{"id":"ASB-A-343440463","details":"In validateAccountsInternal of AccountManagerService.java, there is a possible way to leak account credentials to a third party app due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-343440463","CVE-2024-43086"],"modified":"2026-04-30T15:48:46.890647Z","published":"2024-11-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2024-11-01"},{"type":"FIX","url":"https://android.googlesource.com/platform/frameworks/base/+/55a3d36701bb874358f685d3ac3381eda10fcff0"}],"affected":[{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"15-next:0"},{"fixed":"15-next:2024-11-01"}]}],"versions":["15-next"],"ecosystem_specific":{"vanir_signatures":[{"signature_type":"Function","signature_version":"v1","id":"ASB-A-343440463-3e2e7f42","deprecated":false,"digest":{"length":3331,"function_hash":"101193414350098439995614606646394339346"},"target":{"function":"validateAccountsInternal","file":"services/core/java/com/android/server/accounts/AccountManagerService.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/ddfc078af7e89641360b896f99af23a6b371b847"},{"signature_type":"Line","signature_version":"v1","id":"ASB-A-343440463-4b98c8b4","deprecated":false,"digest":{"line_hashes":["29173051221296658536910211516454044335","184312520786542076771135869227635029727","17260541059910676630107404919963034225","7291052111595615850872169535590355287"],"threshold":0.9},"target":{"file":"services/core/java/com/android/server/accounts/AccountManagerService.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/ddfc078af7e89641360b896f99af23a6b371b847"}],"severity":"High","types":["ID"],"spl":"2024-11-01","fixes":["https://android.googlesource.com/platform/frameworks/base/+/ddfc078af7e89641360b896f99af23a6b371b847"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-343440463.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12:0"},{"fixed":"12:2024-11-01"}]}],"versions":["12"],"ecosystem_specific":{"vanir_signatures":[{"signature_type":"Line","signature_version":"v1","id":"ASB-A-343440463-38e08104","deprecated":false,"digest":{"line_hashes":["29173051221296658536910211516454044335","184312520786542076771135869227635029727","17260541059910676630107404919963034225","7291052111595615850872169535590355287"],"threshold":0.9},"target":{"file":"services/core/java/com/android/server/accounts/AccountManagerService.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/6e25cd888a1b48bd718175e4d06e8dca0a197302"},{"signature_type":"Function","signature_version":"v1","id":"ASB-A-343440463-b0418465","deprecated":false,"digest":{"length":3140,"function_hash":"22297508970871024618962377483595679632"},"target":{"function":"validateAccountsInternal","file":"services/core/java/com/android/server/accounts/AccountManagerService.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/6e25cd888a1b48bd718175e4d06e8dca0a197302"}],"severity":"High","types":["ID"],"spl":"2024-11-01","fixes":["https://android.googlesource.com/platform/frameworks/base/+/6e25cd888a1b48bd718175e4d06e8dca0a197302"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-343440463.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12L:0"},{"fixed":"12L:2024-11-01"}]}],"versions":["12L"],"ecosystem_specific":{"vanir_signatures":[{"signature_type":"Line","signature_version":"v1","id":"ASB-A-343440463-d41cca00","deprecated":false,"digest":{"line_hashes":["29173051221296658536910211516454044335","184312520786542076771135869227635029727","17260541059910676630107404919963034225","7291052111595615850872169535590355287"],"threshold":0.9},"target":{"file":"services/core/java/com/android/server/accounts/AccountManagerService.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/6e25cd888a1b48bd718175e4d06e8dca0a197302"},{"signature_type":"Function","signature_version":"v1","id":"ASB-A-343440463-f487e839","deprecated":false,"digest":{"length":3140,"function_hash":"22297508970871024618962377483595679632"},"target":{"function":"validateAccountsInternal","file":"services/core/java/com/android/server/accounts/AccountManagerService.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/6e25cd888a1b48bd718175e4d06e8dca0a197302"}],"severity":"High","types":["ID"],"spl":"2024-11-01","fixes":["https://android.googlesource.com/platform/frameworks/base/+/6e25cd888a1b48bd718175e4d06e8dca0a197302"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-343440463.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"13:0"},{"fixed":"13:2024-11-01"}]}],"versions":["13"],"ecosystem_specific":{"vanir_signatures":[{"signature_type":"Function","signature_version":"v1","id":"ASB-A-343440463-a4151bf9","deprecated":false,"digest":{"length":3140,"function_hash":"22297508970871024618962377483595679632"},"target":{"function":"validateAccountsInternal","file":"services/core/java/com/android/server/accounts/AccountManagerService.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/6e25cd888a1b48bd718175e4d06e8dca0a197302"},{"signature_type":"Line","signature_version":"v1","id":"ASB-A-343440463-d1bb29be","deprecated":false,"digest":{"line_hashes":["29173051221296658536910211516454044335","184312520786542076771135869227635029727","17260541059910676630107404919963034225","7291052111595615850872169535590355287"],"threshold":0.9},"target":{"file":"services/core/java/com/android/server/accounts/AccountManagerService.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/6e25cd888a1b48bd718175e4d06e8dca0a197302"}],"severity":"High","types":["ID"],"spl":"2024-11-01","fixes":["https://android.googlesource.com/platform/frameworks/base/+/6e25cd888a1b48bd718175e4d06e8dca0a197302"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-343440463.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"14:0"},{"fixed":"14:2024-11-01"}]}],"versions":["14"],"ecosystem_specific":{"vanir_signatures":[{"signature_type":"Function","signature_version":"v1","id":"ASB-A-343440463-f60470dc","deprecated":false,"digest":{"length":3140,"function_hash":"22297508970871024618962377483595679632"},"target":{"function":"validateAccountsInternal","file":"services/core/java/com/android/server/accounts/AccountManagerService.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/6e25cd888a1b48bd718175e4d06e8dca0a197302"},{"signature_type":"Line","signature_version":"v1","id":"ASB-A-343440463-fc4644cf","deprecated":false,"digest":{"line_hashes":["29173051221296658536910211516454044335","184312520786542076771135869227635029727","17260541059910676630107404919963034225","7291052111595615850872169535590355287"],"threshold":0.9},"target":{"file":"services/core/java/com/android/server/accounts/AccountManagerService.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/6e25cd888a1b48bd718175e4d06e8dca0a197302"}],"severity":"High","types":["ID"],"spl":"2024-11-01","fixes":["https://android.googlesource.com/platform/frameworks/base/+/6e25cd888a1b48bd718175e4d06e8dca0a197302"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-343440463.json"}}],"schema_version":"1.7.5"}