ASB-A-189942529
See a problem?- Import Source
- https://storage.googleapis.com/android-osv/ASB-A-189942529.json
- JSON Data
- https://api.osv.dev/v1/vulns/ASB-A-189942529
- Aliases
-
- A-189942529
- CVE-2023-20914
- Published
- 2023-05-01T00:00:00Z
- Modified
- 2025-10-31T15:37:41.221363Z
- Summary
- [none]
- Details
-
In onSetRuntimePermissionGrantStateByDeviceAdmin of AdminRestrictedPermissionsUtils.java, there is a possible way for the work profile to read SMS messages due to a permissions bypass. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.
- References
Affected packages
Android / platform/frameworks/base
Package
Android / platform/packages/modules/Permission
Package
Ecosystem specific
{
"vanir_signatures": [
{
"source": "https://android.googlesource.com/platform/packages/modules/Permission/+/6ab6787a10aab9f1fb26c27a0307a3a13877458d",
"signature_version": "v1",
"deprecated": false,
"id": "ASB-A-189942529-61c33028",
"target": {
"function": "onSetRuntimePermissionGrantStateByDeviceAdmin",
"file": "PermissionController/src/com/android/permissioncontroller/permission/service/PermissionControllerServiceImpl.java"
},
"digest": {
"length": 1585.0,
"function_hash": "98090093838874514743959095491257221978"
},
"signature_type": "Function"
},
{
"source": "https://android.googlesource.com/platform/packages/modules/Permission/+/6ab6787a10aab9f1fb26c27a0307a3a13877458d",
"signature_version": "v1",
"deprecated": false,
"id": "ASB-A-189942529-ae8154ca",
"target": {
"file": "PermissionController/src/com/android/permissioncontroller/permission/utils/AdminRestrictedPermissionsUtils.java"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"244124307621395840514765948470814952109",
"310538224167713455386875567898081692552",
"85252730122784721239844221863843019970",
"107813305455604471280726669704090380455",
"28599776163267292011415944473705434877",
"320559855082176353699487686772582864106",
"313480284749953354070015147992117835600",
"331320170299235338814276666772020326721",
"69912247037910831691219059131960565762",
"23950943548455525979724196928714964467",
"181998409392176968384423922626698836926",
"23424602319855905655783500197259227476",
"175874183598896577851538410713530722375",
"219902066758842369237103045658295952295",
"159330725279913717373006103946837723832",
"182548609187235165250868451508823467315",
"232743074267986976845257773198575963758",
"229646476515659504538081273937261467369",
"17521530349187032722906553952958423170",
"224394777539580883457658130491531793465",
"23726345567086548616993380325534698714",
"160879300934593729294865942557898940660",
"91480412336157135014381303815890306871",
"312846803733331298644414920157663069589",
"256526236646781336976730747098199776972",
"219902066758842369237103045658295952295",
"159330725279913717373006103946837723832",
"182548609187235165250868451508823467315"
]
},
"signature_type": "Line"
},
{
"source": "https://android.googlesource.com/platform/packages/modules/Permission/+/6ab6787a10aab9f1fb26c27a0307a3a13877458d",
"signature_version": "v1",
"deprecated": false,
"id": "ASB-A-189942529-b15beaf2",
"target": {
"function": "mayAdminGrantPermission",
"file": "PermissionController/src/com/android/permissioncontroller/permission/utils/AdminRestrictedPermissionsUtils.java"
},
"digest": {
"length": 199.0,
"function_hash": "171950238600846397207612931395752259196"
},
"signature_type": "Function"
},
{
"source": "https://android.googlesource.com/platform/packages/modules/Permission/+/6ab6787a10aab9f1fb26c27a0307a3a13877458d",
"signature_version": "v1",
"deprecated": false,
"id": "ASB-A-189942529-b349021c",
"target": {
"function": "isPermissionRestrictedForAdmin",
"file": "PermissionController/src/com/android/permissioncontroller/permission/utils/AdminRestrictedPermissionsUtils.java"
},
"digest": {
"length": 153.0,
"function_hash": "173595976166783624265209894879777934859"
},
"signature_type": "Function"
},
{
"source": "https://android.googlesource.com/platform/packages/modules/Permission/+/6ab6787a10aab9f1fb26c27a0307a3a13877458d",
"signature_version": "v1",
"deprecated": false,
"id": "ASB-A-189942529-c2279e66",
"target": {
"file": "PermissionController/src/com/android/permissioncontroller/permission/service/PermissionControllerServiceImpl.java"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"275077835771183303159974559785422247595",
"261743703359616352197174920680081785052",
"1634319847002174464404947494744909120",
"131397531329404237658480183530454569429",
"120638317716634515427798622691488875464",
"295354374260402683756863687014259041051",
"23192077907588890582162805630040384255",
"190844211644446582271137667034745431153",
"228153805065548331655547776652880914530",
"135085326122109860790167210727523475167",
"36322773630255531718576686301716289585"
]
},
"signature_type": "Line"
},
{
"source": "https://android.googlesource.com/platform/packages/modules/Permission/+/6ab6787a10aab9f1fb26c27a0307a3a13877458d",
"signature_version": "v1",
"deprecated": false,
"id": "ASB-A-189942529-e4ca6208",
"target": {
"function": "mayAdminGrantPermission",
"file": "PermissionController/src/com/android/permissioncontroller/permission/utils/AdminRestrictedPermissionsUtils.java"
},
"digest": {
"length": 344.0,
"function_hash": "176928641914812896216984319922632258409"
},
"signature_type": "Function"
}
],
"fixes": [
"https://android.googlesource.com/platform/packages/modules/Permission/+/6ab6787a10aab9f1fb26c27a0307a3a13877458d"
],
"types": [
"ID"
],
"severity": "High",
"spl": "2023-05-01"
}