{"id":"ASB-A-313428840","details":"In CompanionDeviceManagerService.java, there is a possible way to pair a companion device without user acceptance due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-313428840","CVE-2024-31318"],"modified":"2026-04-03T15:37:31.002635Z","published":"2024-06-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2024-06-01"},{"type":"FIX","url":"https://android.googlesource.com/platform/frameworks/base/+/b68b257d56a8600d53b4d2d06fb82aa44086a4a5"}],"affected":[{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"14-next:0"},{"fixed":"14-next:2024-06-01"}]}],"versions":["14-next"],"ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/1f31bb181fc56f3deab5ce0d199220404991c438"],"severity":"High","spl":"2024-06-01","types":["EoP"],"vanir_signatures":[{"signature_version":"v1","target":{"function":"onShellCommand","file":"services/companion/java/com/android/server/companion/CompanionDeviceManagerService.java"},"deprecated":false,"id":"ASB-A-313428840-8fae5daa","source":"https://android.googlesource.com/platform/frameworks/base/+/1f31bb181fc56f3deab5ce0d199220404991c438","digest":{"function_hash":"102204838511393825562015089429236352000","length":379},"signature_type":"Function"},{"signature_version":"v1","target":{"file":"services/companion/java/com/android/server/companion/CompanionDeviceManagerService.java"},"deprecated":false,"id":"ASB-A-313428840-f8389a01","source":"https://android.googlesource.com/platform/frameworks/base/+/1f31bb181fc56f3deab5ce0d199220404991c438","digest":{"line_hashes":["188594284336700554854397148804721010541","145320688309268345662152260291470725413","7431628385945509680077112363191503693","100714508666420622330621387876412571307","191964982586776928958714552677092622024","95171455182987912448171911664558991177","47304871896001922448253629926867884951","96175693692410008216253105950369440776","190808728275320663413579279295464299389","35098791035505035869716637782121295573","205674531604651006279888049728957429478","259825123994287145354548690475839784389","303513712870750449856777415963882022463","110065593151944494037361116776898686475","309970897985635709644794294013147668243","160630655781335695108291450589529055142"],"threshold":0.9},"signature_type":"Line"}]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-313428840.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12:0"},{"fixed":"12:2024-06-01"}]}],"versions":["12"],"ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/8d008c61451dba86aa9f14c6bcd661db2cea4856"],"severity":"High","spl":"2024-06-01","types":["EoP"],"vanir_signatures":[{"signature_version":"v1","target":{"file":"services/companion/java/com/android/server/companion/CompanionDeviceManagerService.java"},"deprecated":false,"id":"ASB-A-313428840-a1e7ca6e","source":"https://android.googlesource.com/platform/frameworks/base/+/8d008c61451dba86aa9f14c6bcd661db2cea4856","digest":{"line_hashes":["198417102019566965033004324174900915000","106731530058025131814064552595365079508","259854388630901689928062483535759239212","177116941139200848688262351973357514853","250278039044071273978507250667799992651","178672541915472496330539980743169647956","7431628385945509680077112363191503693","246953437866070915788126880217937169120","293772405389057592984504696320407616179","148240534737526401940279042131038406955","110494622924150882873229481353539473841","96175693692410008216253105950369440776","190808728275320663413579279295464299389","273728074536137173621308549930505367168","184498651880435337515698787098679684847","122856698942481140566106757287080089266","277499077012557027664116691943745193601"],"threshold":0.9},"signature_type":"Line"},{"signature_version":"v1","target":{"function":"onShellCommand","file":"services/companion/java/com/android/server/companion/CompanionDeviceManagerService.java"},"deprecated":false,"id":"ASB-A-313428840-f3953abf","source":"https://android.googlesource.com/platform/frameworks/base/+/8d008c61451dba86aa9f14c6bcd661db2cea4856","digest":{"function_hash":"155144965027971143031095477841855440924","length":214},"signature_type":"Function"}]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-313428840.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12L:0"},{"fixed":"12L:2024-06-01"}]}],"versions":["12L"],"ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/eb68b0d423afb55159b1c02b0897f597c0905916"],"severity":"High","spl":"2024-06-01","types":["EoP"],"vanir_signatures":[{"signature_version":"v1","target":{"function":"onShellCommand","file":"services/companion/java/com/android/server/companion/CompanionDeviceManagerService.java"},"deprecated":false,"id":"ASB-A-313428840-6593c2bd","source":"https://android.googlesource.com/platform/frameworks/base/+/eb68b0d423afb55159b1c02b0897f597c0905916","digest":{"function_hash":"155144965027971143031095477841855440924","length":214},"signature_type":"Function"},{"signature_version":"v1","target":{"file":"services/companion/java/com/android