ASB-A-237766679
See a problem?- Import Source
- https://storage.googleapis.com/android-osv/ASB-A-237766679.json
- JSON Data
- https://api.osv.dev/v1/vulns/ASB-A-237766679
- Aliases
-
- A-237766679
- CVE-2023-21089
- Published
- 2023-04-01T00:00:00Z
- Modified
- 2025-07-04T14:49:55.829990Z
- Summary
- [none]
- Details
-
In startInstrumentation of ActivityManagerService.java, there is a possible way to keep the foreground service alive while the app is in the background. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
- References
Affected packages
Android / platform/frameworks/base
Package
Ecosystem specific
{
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/c6e7343756f510c878e53390ea82e5936b9c16d8",
"https://android.googlesource.com/platform/frameworks/base/+/ea3970887683fb18a8180b425cc14102396ee00d",
"https://android.googlesource.com/platform/frameworks/base/+/f94e4d8e90c1a1a8655f5384f3d0c428951394ab",
"https://android.googlesource.com/platform/frameworks/base/+/62ae15335bfa14dbd583d1c2019f36641b3c4499"
],
"severity": "High",
"types": [
"EoP"
],
"spl": "2023-04-01",
"vanir_signatures": [
{
"target": {
"file": "services/core/java/com/android/server/am/ActivityManagerService.java",
"function": "startInstrumentation"
},
"id": "ASB-A-237766679-33013fc2",
"deprecated": false,
"digest": {
"function_hash": "21059591443163205247196022420001902244",
"length": 5098.0
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/ea3970887683fb18a8180b425cc14102396ee00d",
"signature_type": "Function",
"signature_version": "v1"
},
{
"target": {
"file": "services/core/java/com/android/server/am/ActivityManagerService.java",
"function": "startInstrumentation"
},
"id": "ASB-A-237766679-33ca0bd5",
"deprecated": false,
"digest": {
"function_hash": "55033611091652766663857133286467096158",
"length": 5148.0
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/62ae15335bfa14dbd583d1c2019f36641b3c4499",
"signature_type": "Function",
"signature_version": "v1"
},
{
"target": {
"file": "services/core/java/com/android/server/am/ActivityManagerService.java"
},
"id": "ASB-A-237766679-36ed33b8",
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"221500824581219247607752389478836657194",
"118279720554820571106150299873347108622",
"40195339095343540601852591297555666659"
]
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/c6e7343756f510c878e53390ea82e5936b9c16d8",
"signature_type": "Line",
"signature_version": "v1"
},
{
"id": "ASB-A-237766679-389847e9",
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/f94e4d8e90c1a1a8655f5384f3d0c428951394ab",
"signature_version": "v1",
"match_only_versions": [
"13-next"
],
"digest": {
"threshold": 0.9,
"line_hashes": [
"45889193571489898754819745180116740064",
"70702682889017062139098948842835486377",
"267199326354569661533549059921738953475",
"200287827859909492878455974803737000756",
"267111193992151164575056732187146505684",
"332033889706154271432119019970091783478",
"222175889293983889667074114548989413470",
"191110265533759971874479373160948460335",
"237667255917591614263557675223062402043",
"107116551869015075857457756111706581275",
"61560613532054584590974819742675667442",
"158156078762079022636955624147697876163",
"253220886344515708705307981034335389620",
"329332243181098572111806462661608454272",
"36903783319038985313026662082323835466"
]
},
"target": {
"file": "services/core/java/com/android/server/am/OomAdjuster.java"
},
"signature_type": "Line"
},
{
"target": {
"file": "services/core/java/com/android/server/am/ActivityManagerService.java"
},
"id": "ASB-A-237766679-67e17d7d",
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"218036373952006876221110023763965589871",
"299253713187424794531056651888714146308",
"85061882957808510653676117443229045952",
"212408163724467335781474175824142850888",
"267369423550567621523901784619241603605",
"112443739984359875282097783791166002396",
"227485280610046146846688214189189994033"
]
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/ea3970887683fb18a8180b425cc14102396ee00d",
"signature_type": "Line",
"signature_version": "v1"
},
{
"target": {
"file": "services/core/java/com/android/server/am/ActivityManagerService.java"
},
"id": "ASB-A-237766679-6fb81f26",
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"150879188847474757560318238790429682883",
"142039121869990323743579952558519169917",
"64849485139039774888461575041385499202",
"132939419264760486351231394269320697673",
"217783203505312328417466856074347879793",
"169649374847203213844078397754522319299",
"85079607111811584042688613235238941797",
"30533370187811226254822331023787014222"
]
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/62ae15335bfa14dbd583d1c2019f36641b3c4499",
"signature_type": "Line",
"signature_version": "v1"
},
{
"target": {
"file": "services/core/java/com/android/server/am/OomAdjuster.java",
"function": "computeOomAdjLSP"
},
"id": "ASB-A-237766679-a3ae0b59",
"deprecated": true,
"digest": {
"function_hash": "261020442301623220239914373066621812035",
"length": 25366.0
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/f94e4d8e90c1a1a8655f5384f3d0c428951394ab",
"signature_type": "Function",
"signature_version": "v1"
},
{
"id": "ASB-A-237766679-ace700fb",
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/f94e4d8e90c1a1a8655f5384f3d0c428951394ab",
"signature_version": "v1",
"match_only_versions": [
"13-next"
],
"digest": {
"function_hash": "23350080238570695405701213665260073628",
"length": 572.0
},
"target": {
"file": "services/core/java/com/android/server/am/OomAdjuster.java",
"function": "getDefaultCapability"
},
"signature_type": "Function"
},
{
"target": {
