{"id":"ASB-A-327645387","details":"In onCreate of ChooserActivity.java, there is a possible way to bypass factory reset protections due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-327645387","CVE-2024-40672"],"modified":"2026-05-27T15:53:17.428190120Z","published":"2024-10-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2024-10-01"},{"type":"FIX","url":"https://android.googlesource.com/platform/packages/modules/IntentResolver/+/ccd29124d0d2276a3071c0418c14dec188cd3727"}],"affected":[{"package":{"name":"platform/packages/modules/IntentResolver","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"15-next:0"},{"fixed":"15-next:2024-10-01"}]}],"versions":["15-next"],"ecosystem_specific":{"spl":"2024-10-01","severity":"High","types":["EoP"],"fixes":["https://android.googlesource.com/platform/packages/modules/IntentResolver/+/5c9c3a7462dc45907ee30516f43aff68ada3d06d"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-327645387.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12:0"},{"fixed":"12:2024-10-01"}]}],"versions":["12"],"ecosystem_specific":{"severity":"High","spl":"2024-10-01","vanir_signatures":[{"signature_version":"v1","id":"ASB-A-327645387-a8910d74","digest":{"function_hash":"63784165284231374071525424989825196510","length":5911},"target":{"function":"onCreate","file":"core/java/com/android/internal/app/ChooserActivity.java"},"signature_type":"Function","deprecated":false,"source":"https://android.googlesource.com/platform/frameworks/base/+/c1d48df29500494aee7c870be336cf69799ce2ab"},{"source":"https://android.googlesource.com/platform/frameworks/base/+/c1d48df29500494aee7c870be336cf69799ce2ab","id":"ASB-A-327645387-afdc431d","signature_version":"v1","target":{"file":"core/java/com/android/internal/app/ChooserActivity.java"},"signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["84297325305596949799677948010160540657","318593880321436796255787646289661787109","170078892775301708348239024600099327547","136723238124976027131566521391507206307"]},"deprecated":false}],"types":["EoP"],"fixes":["https://android.googlesource.com/platform/frameworks/base/+/c1d48df29500494aee7c870be336cf69799ce2ab"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-327645387.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12L:0"},{"fixed":"12L:2024-10-01"}]}],"versions":["12L"],"ecosystem_specific":{"spl":"2024-10-01","severity":"High","vanir_signatures":[{"signature_version":"v1","id":"ASB-A-327645387-8270b501","digest":{"function_hash":"63784165284231374071525424989825196510","length":5911},"target":{"function":"onCreate","file":"core/java/com/android/internal/app/ChooserActivity.java"},"signature_type":"Function","deprecated":false,"source":"https://android.googlesource.com/platform/frameworks/base/+/c1d48df29500494aee7c870be336cf69799ce2ab"},{"digest":{"threshold":0.9,"line_hashes":["84297325305596949799677948010160540657","318593880321436796255787646289661787109","170078892775301708348239024600099327547","136723238124976027131566521391507206307"]},"id":"ASB-A-327645387-c91e9ef5","deprecated":false,"target":{"file":"core/java/com/android/internal/app/ChooserActivity.java"},"signature_type":"Line","source":"https://android.googlesource.com/platform/frameworks/base/+/c1d48df29500494aee7c870be336cf69799ce2ab","signature_version":"v1"}],"types":["EoP"],"fixes":["https://android.googlesource.com/platform/frameworks/base/+/c1d48df29500494aee7c870be336cf69799ce2ab"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-327645387.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"13:0"},{"fixed":"13:2024-10-01"}]}],"versions":["13"],"ecosystem_specific":{"spl":"2024-10-01","severity":"High","vanir_signatures":[{"signature_version":"v1","id":"ASB-A-327645387-6b5f3436","digest":{"function_hash":"63784165284231374071525424989825196510","length":5911},"target":{"function":"onCreate","file":"core/java/com/android/internal/app/ChooserActivity.java"},"signature_type":"Function","deprecated":false,"source":"https://android.googlesource.com/platform/frameworks/base/+/c1d48df29500494aee7c870be336cf69799ce2ab"},{"digest":{"threshold":0.9,"line_hashes":["84297325305596949799677948010160540657","318593880321436796255787646289661787109","170078892775301708348239024600099327547","136723238124976027131566521391507206307"]},"id":"ASB-A-327645387-bcba5047","deprecated":false,"target":{"file":"core/java/com/android/internal/app/ChooserActivity.java"},"signature_type":"Line","source":"https://android.googlesource.com/platform/frameworks/base/+/c1d48df29500494aee7c870be336cf69799ce2ab","signature_version":"v1"}],"types":["EoP"],"fixes":["https://android.googlesource.com/platform/frameworks/base/+/c1d48df29500494aee7c870be336cf69799ce2ab"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-327645387.json"}},{"package":{"name":"platform/packages/modules/IntentResolver","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"14:0"},{"fixed":"14:2024-10-01"}]}],"versions":["14"],"ecosystem_specific":{"spl":"2024-10-01","severity":"High","vanir_signatures":[{"signature_version":"v1","id":"ASB-A-327645387-36540b7a","digest":{"threshold":0.9,"line_hashes":["324820715498239626715682428195584648648","317154587703516535654723700091612711469","110750140557317040413527749644739727538","151691470971680177407468550681514384386","264446681702084100092060472357671912025","145271376068213520057596363127990564696","21900793622007668300475982509784819962","172126988629367529953123465038374872397"]},"target":{"file":"java/src/com/android/intentresolver/ChooserActivity.java"},"signature_type":"Line","deprecated":false,"source":"https://android.googlesource.com/platform/packages/modules/IntentResolver/+/94d1e1e4e9539437ec0549b7bf22999054b92f1f"},{"digest":{"function_hash":"336189774948807934980544245030907515023","length":2888},"id":"ASB-A-327645387-685a2c22","deprecated":false,"target":{"function":"onCreate","file":"java/src/com/android/intentresolver/ChooserActivity.java"},"signature_type":"Function","source":"https://android.googlesource.com/platform/packages/modules/IntentResolver/+/94d1e1e4e9539437ec0549b7bf22999054b92f1f","signature_version":"v1"}],"types":["EoP"],"fixes":["https://android.googlesource.com/platform/packages/modules/IntentResolver/+/94d1e1e4e9539437ec0549b7bf22999054b92f1f"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-327645387.json"}}],"schema_version":"1.7.5"}