ASB-A-311374917-f6961e50","signature_type":"Function","deprecated":false,"target":{"function":"adjustScanFlags","file":"services/core/java/com/android/server/pm/InstallPackageHelper.java"}}],"spl":"2024-04-01","severity":"High","fixes":["https://android.googlesource.com/platform/frameworks/base/+/e336c7d7c9ceb49d934bbef0d27ecef344ad80ed"],"types":["EoP"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-311374917.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"14:0"},{"fixed":"14:2024-04-01"}]}],"versions":["14"],"ecosystem_specific":{"vanir_signatures":[{"target":{"file":"services/core/java/com/android/server/pm/InstallPackageHelper.java"},"digest":{"threshold":0.9,"line_hashes":["322924574891058613524656956448922189852","181571442540212871866967831090097523026","32583951445100985607277820947261262750","146839883687927195019265597101361274235","169832658915590295332260788665070731075","292745688424894433140024777062283157937","295521679009619897283679069777166742903","103793691344167099316723857210348471246"]},"source":"https://android.googlesource.com/platform/frameworks/base/+/06775341ad7d77410798f95117cbee7a1a02c201","id":"ASB-A-311374917-6690c62e","signature_version":"v1","deprecated":false,"signature_type":"Line"},{"signature_type":"Function","digest":{"length":930,"function_hash":"201643041937659271403580841685827015038"},"target":{"function":"adjustScanFlags","file":"services/core/java/com/android/server/pm/InstallPackageHelper.java"},"id":"ASB-A-311374917-f19b6edd","source":"https://android.googlesource.com/platform/frameworks/base/+/06775341ad7d77410798f95117cbee7a1a02c201","deprecated":false,"signature_version":"v1"},{"signature_type":"Function","digest":{"length":835,"function_hash":"59292523802998733930792442565073158547"},"source":"https://android.googlesource.com/platform/frameworks/base/+/06775341ad7d77410798f95117cbee7a1a02c201","id":"ASB-A-311374917-f96daaa0","target":{"function":"assertPackageWithSharedUserIdIsPrivileged","file":"services/core/java/com/android/server/pm/InstallPackageHelper.java"},"deprecated":false,"signature_version":"v1"}],"fixes":["https://android.googlesource.com/platform/frameworks/base/+/06775341ad7d77410798f95117cbee7a1a02c201"],"severity":"High","types":["EoP"],"spl":"2024-04-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-311374917.json"}}],"schema_version":"1.7.5"}