{"id":"ASB-A-336976105","details":"In getRegistration of RemoteProvisioningService.java, there is a possible way to permanently disable the AndroidKeyStore key generation feature by updating the attestation keys of all installed apps due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-336976105","CVE-2024-40659"],"modified":"2026-03-11T06:30:10.540826Z","published":"2024-09-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2024-09-01"},{"type":"FIX","url":"https://android.googlesource.com/platform/packages/modules/RemoteKeyProvisioning/+/c65dce4c6d8d54e47dce79a56e29e2223a2354e6"}],"affected":[{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"15-next:0"},{"fixed":"15-next:2024-09-01"}]}],"versions":["15-next"],"ecosystem_specific":{"fixes":["https://googleplex-android.googlesource.com/platform/frameworks/base/+/fb65afa14cddf8018704ab85c08beeffcf471638"],"severity":"High","types":["DoS"],"spl":"2024-09-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv-test/ASB-A-336976105.json"}},{"package":{"name":"platform/packages/modules/Permission","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"15-next:0"},{"fixed":"15-next:2024-09-01"}]}],"versions":["15-next"],"ecosystem_specific":{"fixes":["https://googleplex-android.googlesource.com/platform/packages/modules/Permission/+/3ecdbf8dd9d63c65c0f09f4833c0a7979ffa9ca0"],"severity":"High","types":["DoS"],"spl":"2024-09-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv-test/ASB-A-336976105.json"}},{"package":{"name":"platform/packages/modules/RemoteKeyProvisioning","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"15-next:0"},{"fixed":"15-next:2024-09-01"}]}],"versions":["15-next"],"ecosystem_specific":{"fixes":["https://googleplex-android.googlesource.com/platform/packages/modules/RemoteKeyProvisioning/+/20922a9eb1721b23c1d75c811fda0c3cf7d0a4cf"],"severity":"High","vanir_signatures":[{"id":"ASB-A-336976105-306e6ecf","signature_version":"v1","source":"https://googleplex-android.googlesource.com/platform/packages/modules/RemoteKeyProvisioning/+/20922a9eb1721b23c1d75c811fda0c3cf7d0a4cf","target":{"function":"getRegistration","file":"app/src/com/android/rkpdapp/service/RemoteProvisioningService.java"},"digest":{"length":1210,"function_hash":"234841824562288729416319276645598306787"},"deprecated":false,"signature_type":"Function"},{"id":"ASB-A-336976105-7457ab82","signature_version":"v1","source":"https://googleplex-android.googlesource.com/platform/packages/modules/RemoteKeyProvisioning/+/20922a9eb1721b23c1d75c811fda0c3cf7d0a4cf","target":{"file":"app/src/com/android/rkpdapp/service/RemoteProvisioningService.java"},"digest":{"threshold":0.9,"line_hashes":["132800871280003918694670160317042139162","190884303207015156163118594245004016198","204975416451531807782764659610410548911","66434609003460990096378821732044406984","142937898931828598430970364491931271198","161734595346689671121384731744033137378","71119018193104367833081393186010998618","66728635047074922466260773775375642219"]},"deprecated":false,"signature_type":"Line"}],"types":["DoS"],"spl":"2024-09-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv-test/ASB-A-336976105.json"}},{"package":{"name":"platform/packages/modules/RemoteKeyProvisioning","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"14:0"},{"fixed":"14:2024-09-01"}]}],"versions":["14"],"ecosystem_specific":{"fixes":["https://googleplex-android.googlesource.com/platform/packages/modules/RemoteKeyProvisioning/+/d9c9db03fae63ac16d76cd68450e78c4a9285104"],"severity":"High","vanir_signatures":[{"id":"ASB-A-336976105-a43f68f8","signature_version":"v1","source":"https://googleplex-android.googlesource.com/platform/packages/modules/RemoteKeyProvisioning/+/d9c9db03fae63ac16d76cd68450e78c4a9285104","target":{"file":"app/src/com/android/rkpdapp/service/RemoteProvisioningService.java"},"digest":{"threshold":0.9,"line_hashes":["132800871280003918694670160317042139162","190884303207015156163118594245004016198","204975416451531807782764659610410548911","66434609003460990096378821732044406984","142937898931828598430970364491931271198","161734595346689671121384731744033137378","71119018193104367833081393186010998618","66728635047074922466260773775375642219"]},"deprecated":false,"signature_type":"Line"},{"id":"ASB-A-336976105-f8c907ed","signature_version":"v1","source":"https://googleplex-android.googlesource.com/platform/packages/modules/RemoteKeyProvisioning/+/d9c9db03fae63ac16d76cd68450e78c4a9285104","target":{"function":"getRegistration","file":"app/src/com/android/rkpdapp/service/RemoteProvisioningService.java"},"digest":{"length":1142,"function_hash":"277747717543683618016291332200748615377"},"deprecated":false,"signature_type":"Function"}],"types":["DoS"],"spl":"2024-09-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv-test/ASB-A-336976105.json"}}],"schema_version":"1.7.5"}