{"id":"ASB-A-311687929","details":"In writeUserLP of UserManagerService.java, device policies are serialized with an incorrect tag due to a logic error in the code. This could lead to local denial of service when policies are deserialized on reboot with no additional execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-311687929","CVE-2024-0047"],"modified":"2026-04-24T15:37:38.793646Z","published":"2024-03-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2024-03-01"},{"type":"FIX","url":"https://android.googlesource.com/platform/frameworks/base/+/3cd8a2c783fc736627b38f639fe4e239abcf6af1"},{"type":"FIX","url":"https://android.googlesource.com/platform/frameworks/base/+/bd5cc7f03256b328438b9bc3791c6b811a2f1f17"},{"type":"FIX","url":"https://android.googlesource.com/platform/frameworks/base/+/f516739398746fef7e0cf1437d9a40e2ad3c10bb"}],"affected":[{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"14-next:0"},{"fixed":"14-next:2024-03-01"}]}],"versions":["14-next"],"ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/24202a9b15c17739f211ede23d2afbd3be59365b","https://android.googlesource.com/platform/frameworks/base/+/739281096aba494151f8c953f2d63ec9fd4c7e87","https://android.googlesource.com/platform/frameworks/base/+/5394ddbee5dd88a35e2a9a8508dc260395895ac1"],"severity":"High","vanir_signatures":[{"target":{"file":"services/core/java/com/android/server/pm/UserManagerService.java"},"digest":{"threshold":0.9,"line_hashes":["65211060261828833982426088633530397028","238894602674934805619115338734031989307","29574861180385915176436656229143718979","80620420539153281467642149250382596135","194584805148112031443557872127571747219","168105433164273375437248142075042882012","45524459603460074279939142182127796987","264512530940727082166956193672107479699","327537069119556785895055391458434478396","221120199256616433925151684985585868739","293333844477775633444087229211061498875"]},"signature_type":"Line","deprecated":false,"signature_version":"v1","id":"ASB-A-311687929-0e2d5514","source":"https://android.googlesource.com/platform/frameworks/base/+/24202a9b15c17739f211ede23d2afbd3be59365b"},{"target":{"file":"services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyEngine.java"},"digest":{"threshold":0.9,"line_hashes":["235102504959757521096952681277335866608","336760266520649835342789760058996085469","82470238230925790419606155822968792438","89359336859412881606241483548958850083","164863303718138063880858923984581631331","6081852501114552576838151671877715185","251844991781972327567458885519887217512","190441250569056815069142804069736381202","37143557803921786274096379219831080556","146042621193807863179285093032325274459","216031854196377854925093077638599842473","49292425578082718822975136603907708669","138291294384737863164037881556251427491","199495451461933085453596952308156317390","166612743582357483126522827074581201704","89101320797881662871061284214596871097","151863400372015416106266812704720651468","226066932435087505899090168557240079118","270169537616256338371475948843134465494","159877161427683609565989270421414472172","28574739297644802325031973665129311160","118982179735971229890826333694905184658"]},"signature_type":"Line","deprecated":false,"signature_version":"v1","id":"ASB-A-311687929-1a3e07e7","source":"https://android.googlesource.com/platform/frameworks/base/+/5394ddbee5dd88a35e2a9a8508dc260395895ac1"},{"target":{"file":"services/core/java/com/android/server/pm/UserManagerService.java","function":"readUserLP"},"digest":{"function_hash":"283613867898690513397758936246684014030","length":5200},"signature_type":"Function","deprecated":false,"signature_version":"v1","id":"ASB-A-311687929-57972569","source":"https://android.googlesource.com/platform/frameworks/base/+/739281096aba494151f8c953f2d63ec9fd4c7e87"},{"target":{"file":"services/core/java/com/android/server/pm/UserManagerService.java"},"digest":{"threshold":0.9,"line_hashes":["106396370369905837383895976081020023534","219355971740771445643251271690300946156","158612721900111371941643864959414449485","68412815873952271161609618833314641602","30044413331846810467463388122509163083","238167620621597300959673397537343932275","323107737279979551362930456990170127619","225304577693045770402230206841406786111","143806220849659630328226663187453244804","319037224060465236927722596033162889110","303698084486245297981947860362631988775","329263212149775338373221545074744492329","279025990544969428391408486671334548568","295973225337534630572795692243236418593","83971349660250164938715935868696487184","308572593811597954536140124558407428924","21899589726048629351848651622467777886","127713346647392087720218700847749300801","211767298997545656292926886431909335778","168301571648229572140302374126598605759","480448098223708534916180416168454999","111710742409733671282030554442341297007","108927271266268172692702082469178003232","319540614483045843519909444441601946144","213624254060315534054570667944504493902","118153859518566344185141745559861193090"]},"signature_type":"Line","deprecated":false,"signature_version":"v1","id":"ASB-A-311687929-7649af1b","source":"https://android.googlesource.com/platform/frameworks/base/+/739281096aba494151f8c953f2d63ec9fd4c