{"id":"ASB-A-329058967","details":"In handleCreateConferenceComplete of ConnectionServiceWrapper.java, there is a possible way to reveal images across users due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.","aliases":["A-329058967","CVE-2024-40656"],"modified":"2026-04-17T15:55:28.020024Z","published":"2024-09-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2024-09-01"},{"type":"FIX","url":"https://android.googlesource.com/platform/packages/services/Telecomm/+/f3e6a6c02439401eb7aeb3749ee5ec0b51a625b9"}],"affected":[{"package":{"name":"platform/packages/services/Telecomm","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"15-next:0"},{"fixed":"15-next:2024-09-01"}]}],"versions":["15-next"],"ecosystem_specific":{"types":["ID"],"spl":"2024-09-01","fixes":["https://android.googlesource.com/platform/packages/services/Telecomm/+/8c619f58c00047ab0ec687cd231bf93a08db6d55"],"severity":"High","vanir_signatures":[{"digest":{"line_hashes":["100326431459558569292119600264389787165","224460809244113809053494007357703622319","333762841701727134505390074716578964885","199218706011219857461499847670488384710","19256926819814878956514261880855948330","139717360613838074749875733557269753678","183664305217219171351514465603028527937","139804455583322841000522678523842891823"],"threshold":0.9},"signature_type":"Line","target":{"file":"src/com/android/server/telecom/ConnectionServiceWrapper.java"},"source":"https://android.googlesource.com/platform/packages/services/Telecomm/+/8c619f58c00047ab0ec687cd231bf93a08db6d55","signature_version":"v1","id":"ASB-A-329058967-81dba51d","deprecated":false},{"digest":{"length":967,"function_hash":"95813100806952752517657637119407566504"},"signature_type":"Function","target":{"file":"src/com/android/server/telecom/ConnectionServiceWrapper.java","function":"handleCreateConferenceComplete"},"source":"https://android.googlesource.com/platform/packages/services/Telecomm/+/8c619f58c00047ab0ec687cd231bf93a08db6d55","signature_version":"v1","id":"ASB-A-329058967-db818686","deprecated":false}]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-329058967.json"}},{"package":{"name":"platform/packages/services/Telecomm","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12:0"},{"fixed":"12:2024-09-01"}]}],"versions":["12"],"ecosystem_specific":{"types":["ID"],"spl":"2024-09-01","fixes":["https://android.googlesource.com/platform/packages/services/Telecomm/+/a8e2bf9c77cd94f683979c849015b78ef0537802"],"severity":"High","vanir_signatures":[{"digest":{"line_hashes":["100326431459558569292119600264389787165","224460809244113809053494007357703622319","333762841701727134505390074716578964885","199218706011219857461499847670488384710","19256926819814878956514261880855948330","139717360613838074749875733557269753678","183664305217219171351514465603028527937","139804455583322841000522678523842891823"],"threshold":0.9},"signature_type":"Line","target":{"file":"src/com/android/server/telecom/ConnectionServiceWrapper.java"},"source":"https://android.googlesource.com/platform/packages/services/Telecomm/+/a8e2bf9c77cd94f683979c849015b78ef0537802","signature_version":"v1","id":"ASB-A-329058967-0fe4a2cb","deprecated":false},{"digest":{"length":967,"function_hash":"95813100806952752517657637119407566504"},"signature_type":"Function","target":{"file":"src/com/android/server/telecom/ConnectionServiceWrapper.java","function":"handleCreateConferenceComplete"},"source":"https://android.googlesource.com/platform/packages/services/Telecomm/+/a8e2bf9c77cd94f683979c849015b78ef0537802","signature_version":"v1","id":"ASB-A-329058967-d51dfc42","deprecated":false}]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-329058967.json"}},{"package":{"name":"platform/packages/services/Telecomm","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12L:0"},{"fixed":"12L:2024-09-01"}]}],"versions":["12L"],"ecosystem_specific":{"types":["ID"],"spl":"2024-09-01","fixes":["https://android.googlesource.com/platform/packages/services/Telecomm/+/a8e2bf9c77cd94f683979c849015b78ef0537802"],"severity":"High","vanir_signatures":[{"digest":{"length":967,"function_hash":"95813100806952752517657637119407566504"},"signature_type":"Function","target":{"file":"src/com/android