{"id":"ASB-A-318683640","details":"In setForceHideNonSystemOverlayWindowIfNeeded of WindowState.java, there is a possible way for message content to be visible on the screensaver while lock screen visibility settings are restricted by the user due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-318683640","CVE-2024-34741"],"modified":"2026-05-25T16:46:24.913870386Z","published":"2024-08-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2024-08-01"},{"type":"FIX","url":"https://android.googlesource.com/platform/frameworks/base/+/abfaf702ef833dc4d374492d45c615c6e6de7f01"}],"affected":[{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"14-next:0"},{"fixed":"14-next:2024-08-01"}]}],"versions":["14-next"],"ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/c37bc9147086f497ac7b1595083836014f524d5f"],"types":["EoP"],"spl":"2024-08-01","severity":"High","vanir_signatures":[{"deprecated":false,"id":"ASB-A-318683640-3af25465","digest":{"function_hash":"33535692624345647058553414990851841036","length":481},"signature_version":"v1","target":{"function":"setForceHideNonSystemOverlayWindowIfNeeded","file":"services/core/java/com/android/server/wm/WindowState.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/c37bc9147086f497ac7b1595083836014f524d5f","signature_type":"Function"},{"deprecated":false,"id":"ASB-A-318683640-6cfca88c","digest":{"threshold":0.9,"line_hashes":["96710653856505510310639285268304304599","114150964921545335069853003710598487929","242653503504830908522467223816673413331","216236270590369504877657653743272043732","235009063878773953305101238394174009391","45748856088546638997270855150878886267","259737364452735097326233047373753140657","264343516757559416919468476769995182526","145575060683468577973982917984868881036"]},"signature_version":"v1","source":"https://android.googlesource.com/platform/frameworks/base/+/c37bc9147086f497ac7b1595083836014f524d5f","signature_type":"Line","target":{"file":"services/core/java/com/android/server/wm/WindowState.java"}}]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-318683640.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12:0"},{"fixed":"12:2024-08-01"}]}],"versions":["12"],"ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/89bc634cb534b8e0ffd798ac9f9f89ac1be0f785"],"types":["EoP"],"spl":"2024-08-01","severity":"High","vanir_signatures":[{"deprecated":false,"id":"ASB-A-318683640-4a0d47ed","digest":{"function_hash":"33535692624345647058553414990851841036","length":481},"signature_version":"v1","source":"https://android.googlesource.com/platform/frameworks/base/+/89bc634cb534b8e0ffd798ac9f9f89ac1be0f785","signature_type":"Function","target":{"function":"setForceHideNonSystemOverlayWindowIfNeeded","file":"services/core/java/com/android/server/wm/WindowState.java"}},{"deprecated":false,"id":"ASB-A-318683640-a28d7d88","digest":{"threshold":0.9,"line_hashes":["96710653856505510310639285268304304599","114150964921545335069853003710598487929","242653503504830908522467223816673413331","216236270590369504877657653743272043732","235009063878773953305101238394174009391","45748856088546638997270855150878886267","259737364452735097326233047373753140657","264343516757559416919468476769995182526","145575060683468577973982917984868881036"]},"signature_version":"v1","target":{"file":"services/core/java/com/android/server/wm/WindowState.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/89bc634cb534b8e0ffd798ac9f9f89ac1be0f785","signature_type":"Line"}]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-318683640.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12L:0"},{"fixed":"12L:2024-08-01"}]}],"versions":["12L"],"ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/5a2a9f4991d0c4d28d06e4a9ee73d55f22c14fec"],"types":["EoP"],"spl":"2024-08-01","severity":"High","vanir_signatures":[{"deprecated":false,"id":"ASB-A-318683640-18d37625","digest":{"threshold":0.9,"line_hashes":["96710653856505510310639285268304304599","114150964921545335069853003710598487929","242653503504830908522467223816673413331","216236270590369504877657653743272043732","235009063878773953305101238394174009391","45748856088546638997270855150878886267","259737364452735097326233047373753140657","264343516757559416919468476769995182526","145575060683468577973982917984868881036"]},"signature_version":"v1","target":{"file":"services/core/java/com/android/server/wm/WindowState.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/5a2a9f4991d0c4d28d06e4a9ee73d55f22c14fec","signature_type":"Line"},{"deprecated":false,"id":"ASB-A-318683640-3f25472e","digest":{"function_hash":"33535692624345647058553414990851841036","length":481},"signature_version":"v1","target":{"function":"setForceHideNonSystemOverlayWindowIfNeeded","file":"services/core/java/com/android/server/wm/WindowState.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/5a2a9f4991d0c4d28d06e4a9ee73d55f22c14fec","signature_type":"Function"}]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-318683640.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"13:0"},{"fixed":"13:2024-08-01"}]}],"versions":["13"],"ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/a9a7079b095abc07374cf287b5689a99ce250f47"],"types":["EoP"],"spl":"2024-08-01","severity":"High","vanir_signatures":[{"deprecated":false,"id":"ASB-A-318683640-f5c578b0","digest":{"threshold":0.9,"line_hashes":["96710653856505510310639285268304304599","114150964921545335069853003710598487929","242653503504830908522467223816673413331","216236270590369504877657653743272043732","235009063878773953305101238394174009391","45748856088546638997270855150878886267","259737364452735097326233047373753140657","264343516757559416919468476769995182526","145575060683468577973982917984868881036"]},"signature_version":"v1","source":"https://android.googlesource.com/platform/frameworks/base/+/a9a7079b095abc07374cf287b5689a99ce250f47","signature_type":"Line","target":{"file":"services/core/java/com/android/server/wm/WindowState.java"}},{"deprecated":false,"id":"ASB-A-318683640-f629b8cc","digest":{"function_hash":"33535692624345647058553414990851841036","length":481},"signature_version":"v1","target":{"function":"setForceHideNonSystemOverlayWindowIfNeeded","file":"services/core/java/com/android/server/wm/WindowState.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/a9a7079b095abc07374cf287b5689a99ce250f47","signature_type":"Function"}]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-318683640.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"14:0"},{"fixed":"14:2024-08-01"}]}],"versions":["14"],"ecosystem_specific":{"types":["EoP"],"fixes":["https://android.googlesource.com/platform/frameworks/base/+/55d02153259003b7552e7eef70b9e4f3f0dcd45c"],"spl":"2024-08-01","severity":"High","vanir_signatures":[{"deprecated":false,"id":"ASB-A-318683640-39b23323","digest":{"threshold":0.9,"line_hashes":["96710653856505510310639285268304304599","114150964921545335069853003710598487929","242653503504830908522467223816673413331","216236270590369504877657653743272043732","235009063878773953305101238394174009391","45748856088546638997270855150878886267","259737364452735097326233047373753140657","264343516757559416919468476769995182526","145575060683468577973982917984868881036"]},"signature_version":"v1","signature_type":"Line","target":{"file":"services/core/java/com/android/server/wm/WindowState.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/55d02153259003b7552e7eef70b9e4f3f0dcd45c"},{"deprecated":false,"id":"ASB-A-318683640-4cca4b2c","digest":{"function_hash":"33535692624345647058553414990851841036","length":481},"signature_version":"v1","target":{"function":"setForceHideNonSystemOverlayWindowIfNeeded","file":"services/core/java/com/android/server/wm/WindowState.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/55d02153259003b7552e7eef70b9e4f3f0dcd45c","signature_type":"Function"}]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-318683640.json"}}],"schema_version":"1.7.5"}