ASB-A-221040577
See a problem?- Import Source
- https://storage.googleapis.com/android-osv/ASB-A-221040577.json
- JSON Data
- https://api.osv.dev/v1/vulns/ASB-A-221040577
- Aliases
-
- A-221040577
- CVE-2023-20906
- Published
- 2023-03-01T00:00:00Z
- Modified
- 2026-04-29T15:10:00.007170Z
- Summary
- [none]
- Details
-
In onPackageAddedInternal of PermissionManagerService.java, there is a possible way to silently grant a permission after a Target SDK update due to a permissions bypass. This could lead to local escalation of privilege after updating an app to a higher Target SDK with no additional execution privileges needed. User interaction is not needed for exploitation.
- References
Affected packages
Android
platform/frameworks/base
Package
- Name
- platform/frameworks/base
Ecosystem specific
{
"spl": "2023-03-01",
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/e6efe583f98644440f675bb2cc5a75d665ca31c9"
],
"types": [
"EoP"
],
"vanir_signatures": [
{
"signature_type": "Line",
"signature_version": "v1",
"deprecated": false,
"digest": {
"line_hashes": [
"332912690824931462244194323491242883782",
"259989983721407450859979620886065752986",
"38869589564361465266772387587708486935",
"55540827721963568973809242028415986211",
"336942483118682634612537402811980972292",
"240623499310114656397924907302367732384",
"49116731288914950667429861431582766175"
],
"threshold": 0.9
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/e6efe583f98644440f675bb2cc5a75d665ca31c9",
"target": {
"file": "services/core/java/com/android/server/pm/permission/PermissionManagerServiceImpl.java"
},
"id": "ASB-A-221040577-3f6453eb"
},
{
"signature_type": "Function",
"signature_version": "v1",
"deprecated": false,
"digest": {
"length": 1171.0,
"function_hash": "254934654226332861981312680198584974655"
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/e6efe583f98644440f675bb2cc5a75d665ca31c9",
"target": {
"function": "onPackageAddedInternal",
"file": "services/core/java/com/android/server/pm/permission/PermissionManagerServiceImpl.java"
},
"id": "ASB-A-221040577-d706e222"
}
],
"severity": "High"
}platform/frameworks/base
Package
- Name
- platform/frameworks/base
Ecosystem specific
{
"spl": "2023-03-01",
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/2f30a63b11e59f9daf42f51eb85aa91c86f4baf4",
"https://android.googlesource.com/platform/frameworks/base/+/14551ab6d2c754d83d6b504549aabb40018d9c6a"
],
"types": [
"EoP"
],
"vanir_signatures": [
{
"signature_type": "Line",
"signature_version": "v1",
"deprecated": false,
"digest": {
"line_hashes": [
"63617228123231389157678444016981042758",
"307817833435620765044176194408880760069",
"145625110771803479936844521300901125064",
"95493312720080284709043055752853624397",
"243996333839111971992555695183695671801",
"334509522104777894484931643752337482002",
"138150838695361478392070281702230292223",
"278604607850135422571958282041771463121",
"22656488853290935534549218894676931759",
"25290995885617357257344267291092550861",
"100417968865404874609375927335168003552"
],
"threshold": 0.9
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/14551ab6d2c754d83d6b504549aabb40018d9c6a",
"target": {
"file": "services/core/java/com/android/server/pm/permission/PermissionManagerServiceInternal.java"
},
"id": "ASB-A-221040577-2031bccb"
},
{
"signature_type": "Line",
"signature_version": "v1",
"deprecated": false,
"digest": {
"line_hashes": [
"30553861861542596536484849737338142538",
"64422473440631326362935125530765734808",
"66617370866194042534636165393138419215",
"253486867763259364198838821018249159346",
"234427732332460419683280325131817786104",
"170751048600913403647270996771904538081",
"315552169768819034331054160079121776308",
"19079637256359424495946882261832414760",
"58624928594643985245701146764633234660",
"60342793402009383795077237736412838416",
"260836991285810948609356616388936811191",
"103647162603698848244913627223363131578",
"80879277292638886615080913027510501208",
"40119369577325674107995636609886042298",
"195666147893739222628403882447240346435",
"303660049123680962705019011860582343065",
"148437318290529669344121565119150032859",
"86349647666249459856572696221300111365"
],
"threshold": 0.9
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/14551ab6d2c754d83d6b504549aabb40018d9c6a",
"target": {
"file": "services/core/java/com/android/server/pm/permission/PermissionManagerService.java"
},
"id": "ASB-A-221040577-46984a93"
},
{
"signature_type": "Line",
"signature_version": "v1",
"deprecated": false,
"digest": {
"line_hashes": [
"211944118180056668024505643965069121348",
"101383814151195122333233703118074256060",
"100153087899313758591344044118174399317",
"8623634095673080074026369860095805136",
"200222505482104338504794180945021285318",
"191042270520810155457571782397370298001"
],
"threshold": 0.9
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/14551ab6d2c754d83d6b504549aabb40018d9c6a",
"target": {
"file": "services/core/java/com/android/server/pm/PackageManagerService.java"
},
"id": "ASB-A-221040577-6769a809"
},
{
