ASB-A-243378132
See a problem?- Import Source
- https://storage.googleapis.com/android-osv/ASB-A-243378132.json
- JSON Data
- https://api.osv.dev/v1/vulns/ASB-A-243378132
- Aliases
-
- A-243378132
- CVE-2023-20921
- Published
- 2023-01-01T00:00:00Z
- Modified
- 2026-04-29T15:10:00.007170Z
- Summary
- [none]
- Details
-
In onPackageRemoved of AccessibilityManagerService.java, there is a possibility to automatically grant accessibility services due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
- References
Affected packages
Android
platform/frameworks/base
Package
- Name
- platform/frameworks/base
Ecosystem specific
{
"spl": "2023-01-01",
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/37966299859153377e61a6a97b036388d231c2d0"
],
"types": [
"EoP"
],
"vanir_signatures": [
{
"signature_type": "Line",
"signature_version": "v1",
"deprecated": false,
"digest": {
"line_hashes": [
"236631357762625178675023541390441752221",
"10595195653811829102514404699409020643",
"118646039670723451812982949215475581031",
"308106080403074465601407965368341122746",
"257531265060042935403164492950648892981",
"29846843808137443483246000717080862150",
"166691140886119245516343242551824859128",
"301596378629914302364551311646528725673",
"143018679850793703375987037922897840918",
"291707394074430904116119120004350413287",
"122714709178344749347158447730012232573",
"304452781087085710561676062515564431274",
"26484132709224229574958746359851073956",
"207719386867169009892832194776872560967",
"186460278978359319341555873407909587196",
"318161903193323979827882538396094327559",
"335742583378191237584529136782329445411",
"182076733878820234577063963982364458997",
"188634755782281652840004754257306185162",
"293949540968280903538352693917672011553",
"108587633537507210242609878158511307392",
"295747577431459138783214723720080232905"
],
"threshold": 0.9
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/37966299859153377e61a6a97b036388d231c2d0",
"target": {
"file": "services/accessibility/java/com/android/server/accessibility/AccessibilityManagerService.java"
},
"id": "ASB-A-243378132-31cc3c7c"
},
{
"signature_type": "Function",
"signature_version": "v1",
"deprecated": false,
"digest": {
"length": 749.0,
"function_hash": "41468928610322268501338051732645977169"
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/37966299859153377e61a6a97b036388d231c2d0",
"target": {
"function": "onPackageRemoved",
"file": "services/accessibility/java/com/android/server/accessibility/AccessibilityManagerService.java"
},
"id": "ASB-A-243378132-c0ae94d4"
},
{
"signature_type": "Function",
"signature_version": "v1",
"deprecated": false,
"digest": {
"length": 4324.0,
"function_hash": "330331932412139811646432065080055047"
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/37966299859153377e61a6a97b036388d231c2d0",
"target": {
"function": "registerBroadcastReceivers",
"file": "services/accessibility/java/com/android/server/accessibility/AccessibilityManagerService.java"
},
"id": "ASB-A-243378132-d687118d"
}
],
"severity": "High"
}platform/frameworks/base
Package
- Name
- platform/frameworks/base
Ecosystem specific
{
"spl": "2023-01-01",
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/e1f343acdeeddd9a08c9f6c832faf788ce101763"
],
"types": [
"EoP"
],
"vanir_signatures": [
{
"signature_type": "Function",
"signature_version": "v1",
"deprecated": false,
"digest": {
"length": 917.0,
"function_hash": "122592281931139715014269638805728949640"
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/e1f343acdeeddd9a08c9f6c832faf788ce101763",
"target": {
"function": "onPackageRemoved",
"file": "services/accessibility/java/com/android/server/accessibility/AccessibilityManagerService.java"
},
"id": "ASB-A-243378132-5a689cbf"
},
{
"signature_type": "Function",
"signature_version": "v1",
"deprecated": false,
"digest": {
"length": 5358.0,
"function_hash": "213937848733813786983288430467818877027"
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/e1f343acdeeddd9a08c9f6c832faf788ce101763",
"target": {
"function": "registerBroadcastReceivers",
"file": "services/accessibility/java/com/android/server/accessibility/AccessibilityManagerService.java"
},
"id": "ASB-A-243378132-cca3e3a2"
},
{
"signature_type": "Line",
"signature_version": "v1",
"deprecated": false,
"digest": {
"line_hashes": [
"120544117324700545087338990654297186575",
"298300173742793367670243473200708659368",
"75028889963202810443403858792404514626",
"1814652559885654915609354500658874335",
"18432821694174943006265164083414281214",
"293554040932675007454802700746005267112",
"22732033932196370463803681708292818366",
"225326834748319365348113367094016570252",
"297015841027970518372091856753329288334",
"122714709178344749347158447730012232573",
"304452781087085710561676062515564431274",
"26484132709224229574958746359851073956",
"207719386867169009892832194776872560967",
"186460278978359319341555873407909587196",
"318161903193323979827882538396094327559",
"335742583378191237584529136782329445411",
"182076733878820234577063963982364458997",
"188634755782281652840004754257306185162",
"293949540968280903538352693917672011553",
"108587633537507210242609878158511307392",
