{"id":"ASB-A-369351375","details":"In multiple functions of AccountManagerService.java, there is a possible way to bypass permissions and launch protected activities due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.","aliases":["A-369351375","CVE-2024-49724"],"modified":"2026-05-01T15:24:27.653932Z","published":"2025-01-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2025-01-01"},{"type":"FIX","url":"https://android.googlesource.com/platform/frameworks/base/+/985bdc676ac5ea4f35be4b56b74f723afe5b2af3"}],"affected":[{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"15-next:0"},{"fixed":"15-next:2025-01-01"}]}],"versions":["15-next"],"ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/cde345a7ee06db716e613e12a2c218ce248ad1c4"],"vanir_signatures":[{"id":"ASB-A-369351375-63362f19","target":{"function":"checkKeyIntent","file":"services/core/java/com/android/server/accounts/AccountManagerService.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/cde345a7ee06db716e613e12a2c218ce248ad1c4","signature_type":"Function","signature_version":"v1","digest":{"length":1207,"function_hash":"42654008527931611799120307175659008934"},"deprecated":false},{"id":"ASB-A-369351375-d8faf8dc","target":{"file":"services/core/java/com/android/server/accounts/AccountManagerService.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/cde345a7ee06db716e613e12a2c218ce248ad1c4","signature_type":"Line","signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["219089530623713499049496334902847425327","329309075025768325897709312986591659778","220527672182167888631904577245241154123","90971935209824799136032281832678323089","310134665289348019573443295776207167908","183727665741911375382933532227263560216","87588912116976547789634249972198598754","99698422038306338887459501266826190699","67356492251881173511098466201218255798","231996928353105831418507088913135399289","299964627292181737175367433814372302732","34854065536878502073828532078471614500","74682427995452075934116984985639812723","141524746528183037349349507410879969815","218184317616380031805766499810722778887"]},"deprecated":false},{"id":"ASB-A-369351375-ef4cf5ef","target":{"function":"checkKeyIntentParceledCorrectly","file":"services/core/java/com/android/server/accounts/AccountManagerService.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/cde345a7ee06db716e613e12a2c218ce248ad1c4","signature_type":"Function","signature_version":"v1","digest":{"length":801,"function_hash":"48969121463080201235741379148890330042"},"deprecated":false}],"severity":"High","types":["EoP"],"spl":"2025-01-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-369351375.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12:0"},{"fixed":"12:2025-01-01"}]}],"versions":["12"],"ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/185048041e6f9d43c38829c09965e7a4740d2a6a"],"vanir_signatures":[{"id":"ASB-A-369351375-00aa2992","target":{"function":"checkKeyIntentParceledCorrectly","file":"services/core/java/com/android/server/accounts/AccountManagerService.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/185048041e6f9d43c38829c09965e7a4740d2a6a","signature_type":"Function","signature_version":"v1","digest":{"length":769,"function_hash":"203911748403559997956553553172550632524"},"deprecated":false},{"id":"ASB-A-369351375-9a77ef56","target":{"file":"services/core/java/com/android/server/accounts/AccountManagerService.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/185048041e6f9d43c38829c09965e7a4740d2a6a","signature_type":"Line","signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["219089530623713499049496334902847425327","329309075025768325897709312986591659778","220527672182167888631904577245241154123","90971935209824799136032281832678323089","285758355853553288136460222232517894852","249520830598242276603421062396672184894","118063220515672952178012219922957877184","251037986107376490436749930810932620865","235947357003513208336137268846037427206","180001126956828727498349687249486793193","303804394362158910449280446315020349913","74682427995452075934116984985639812723","141524746528183037349349507410879969815","218184317616380031805766499810722778887"]},"deprecated":false},{"id":"ASB-A-369351375-edb07268","target":{"function":"checkKeyIntent","file":"services/core/java/com/android/server/accounts/AccountManagerService.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/185048041e6f9d43c38829c09965e7a4740d2a6a","signature_type":"Function","signature_version":"v1","digest":{"length":1224,"function_hash":"300299237621674426887142308862585341570"},"deprecated":false}],"severity":"High","types":["EoP"],"spl":"2025-01-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-369351375.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12L:0"},{"fixed":"12L:2025-01-01"}]}],"versions":["12L"],"ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/185048041e6f9d43c38829c09965e7a4740d2a6a"],"vanir_signatures":[{"id":"ASB-A-369351375-18b2f808","target":{"file":"services/core/java/com/android/server/accounts/AccountManagerService.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/185048041e6f9d43c38829c09965e7a4740d2a6a","signature_type":"Line","signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["219089530623713499049496334902847425327","329309075025768325897709312986591659778","220527672182167888631904577245241154123","90971935209824799136032281832678323089","285758355853553288136460222232517894852","249520830598242276603421062396672184894","118063220515672952178012219922957877184","251037986107376490436749930810932620865","235947357003513208336137268846037427206","180001126956828727498349687249486793193","303804394362158910449280446315020349913","74682427995452075934116984985639812723","141524746528183037349349507410879969815","218184317616380031805766499810722778887"]},"deprecated":false},{"id":"ASB-A-369351375-d1a98bee","target":{"function":"checkKeyIntent","file":"services/core/java/com/android/server/accounts/AccountManagerService.