7e87"},{"target":{"file":"services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyEngine.java","function":"setGlobalPolicy"},"digest":{"function_hash":"215100365954108758035257023445290055101","length":1124},"signature_type":"Function","deprecated":false,"signature_version":"v1","id":"ASB-A-311687929-a7c1558a","source":"https://android.googlesource.com/platform/frameworks/base/+/5394ddbee5dd88a35e2a9a8508dc260395895ac1"},{"target":{"file":"services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyEngine.java","function":"removeGlobalPolicy"},"digest":{"function_hash":"91214321479560848432219854224299468213","length":496},"signature_type":"Function","deprecated":false,"signature_version":"v1","id":"ASB-A-311687929-b04c1652","source":"https://android.googlesource.com/platform/frameworks/base/+/5394ddbee5dd88a35e2a9a8508dc260395895ac1"},{"target":{"file":"services/core/java/com/android/server/pm/UserManagerService.java","function":"readUserListLP"},"digest":{"function_hash":"34704467215268911615335933078684820801","length":2028},"signature_type":"Function","deprecated":false,"signature_version":"v1","id":"ASB-A-311687929-b855e28d","source":"https://android.googlesource.com/platform/frameworks/base/+/739281096aba494151f8c953f2d63ec9fd4c7e87"},{"target":{"file":"services/core/java/com/android/server/pm/UserManagerService.java","function":"readUserLP"},"digest":{"function_hash":"158918564004045502273684293620511102669","length":482},"signature_type":"Function","deprecated":false,"signature_version":"v1","id":"ASB-A-311687929-c19d2bd4","source":"https://android.googlesource.com/platform/frameworks/base/+/739281096aba494151f8c953f2d63ec9fd4c7e87"},{"target":{"file":"services/core/java/com/android/server/pm/UserManagerService.java","function":"writeUserLP"},"digest":{"function_hash":"144548358230426864873260022106430419425","length":3635},"signature_type":"Function","deprecated":false,"signature_version":"v1","id":"ASB-A-311687929-c6e724b3","source":"https://android.googlesource.com/platform/frameworks/base/+/24202a9b15c17739f211ede23d2afbd3be59365b"},{"target":{"file":"services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyEngine.java","function":"setLocalPolicy"},"digest":{"function_hash":"338201434678511786817700291787499627550","length":1154},"signature_type":"Function","deprecated":false,"signature_version":"v1","id":"ASB-A-311687929-c753e8e8","source":"https://android.googlesource.com/platform/frameworks/base/+/5394ddbee5dd88a35e2a9a8508dc260395895ac1"},{"target":{"file":"services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyEngine.java","function":"removeLocalPolicy"},"digest":{"function_hash":"122209268350348402820808765777810549135","length":798},"signature_type":"Function","deprecated":false,"signature_version":"v1","id":"ASB-A-311687929-cc456709","source":"https://android.googlesource.com/platform/frameworks/base/+/5394ddbee5dd88a35e2a9a8508dc260395895ac1"}],"spl":"2024-03-01","types":["DoS"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-311687929.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"14:0"},{"fixed":"14:2024-03-01"}]}],"versions":["14"],"ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/c747c3fd1a0111eb699b950e645080470f0cead8","https://android.googlesource.com/platform/frameworks/base/+/f0d456b03b40c1ef5da728e365fecb70ee835fb8","https://android.googlesource.com/platform/frameworks/base/+/5394ddbee5dd88a35e2a9a8508dc260395895ac1"],"severity":"High","vanir_signatures":[{"target":{"file":"services/core/java/com/android/server/pm/UserManagerService.java","function":"writeUserLP"},"digest":{"function_hash":"164913767687320501995212370440097774852","length":3674},"signature_type":"Function","deprecated":false,"signature_version":"v1","id":"ASB-A-311687929-138c6306","source":"https://android.googlesource.com/platform/frameworks/base/+/c747c3fd1a0111eb699b950e645080470f0cead8"},{"target":{"file":"services/core/java/com/android/server/pm/UserManagerService.java"},"digest":{"threshold":0.9,"line_hashes":["106396370369905837383895976081020023534","219355971740771445643251271690300946156","158612721900111371941643864959414449485","68412815873952271161609618833314641602","30044413331846810467463388122509163083","238167620621597300959673397537343932275","323107737279979551362930456990170127619","225304577693045770402230206841406786111","143806220849659630328226663187453244804","319037224060465236927722596033162889110","303698084486245297981947860362631988775","329263212149775338373221545074744492329","279025990544969428391408486671334548568","295973225337534630572795692243236418593","83971349660250164938715935868696487184","308572593811597954536140124558407428924","21899589726048629351848651622467777886","127713346647392087720218700847749300801","211767298997545656292926886431909335778","168301571648229572140302374126598605759","480448098223708534916180416168454999","111710742409733671282030554442341297007","108927271266268172692702082469178003232","319540614483045843519909444441601946144","213624254060315534054570667944504493902","118153859518566344185141745559861193090"]},"signature_type":"Line","deprecated":false,"signature_version":"v1","id":"ASB-A-311687929-1d4e7ef4","source":"https://android