"file": "services/core/java/com/android/server/am/ActivityManagerService.java",
"function": "startInstrumentation"
},
"id": "ASB-A-237766679-f5ab075f",
"deprecated": false,
"digest": {
"function_hash": "206213621436195695622861945275215263056",
"length": 4749.0
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/c6e7343756f510c878e53390ea82e5936b9c16d8",
"signature_type": "Function",
"signature_version": "v1"
}
]
}
Android / platform/frameworks/base
Package
Ecosystem specific
{
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/8c90891a38ecb5047e115e13baf700a8b486a5d1"
],
"severity": "High",
"types": [
"EoP"
],
"spl": "2023-04-01",
"vanir_signatures": [
{
"target": {
"file": "services/core/java/com/android/server/am/ActivityManagerService.java"
},
"id": "ASB-A-237766679-92d3df09",
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"269684630138826889625859826550126767224",
"148589413550345063463726362386917874073",
"21567323259179004115643900225378340917",
"137251914390210945334163069411398562491",
"203661793217582079446986351059899764163",
"28540091405360853314795402805562118117",
"223857493236704816819547189416167560002"
]
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/8c90891a38ecb5047e115e13baf700a8b486a5d1",
"signature_type": "Line",
"signature_version": "v1"
},
{
"target": {
"file": "services/core/java/com/android/server/am/ActivityManagerService.java",
"function": "startInstrumentation"
},
"id": "ASB-A-237766679-9918c350",
"deprecated": false,
"digest": {
"function_hash": "21034421742601590535636389842059003527",
"length": 3662.0
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/8c90891a38ecb5047e115e13baf700a8b486a5d1",
"signature_type": "Function",
"signature_version": "v1"
}
]
}
Android / platform/frameworks/base
Package
Ecosystem specific
{
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/5985225e777cdb96b738aeda859dff49f6c6f853"
],
"severity": "High",
"types": [
"EoP"
],
"spl": "2023-04-01",
"vanir_signatures": [
{
"target": {
"file": "services/core/java/com/android/server/am/ActivityManagerService.java"
},
"id": "ASB-A-237766679-527b301d",
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"321739464313689101190173871621246585312",
"256800668022919934400417933160505713047",
"270673493866831921931363097009780579345",
"137251914390210945334163069411398562491",
"68318016864582298944874182767418455091",
"176628759993620618274370284065506164893",
"223857493236704816819547189416167560002"
]
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/5985225e777cdb96b738aeda859dff49f6c6f853",
"signature_type": "Line",
"signature_version": "v1"
},
{
"target": {
"file": "services/core/java/com/android/server/am/ActivityManagerService.java",
"function": "startInstrumentation"
},
"id": "ASB-A-237766679-6b68ab93",
"deprecated": false,
"digest": {
"function_hash": "274217139864186057789111519119916908032",
"length": 4175.0
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/5985225e777cdb96b738aeda859dff49f6c6f853",
"signature_type": "Function",
"signature_version": "v1"
}
]
}
Android / platform/frameworks/base
Package
Ecosystem specific
{
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/74b6e62aedd9bcf081a4571706ce2856bb300edc"
],
"severity": "High",
"types": [
"EoP"
],
"spl": "2023-04-01",
"vanir_signatures": [
{
"target": {
"file": "services/core/java/com/android/server/am/ActivityManagerService.java"
},
"id": "ASB-A-237766679-8036d5d5",
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"321739464313689101190173871621246585312",
"256800668022919934400417933160505713047",
"270673493866831921931363097009780579345",
"137251914390210945334163069411398562491",
"68318016864582298944874182767418455091",
"176628759993620618274370284065506164893",
"223857493236704816819547189416167560002"
]
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/74b6e62aedd9bcf081a4571706ce2856bb300edc",
"signature_type": "Line",
"signature_version": "v1"
},
{
"target": {
"file": "services/core/java/com/android/server/am/ActivityManagerService.java",
"function": "startInstrumentation"
},
"id": "ASB-A-237766679-8545b5f9",
"deprecated": false,
"digest": {
"function_hash": "307188632679855613478063177906811698236",
"length": 4597.0
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/74b6e62aedd9bcf081a4571706ce2856bb300edc",
"signature_type": "Function",
"signature_version": "v1"
}
]
}
Android / platform/frameworks/base
Package
Ecosystem specific
{
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/0bf31e3efc914b32817bfae8a602d8d5816bf70a"
],
"severity": "High",
"types": [
"EoP"
],
"spl": "2023-04-01",
"vanir_signatures": [
{
"target": {
"file": "services/core/java/com/android/server/am/ActivityManagerService.java",
"function": "startInstrumentation"
},
"id": "ASB-A-237766679-d5e29350",
"deprecated": false,
"digest": {
"function_hash": "212383207345680878901144950132060932017",
"length": 4737.0
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/0bf31e3efc914b32817bfae8a602d8d5816bf70a",
"signature_type": "Function",
"signature_version": "v1"
},
{
"target": {
"file": "services/core/java/com/android/server/am/ActivityManagerService.java"
},
"id": "ASB-A-237766679-d96e3a4e",
"deprecated": false,
"digest": {
"threshold": 0.9,
"line_hashes": [
"321739464313689101190173871621246585312",
"221500824581219247607752389478836657194",
"118279720554820571106150299873347108622",
"40195339095343540601852591297555666659",
"68318016864582298944874182767418455091",
"176628759993620618274370284065506164893",
"223857493236704816819547189416167560002"
]
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/0bf31e3efc914b32817bfae8a602d8d5816bf70a",
"signature_type": "Line",
"signature_version": "v1"
}
]
}