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/185048041e6f9d43c38829c09965e7a4740d2a6a","signature_type":"Function","signature_version":"v1","digest":{"length":1224,"function_hash":"300299237621674426887142308862585341570"},"deprecated":false},{"id":"ASB-A-369351375-fef51d74","target":{"function":"checkKeyIntentParceledCorrectly","file":"services/core/java/com/android/server/accounts/AccountManagerService.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/185048041e6f9d43c38829c09965e7a4740d2a6a","signature_type":"Function","signature_version":"v1","digest":{"length":769,"function_hash":"203911748403559997956553553172550632524"},"deprecated":false}],"severity":"High","types":["EoP"],"spl":"2025-01-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-369351375.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"15:0"},{"fixed":"15:2025-01-01"}]}],"versions":["15"],"ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/0397dd35e6cc696b0ea3949c5d29f90b42a0ce59"],"severity":"High","types":["EoP"],"spl":"2025-01-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-369351375.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"13:0"},{"fixed":"13:2025-01-01"}]}],"versions":["13"],"ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/d04cea5ea08f91f55a14209c1e424e163e2d50ab"],"vanir_signatures":[{"id":"ASB-A-369351375-03161ec3","target":{"function":"checkKeyIntentParceledCorrectly","file":"services/core/java/com/android/server/accounts/AccountManagerService.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/d04cea5ea08f91f55a14209c1e424e163e2d50ab","signature_type":"Function","signature_version":"v1","digest":{"length":801,"function_hash":"48969121463080201235741379148890330042"},"deprecated":false},{"id":"ASB-A-369351375-193c630f","target":{"function":"checkKeyIntent","file":"services/core/java/com/android/server/accounts/AccountManagerService.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/d04cea5ea08f91f55a14209c1e424e163e2d50ab","signature_type":"Function","signature_version":"v1","digest":{"length":1207,"function_hash":"42654008527931611799120307175659008934"},"deprecated":false},{"id":"ASB-A-369351375-ba26c1a8","target":{"file":"services/core/java/com/android/server/accounts/AccountManagerService.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/d04cea5ea08f91f55a14209c1e424e163e2d50ab","signature_type":"Line","signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["219089530623713499049496334902847425327","329309075025768325897709312986591659778","220527672182167888631904577245241154123","90971935209824799136032281832678323089","310134665289348019573443295776207167908","183727665741911375382933532227263560216","87588912116976547789634249972198598754","99698422038306338887459501266826190699","67356492251881173511098466201218255798","231996928353105831418507088913135399289","299964627292181737175367433814372302732","34854065536878502073828532078471614500","74682427995452075934116984985639812723","141524746528183037349349507410879969815","218184317616380031805766499810722778887"]},"deprecated":false}],"severity":"High","types":["EoP"],"spl":"2025-01-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-369351375.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"14:0"},{"fixed":"14:2025-01-01"}]}],"versions":["14"],"ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/d04cea5ea08f91f55a14209c1e424e163e2d50ab"],"vanir_signatures":[{"id":"ASB-A-369351375-2e9a1835","target":{"function":"checkKeyIntentParceledCorrectly","file":"services/core/java/com/android/server/accounts/AccountManagerService.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/d04cea5ea08f91f55a14209c1e424e163e2d50ab","signature_type":"Function","signature_version":"v1","digest":{"length":801,"function_hash":"48969121463080201235741379148890330042"},"deprecated":false},{"id":"ASB-A-369351375-4454e2ac","target":{"file":"services/core/java/com/android/server/accounts/AccountManagerService.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/d04cea5ea08f91f55a14209c1e424e163e2d50ab","signature_type":"Line","signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["219089530623713499049496334902847425327","329309075025768325897709312986591659778","220527672182167888631904577245241154123","90971935209824799136032281832678323089","310134665289348019573443295776207167908","183727665741911375382933532227263560216","87588912116976547789634249972198598754","99698422038306338887459501266826190699","67356492251881173511098466201218255798","231996928353105831418507088913135399289","299964627292181737175367433814372302732","34854065536878502073828532078471614500","74682427995452075934116984985639812723","141524746528183037349349507410879969815","218184317616380031805766499810722778887"]},"deprecated":false},{"id":"ASB-A-369351375-e0bed510","target":{"function":"checkKeyIntent","file":"services/core/java/com/android/server/accounts/AccountManagerService.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/d04cea5ea08f91f55a14209c1e424e163e2d50ab","signature_type":"Function","signature_version":"v1","digest":{"length":1207,"function_hash":"42654008527931611799120307175659008934"},"deprecated":false}],"severity":"High","types":["EoP"],"spl":"2025-01-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-369351375.json"}}],"schema_version":"1.7.5"}