/server/telecom/ConnectionServiceWrapper.java","function":"handleCreateConferenceComplete"},"source":"https://android.googlesource.com/platform/packages/services/Telecomm/+/a8e2bf9c77cd94f683979c849015b78ef0537802","signature_version":"v1","id":"ASB-A-329058967-2f17c47d","deprecated":false},{"digest":{"line_hashes":["100326431459558569292119600264389787165","224460809244113809053494007357703622319","333762841701727134505390074716578964885","199218706011219857461499847670488384710","19256926819814878956514261880855948330","139717360613838074749875733557269753678","183664305217219171351514465603028527937","139804455583322841000522678523842891823"],"threshold":0.9},"signature_type":"Line","target":{"file":"src/com/android/server/telecom/ConnectionServiceWrapper.java"},"source":"https://android.googlesource.com/platform/packages/services/Telecomm/+/a8e2bf9c77cd94f683979c849015b78ef0537802","signature_version":"v1","id":"ASB-A-329058967-7d2c5330","deprecated":false}]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-329058967.json"}},{"package":{"name":"platform/packages/services/Telecomm","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"13:0"},{"fixed":"13:2024-09-01"}]}],"versions":["13"],"ecosystem_specific":{"types":["ID"],"spl":"2024-09-01","fixes":["https://android.googlesource.com/platform/packages/services/Telecomm/+/a8e2bf9c77cd94f683979c849015b78ef0537802"],"severity":"High","vanir_signatures":[{"digest":{"line_hashes":["100326431459558569292119600264389787165","224460809244113809053494007357703622319","333762841701727134505390074716578964885","199218706011219857461499847670488384710","19256926819814878956514261880855948330","139717360613838074749875733557269753678","183664305217219171351514465603028527937","139804455583322841000522678523842891823"],"threshold":0.9},"signature_type":"Line","target":{"file":"src/com/android/server/telecom/ConnectionServiceWrapper.java"},"source":"https://android.googlesource.com/platform/packages/services/Telecomm/+/a8e2bf9c77cd94f683979c849015b78ef0537802","signature_version":"v1","id":"ASB-A-329058967-ca84df39","deprecated":false},{"digest":{"length":967,"function_hash":"95813100806952752517657637119407566504"},"signature_type":"Function","target":{"file":"src/com/android/server/telecom/ConnectionServiceWrapper.java","function":"handleCreateConferenceComplete"},"source":"https://android.googlesource.com/platform/packages/services/Telecomm/+/a8e2bf9c77cd94f683979c849015b78ef0537802","signature_version":"v1","id":"ASB-A-329058967-ff959e01","deprecated":false}]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-329058967.json"}},{"package":{"name":"platform/packages/services/Telecomm","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"14:0"},{"fixed":"14:2024-09-01"}]}],"versions":["14"],"ecosystem_specific":{"types":["ID"],"spl":"2024-09-01","fixes":["https://android.googlesource.com/platform/packages/services/Telecomm/+/a8e2bf9c77cd94f683979c849015b78ef0537802"],"severity":"High","vanir_signatures":[{"digest":{"line_hashes":["100326431459558569292119600264389787165","224460809244113809053494007357703622319","333762841701727134505390074716578964885","199218706011219857461499847670488384710","19256926819814878956514261880855948330","139717360613838074749875733557269753678","183664305217219171351514465603028527937","139804455583322841000522678523842891823"],"threshold":0.9},"signature_type":"Line","target":{"file":"src/com/android/server/telecom/ConnectionServiceWrapper.java"},"source":"https://android.googlesource.com/platform/packages/services/Telecomm/+/a8e2bf9c77cd94f683979c849015b78ef0537802","signature_version":"v1","id":"ASB-A-329058967-1639fb22","deprecated":false},{"digest":{"length":967,"function_hash":"95813100806952752517657637119407566504"},"signature_type":"Function","target":{"file":"src/com/android/server/telecom/ConnectionServiceWrapper.java","function":"handleCreateConferenceComplete"},"source":"https://android.googlesource.com/platform/packages/services/Telecomm/+/a8e2bf9c77cd94f683979c849015b78ef0537802","signature_version":"v1","id":"ASB-A-329058967-798c60b6","deprecated":false}]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-329058967.json"}}],"schema_version":"1.7.5"}