"signature_type": "Function",
"signature_version": "v1",
"deprecated": false,
"digest": {
"length": 5056.0,
"function_hash": "186704004956831636458598013952277793202"
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/14551ab6d2c754d83d6b504549aabb40018d9c6a",
"target": {
"function": "commitPackageSettings",
"file": "services/core/java/com/android/server/pm/PackageManagerService.java"
},
"id": "ASB-A-221040577-a4636b68"
},
{
"signature_type": "Function",
"signature_version": "v1",
"deprecated": false,
"digest": {
"length": 192.0,
"function_hash": "176798206311331559845208305831929425920"
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/14551ab6d2c754d83d6b504549aabb40018d9c6a",
"target": {
"function": "revokeRuntimePermissionsIfGroupChanged",
"file": "services/core/java/com/android/server/pm/permission/PermissionManagerService.java"
},
"id": "ASB-A-221040577-ff06d8d4"
}
],
"severity": "High"
}platform/frameworks/base
Package
- Name
- platform/frameworks/base
Ecosystem specific
{
"spl": "2023-03-01",
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/5e80fcf8c423f288a87d727f48ae38112177d716"
],
"types": [
"EoP"
],
"vanir_signatures": [
{
"signature_type": "Line",
"signature_version": "v1",
"deprecated": false,
"digest": {
"line_hashes": [
"332912690824931462244194323491242883782",
"259989983721407450859979620886065752986",
"38869589564361465266772387587708486935",
"55540827721963568973809242028415986211",
"336942483118682634612537402811980972292",
"240623499310114656397924907302367732384",
"49116731288914950667429861431582766175"
],
"threshold": 0.9
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/5e80fcf8c423f288a87d727f48ae38112177d716",
"target": {
"file": "services/core/java/com/android/server/pm/permission/PermissionManagerService.java"
},
"id": "ASB-A-221040577-94290be3"
},
{
"signature_type": "Function",
"signature_version": "v1",
"deprecated": false,
"digest": {
"length": 1171.0,
"function_hash": "254934654226332861981312680198584974655"
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/5e80fcf8c423f288a87d727f48ae38112177d716",
"target": {
"function": "onPackageAddedInternal",
"file": "services/core/java/com/android/server/pm/permission/PermissionManagerService.java"
},
"id": "ASB-A-221040577-c64d9b5c"
}
],
"severity": "High"
}platform/frameworks/base
Package
- Name
- platform/frameworks/base
Ecosystem specific
{
"spl": "2023-03-01",
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/2509b12e6fc921c855e16471a8b6648535626f1d"
],
"types": [
"EoP"
],
"vanir_signatures": [
{
"signature_type": "Line",
"signature_version": "v1",
"deprecated": false,
"digest": {
"line_hashes": [
"332912690824931462244194323491242883782",
"259989983721407450859979620886065752986",
"38869589564361465266772387587708486935",
"55540827721963568973809242028415986211",
"336942483118682634612537402811980972292",
"240623499310114656397924907302367732384",
"49116731288914950667429861431582766175"
],
"threshold": 0.9
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/2509b12e6fc921c855e16471a8b6648535626f1d",
"target": {
"file": "services/core/java/com/android/server/pm/permission/PermissionManagerService.java"
},
"id": "ASB-A-221040577-883a94cf"
},
{
"signature_type": "Function",
"signature_version": "v1",
"deprecated": false,
"digest": {
"length": 1171.0,
"function_hash": "254934654226332861981312680198584974655"
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/2509b12e6fc921c855e16471a8b6648535626f1d",
"target": {
"function": "onPackageAddedInternal",
"file": "services/core/java/com/android/server/pm/permission/PermissionManagerService.java"
},
"id": "ASB-A-221040577-db99635e"
}
],
"severity": "High"
}platform/frameworks/base
Package
- Name
- platform/frameworks/base
Ecosystem specific
{
"spl": "2023-03-01",
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/fba194b998cf22d073a36cb5c6f9397c2dc1a50e"
],
"types": [
"EoP"
],
"vanir_signatures": [
{
"signature_type": "Function",
"signature_version": "v1",
"deprecated": false,
"digest": {
"length": 1171.0,
"function_hash": "254934654226332861981312680198584974655"
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/fba194b998cf22d073a36cb5c6f9397c2dc1a50e",
"target": {
"function": "onPackageAddedInternal",
"file": "services/core/java/com/android/server/pm/permission/PermissionManagerServiceImpl.java"
},
"id": "ASB-A-221040577-249277d7"
},
{
"signature_type": "Line",
"signature_version": "v1",
"deprecated": false,
"digest": {
"line_hashes": [
"332912690824931462244194323491242883782",
"259989983721407450859979620886065752986",
"38869589564361465266772387587708486935",
"55540827721963568973809242028415986211",
"336942483118682634612537402811980972292",
"240623499310114656397924907302367732384",
"49116731288914950667429861431582766175"
],
"threshold": 0.9
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/fba194b998cf22d073a36cb5c6f9397c2dc1a50e",
"target": {
"file": "services/core/java/com/android/server/pm/permission/PermissionManagerServiceImpl.java"
},
"id": "ASB-A-221040577-fd402e7c"
}
],
"severity": "High"
}