{"id":"ASB-A-328068777","details":"In multiple locations, there is a possible bypass of health data permissions due to an improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-328068777","CVE-2024-23706"],"modified":"2026-05-26T15:46:26.044149249Z","published":"2024-05-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2024-05-01"},{"type":"FIX","url":"https://android.googlesource.com/platform/packages/modules/HealthFitness/+/6e6896c3fd8139779ff8d51a99ee06667e849d87"}],"affected":[{"package":{"name":"platform/packages/modules/HealthFitness","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"14-next:0"},{"fixed":"14-next:2024-05-01"}]}],"versions":["14-next"],"ecosystem_specific":{"severity":"Critical","types":["EoP"],"vanir_signatures":[{"digest":{"function_hash":"11182637820034618401113751222754258203","length":176},"deprecated":false,"source":"https://android.googlesource.com/platform/packages/modules/HealthFitness/+/dcb9791c2ed95b06a2ab9656f10fba3a35933ac5","target":{"function":"ChangeLogTokenRequest","file":"framework/java/android/health/connect/changelog/ChangeLogTokenRequest.java"},"signature_type":"Function","signature_version":"v1","id":"ASB-A-328068777-358b6dbd"},{"digest":{"function_hash":"210789308651513261784163237306101964800","length":1685},"signature_version":"v1","source":"https://android.googlesource.com/platform/packages/modules/HealthFitness/+/dcb9791c2ed95b06a2ab9656f10fba3a35933ac5","target":{"function":"getChangeLogToken","file":"service/java/com/android/server/healthconnect/HealthConnectServiceImpl.java"},"signature_type":"Function","id":"ASB-A-328068777-755e83ba","deprecated":false},{"id":"ASB-A-328068777-d2a84df2","signature_version":"v1","source":"https://android.googlesource.com/platform/packages/modules/HealthFitness/+/dcb9791c2ed95b06a2ab9656f10fba3a35933ac5","target":{"file":"service/java/com/android/server/healthconnect/HealthConnectServiceImpl.java"},"signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["24184396780336239456519827110476549761","326091310677141883351282324384448193723","169296199027089828482117199681574946450","60912415992642674153698379516784373776","253230689317029001137224617269275472402","270232514102022061319869247121890143736","253692171878371708813287315620972659781","23293976492454174139545048729646880666","152820436504189419185227330089363240672","192804579701164721586373396846142632900","36366221292545186722522250319036558772","157353292968794510263123915821142624716"]},"deprecated":false},{"digest":{"line_hashes":["184284571166231186356303372028293059177","158277996485282816687852804984270150792","3834673447980206355777666768730623887","194253162466046725342937943237631321477","40585238822889721281949691705454247789","235783409289312975463805719829070200344","12902639167930202410359945484686747496"],"threshold":0.9},"signature_version":"v1","source":"https://android.googlesource.com/platform/packages/modules/HealthFitness/+/dcb9791c2ed95b06a2ab9656f10fba3a35933ac5","target":{"file":"framework/java/android/health/connect/changelog/ChangeLogTokenRequest.java"},"signature_type":"Line","deprecated":false,"id":"ASB-A-328068777-dd62bad8"},{"digest":{"line_hashes":["169017893411465551870686141667331661882","254973238369687517206384210713299461536","265493436211331043298307543155769753378","230235184610370260045292722396838039625","28639966036122384420486418860090170562","14787195696624463574573004180146590960","124969319363793220763356686989257765174"],"threshold":0.9},"deprecated":false,"signature_type":"Line","target":{"file":"tests/cts/utils/HealthConnectTestUtils/src/android/healthconnect/cts/utils/DataFactory.java"},"source":"https://android.googlesource.com/platform/packages/modules/HealthFitness/+/dcb9791c2ed95b06a2ab9656f10fba3a35933ac5","signature_version":"v1","id":"ASB-A-328068777-ee2b7d22"},{"digest":{"function_hash":"226261509158360689473339911837521724737","length":3195},"signature_version":"v1","signature_type":"Function","target":{"function":"getChangeLogs","file":"service/java/com/android/server/healthconnect/HealthConnectServiceImpl.java"},"source":"https://android.googlesource.com/platform/packages/modules/HealthFitness/+/dcb9791c2ed95b06a2ab9656f10fba3a35933ac5","id":"ASB-A-328068777-f972c0c3","deprecated":false}],"spl":"2024-05-01","fixes":["https://android.googlesource.com/platform/packages/modules/HealthFitness/+/dcb9791c2ed95b06a2ab9656f10fba3a35933ac5"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-328068777.json"}},{"package":{"name":"platform/packages/modules/HealthFitness","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"14:0"},{"fixed":"14:2024-05-01"}]}],"versions":["14"],"ecosystem_specific":{"severity":"Critical","types":["EoP"],"vanir_signatures":[{"digest":{"function_hash":"200292413677519874267550763316819362021","length":1640},"deprecated":false,"source":"https://android.googlesource.com/platform/packages/modules/HealthFitness/+/cd228a3e21c9c8df83bc3851736d6f4e19956e46","target":{"function":"getChangeLogToken","file":"service/java/com/android/server/healthconnect/HealthConnectServiceImpl.java"},"signature_type":"Function","signature_version":"v1","id":"ASB-A-328068777-0ec039df"},{"digest":{"threshold":0.9,"line_hashes":["28639966036122384420486418860090170562","14787195696624463574573004180146590960","124969319363793220763356686989257765174"]},"deprecated":false,"signature_type":"Line","target":{"file":"tests/cts/src/android/healthconnect/cts/TestUtils.java"},"source":"https://android.googlesource.com/platform/packages/modules/HealthFitness/+/cd228a3e21c9c8df83bc3851736d6f4e19956e46","signature_version":"v1","id":"ASB-A-328068777-417809ae"},{"digest":{"threshold":0.9,"line_hashes":["184284571166231186356303372028293059177","158277996485282816687852804984270150792","3834673447980206355777666768730623887","194253162466046725342937943237631321477","40585238822889721281949691705454247789","235783409289312975463805719829070200344","12902639167930202410359945484686747496"]},"deprecated":false,"source":"https://android.googlesource.com/platform/packages/modules/HealthFitness/+/cd228a3e21c9c8df83bc3851736d6f4e19956e46","target":{"file":"framework/java/android/health/connect/changelog/ChangeLogTokenRequest.java"},"signature_type":"Line","signature_version":"v1","id":"ASB-A-328068777-79dd6a23"},{"digest":{"function_hash":"11182637820034618401113751222754258203","length":176},"deprecated":false,"signature_type":"Function","target":{"function":"ChangeLogTokenRequest","file":"framework/java/android/health/connect/changelog/ChangeLogTokenRequest.java"},"source":"https://android.googlesource.com/platform/packages/modules/HealthFitness/+/cd228a3e21c9c8df83bc3851736d6f4e19956e46","signature_version":"v1","id":"ASB-A-328068777-8a7fb9c0"},{"digest":{"function_hash":"10078778538836670793714516941865304660","length":3125},"signature_version":"v1","signature_type":"Function","target":{"function":"getChangeLogs","file":"service/java/com/android/server/healthconnect/HealthConnectServiceImpl.java"},"source":"https://android.googlesource.com/platform/packages/modules/HealthFitness/+/cd228a3e21c9c8df83bc3851736d6f4e19956e46","id":"ASB-A-328068777-ac40d998","deprecated":false},{"digest":{"threshold":0.9,"line_hashes":["14494658264943636005532725122148944542","311715682319723511960856381299179207635","88836618091036472495080051796659547660","60912415992642674153698379516784373776","176314100490389740788039315426701052471","337595151293101171946985979025104038853","169349844471804201544675214444074849623","141976674935542803872601154376733957406","286621354561062032981567587104938068619","97602143727257462545550882966194720477","216526834470958959124533882911469572064","54993563389427816304464757331882597587"]},"deprecated":false,"signature_type":"Line","target":{"file":"service/java/com/android/server/healthconnect/HealthConnectServiceImpl.java"},"source":"https://android.googlesource.com/platform/packages/modules/HealthFitness/+/cd228a3e21c9c8df83bc3851736d6f4e19956e46","signature_version":"v1","id":"ASB-A-328068777-d2f9bdba"}],"spl":"2024-05-01","fixes":["https://android.googlesource.com/platform/packages/modules/HealthFitness/+/cd228a3e21c9c8df83bc3851736d6f4e19956e46"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-328068777.json"}}],"schema_version":"1.7.5"}