/server/companion/CompanionDeviceManagerService.java"},"deprecated":false,"id":"ASB-A-313428840-ce5e4705","source":"https://android.googlesource.com/platform/frameworks/base/+/eb68b0d423afb55159b1c02b0897f597c0905916","digest":{"line_hashes":["198417102019566965033004324174900915000","106731530058025131814064552595365079508","259854388630901689928062483535759239212","177116941139200848688262351973357514853","250278039044071273978507250667799992651","178672541915472496330539980743169647956","7431628385945509680077112363191503693","246953437866070915788126880217937169120","293772405389057592984504696320407616179","148240534737526401940279042131038406955","110494622924150882873229481353539473841","96175693692410008216253105950369440776","190808728275320663413579279295464299389","273728074536137173621308549930505367168","184498651880435337515698787098679684847","122856698942481140566106757287080089266","277499077012557027664116691943745193601"],"threshold":0.9},"signature_type":"Line"}]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-313428840.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"13:0"},{"fixed":"13:2024-06-01"}]}],"versions":["13"],"ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/1ae3b43c248cdf5ee63311f06acd0ee19d93f0cd"],"severity":"High","spl":"2024-06-01","types":["EoP"],"vanir_signatures":[{"signature_version":"v1","target":{"function":"onShellCommand","file":"services/companion/java/com/android/server/companion/CompanionDeviceManagerService.java"},"deprecated":false,"id":"ASB-A-313428840-1d48c105","source":"https://android.googlesource.com/platform/frameworks/base/+/1ae3b43c248cdf5ee63311f06acd0ee19d93f0cd","digest":{"function_hash":"213505421070328446555639739870397291866","length":364},"signature_type":"Function"},{"signature_version":"v1","target":{"file":"services/companion/java/com/android/server/companion/CompanionDeviceManagerService.java"},"deprecated":false,"id":"ASB-A-313428840-a4a7a2fb","source":"https://android.googlesource.com/platform/frameworks/base/+/1ae3b43c248cdf5ee63311f06acd0ee19d93f0cd","digest":{"line_hashes":["224823870887417987122034460775929210660","46025526446874290439700405031423217070","133182271192193300113214878455391897200","67104893964950896427422683247559532800","188594284336700554854397148804721010541","145320688309268345662152260291470725413","7431628385945509680077112363191503693","100714508666420622330621387876412571307","191964982586776928958714552677092622024","95171455182987912448171911664558991177","47304871896001922448253629926867884951","96175693692410008216253105950369440776","190808728275320663413579279295464299389","80404283468252972241490381301765285172","327466180200887364537581424535003343113","264105563878247808248529109610066493092","113813386604831852471690434044119960007","330536976961184503700755228623585881764","73931761952328427351917291064524100114","157426751914106267864970440405581315537","110632165724422251277447466530839143976","121866084840164263896269922453974290945"],"threshold":0.9},"signature_type":"Line"}]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-313428840.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"14:0"},{"fixed":"14:2024-06-01"}]}],"versions":["14"],"ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/54c968aaa66e9364bc0380c9a57af5c6844759aa"],"severity":"High","spl":"2024-06-01","types":["EoP"],"vanir_signatures":[{"signature_version":"v1","target":{"file":"services/companion/java/com/android/server/companion/CompanionDeviceManagerService.java"},"deprecated":false,"id":"ASB-A-313428840-b7b6be60","source":"https://android.googlesource.com/platform/frameworks/base/+/54c968aaa66e9364bc0380c9a57af5c6844759aa","digest":{"line_hashes":["188594284336700554854397148804721010541","145320688309268345662152260291470725413","7431628385945509680077112363191503693","100714508666420622330621387876412571307","191964982586776928958714552677092622024","95171455182987912448171911664558991177","47304871896001922448253629926867884951","96175693692410008216253105950369440776","190808728275320663413579279295464299389","35098791035505035869716637782121295573","28635933736701976854884262025547592214","102117236988273943933989309643162366509","162584322155829619721750585531513676310","117336191363162470512981144321104059964","309970897985635709644794294013147668243","160630655781335695108291450589529055142"],"threshold":0.9},"signature_type":"Line"},{"signature_version":"v1","target":{"function":"onShellCommand","file":"services/companion/java/com/android/server/companion/CompanionDeviceManagerService.java"},"deprecated":false,"id":"ASB-A-313428840-d256bd2c","source":"https://android.googlesource.com/platform/frameworks/base/+/54c968aaa66e9364bc0380c9a57af5c6844759aa","digest":{"function_hash":"336279034343393733676619928393466321382","length":382},"signature_type":"Function"}]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-313428840.json"}}],"schema_version":"1.7.5"}