.googlesource.com/platform/frameworks/base/+/f0d456b03b40c1ef5da728e365fecb70ee835fb8"},{"target":{"file":"services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyEngine.java","function":"removeLocalPolicy"},"digest":{"function_hash":"122209268350348402820808765777810549135","length":798},"signature_type":"Function","deprecated":false,"signature_version":"v1","id":"ASB-A-311687929-331c15ed","source":"https://android.googlesource.com/platform/frameworks/base/+/5394ddbee5dd88a35e2a9a8508dc260395895ac1"},{"target":{"file":"services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyEngine.java","function":"setGlobalPolicy"},"digest":{"function_hash":"215100365954108758035257023445290055101","length":1124},"signature_type":"Function","deprecated":false,"signature_version":"v1","id":"ASB-A-311687929-6126dfcb","source":"https://android.googlesource.com/platform/frameworks/base/+/5394ddbee5dd88a35e2a9a8508dc260395895ac1"},{"target":{"file":"services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyEngine.java"},"digest":{"threshold":0.9,"line_hashes":["235102504959757521096952681277335866608","336760266520649835342789760058996085469","82470238230925790419606155822968792438","89359336859412881606241483548958850083","164863303718138063880858923984581631331","6081852501114552576838151671877715185","251844991781972327567458885519887217512","190441250569056815069142804069736381202","37143557803921786274096379219831080556","146042621193807863179285093032325274459","216031854196377854925093077638599842473","49292425578082718822975136603907708669","138291294384737863164037881556251427491","199495451461933085453596952308156317390","166612743582357483126522827074581201704","89101320797881662871061284214596871097","151863400372015416106266812704720651468","226066932435087505899090168557240079118","270169537616256338371475948843134465494","159877161427683609565989270421414472172","28574739297644802325031973665129311160","118982179735971229890826333694905184658"]},"signature_type":"Line","deprecated":false,"signature_version":"v1","id":"ASB-A-311687929-76849992","source":"https://android.googlesource.com/platform/frameworks/base/+/5394ddbee5dd88a35e2a9a8508dc260395895ac1"},{"target":{"file":"services/core/java/com/android/server/pm/UserManagerService.java","function":"readUserListLP"},"digest":{"function_hash":"34704467215268911615335933078684820801","length":2028},"signature_type":"Function","deprecated":false,"signature_version":"v1","id":"ASB-A-311687929-9c4237e0","source":"https://android.googlesource.com/platform/frameworks/base/+/f0d456b03b40c1ef5da728e365fecb70ee835fb8"},{"target":{"file":"services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyEngine.java","function":"setLocalPolicy"},"digest":{"function_hash":"338201434678511786817700291787499627550","length":1154},"signature_type":"Function","deprecated":false,"signature_version":"v1","id":"ASB-A-311687929-b4562b84","source":"https://android.googlesource.com/platform/frameworks/base/+/5394ddbee5dd88a35e2a9a8508dc260395895ac1"},{"target":{"file":"services/core/java/com/android/server/pm/UserManagerService.java"},"digest":{"threshold":0.9,"line_hashes":["65211060261828833982426088633530397028","238894602674934805619115338734031989307","29574861180385915176436656229143718979","80620420539153281467642149250382596135","194584805148112031443557872127571747219","168105433164273375437248142075042882012","45524459603460074279939142182127796987","264512530940727082166956193672107479699","327537069119556785895055391458434478396","221120199256616433925151684985585868739","293333844477775633444087229211061498875"]},"signature_type":"Line","deprecated":false,"signature_version":"v1","id":"ASB-A-311687929-b777b171","source":"https://android.googlesource.com/platform/frameworks/base/+/c747c3fd1a0111eb699b950e645080470f0cead8"},{"target":{"file":"services/core/java/com/android/server/pm/UserManagerService.java","function":"readUserLP"},"digest":{"function_hash":"158918564004045502273684293620511102669","length":482},"signature_type":"Function","deprecated":false,"signature_version":"v1","id":"ASB-A-311687929-e9d49703","source":"https://android.googlesource.com/platform/frameworks/base/+/f0d456b03b40c1ef5da728e365fecb70ee835fb8"},{"target":{"file":"services/core/java/com/android/server/pm/UserManagerService.java","function":"readUserLP"},"digest":{"function_hash":"283613867898690513397758936246684014030","length":5200},"signature_type":"Function","deprecated":false,"signature_version":"v1","id":"ASB-A-311687929-eb3bafa0","source":"https://android.googlesource.com/platform/frameworks/base/+/f0d456b03b40c1ef5da728e365fecb70ee835fb8"},{"target":{"file":"services/devicepolicy/java/com/android/server/devicepolicy/DevicePolicyEngine.java","function":"removeGlobalPolicy"},"digest":{"function_hash":"91214321479560848432219854224299468213","length":496},"signature_type":"Function","deprecated":false,"signature_version":"v1","id":"ASB-A-311687929-ecb04bff","source":"https://android.googlesource.com/platform/frameworks/base/+/5394ddbee5dd88a35e2a9a8508dc260395895ac1"}],"spl":"2024-03-01","types":["DoS"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-311687929.json"}}],"schema_version":"1.7.5"}