"295747577431459138783214723720080232905"
],
"threshold": 0.9
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/e1f343acdeeddd9a08c9f6c832faf788ce101763",
"target": {
"file": "services/accessibility/java/com/android/server/accessibility/AccessibilityManagerService.java"
},
"id": "ASB-A-243378132-d6839dd7"
}
],
"severity": "High"
}platform/frameworks/base
Package
- Name
- platform/frameworks/base
Ecosystem specific
{
"spl": "2023-01-01",
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/e1f343acdeeddd9a08c9f6c832faf788ce101763"
],
"types": [
"EoP"
],
"vanir_signatures": [
{
"signature_type": "Line",
"signature_version": "v1",
"deprecated": false,
"digest": {
"line_hashes": [
"120544117324700545087338990654297186575",
"298300173742793367670243473200708659368",
"75028889963202810443403858792404514626",
"1814652559885654915609354500658874335",
"18432821694174943006265164083414281214",
"293554040932675007454802700746005267112",
"22732033932196370463803681708292818366",
"225326834748319365348113367094016570252",
"297015841027970518372091856753329288334",
"122714709178344749347158447730012232573",
"304452781087085710561676062515564431274",
"26484132709224229574958746359851073956",
"207719386867169009892832194776872560967",
"186460278978359319341555873407909587196",
"318161903193323979827882538396094327559",
"335742583378191237584529136782329445411",
"182076733878820234577063963982364458997",
"188634755782281652840004754257306185162",
"293949540968280903538352693917672011553",
"108587633537507210242609878158511307392",
"295747577431459138783214723720080232905"
],
"threshold": 0.9
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/e1f343acdeeddd9a08c9f6c832faf788ce101763",
"target": {
"file": "services/accessibility/java/com/android/server/accessibility/AccessibilityManagerService.java"
},
"id": "ASB-A-243378132-2c99561c"
},
{
"signature_type": "Function",
"signature_version": "v1",
"deprecated": false,
"digest": {
"length": 5358.0,
"function_hash": "213937848733813786983288430467818877027"
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/e1f343acdeeddd9a08c9f6c832faf788ce101763",
"target": {
"function": "registerBroadcastReceivers",
"file": "services/accessibility/java/com/android/server/accessibility/AccessibilityManagerService.java"
},
"id": "ASB-A-243378132-c30fe324"
},
{
"signature_type": "Function",
"signature_version": "v1",
"deprecated": false,
"digest": {
"length": 917.0,
"function_hash": "122592281931139715014269638805728949640"
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/e1f343acdeeddd9a08c9f6c832faf788ce101763",
"target": {
"function": "onPackageRemoved",
"file": "services/accessibility/java/com/android/server/accessibility/AccessibilityManagerService.java"
},
"id": "ASB-A-243378132-ec319c69"
}
],
"severity": "High"
}platform/frameworks/base
Package
- Name
- platform/frameworks/base
Ecosystem specific
{
"spl": "2023-01-01",
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/e1f343acdeeddd9a08c9f6c832faf788ce101763"
],
"types": [
"EoP"
],
"vanir_signatures": [
{
"signature_type": "Function",
"signature_version": "v1",
"deprecated": false,
"digest": {
"length": 5358.0,
"function_hash": "213937848733813786983288430467818877027"
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/e1f343acdeeddd9a08c9f6c832faf788ce101763",
"target": {
"function": "registerBroadcastReceivers",
"file": "services/accessibility/java/com/android/server/accessibility/AccessibilityManagerService.java"
},
"id": "ASB-A-243378132-0ae27b2c"
},
{
"signature_type": "Function",
"signature_version": "v1",
"deprecated": false,
"digest": {
"length": 917.0,
"function_hash": "122592281931139715014269638805728949640"
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/e1f343acdeeddd9a08c9f6c832faf788ce101763",
"target": {
"function": "onPackageRemoved",
"file": "services/accessibility/java/com/android/server/accessibility/AccessibilityManagerService.java"
},
"id": "ASB-A-243378132-e5a9802f"
},
{
"signature_type": "Line",
"signature_version": "v1",
"deprecated": false,
"digest": {
"line_hashes": [
"120544117324700545087338990654297186575",
"298300173742793367670243473200708659368",
"75028889963202810443403858792404514626",
"1814652559885654915609354500658874335",
"18432821694174943006265164083414281214",
"293554040932675007454802700746005267112",
"22732033932196370463803681708292818366",
"225326834748319365348113367094016570252",
"297015841027970518372091856753329288334",
"122714709178344749347158447730012232573",
"304452781087085710561676062515564431274",
"26484132709224229574958746359851073956",
"207719386867169009892832194776872560967",
"186460278978359319341555873407909587196",
"318161903193323979827882538396094327559",
"335742583378191237584529136782329445411",
"182076733878820234577063963982364458997",
"188634755782281652840004754257306185162",
"293949540968280903538352693917672011553",
"108587633537507210242609878158511307392",
"295747577431459138783214723720080232905"
],
"threshold": 0.9
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/e1f343acdeeddd9a08c9f6c832faf788ce101763",
"target": {
"file": "services/accessibility/java/com/android/server/accessibility/AccessibilityManagerService.java"
},
"id": "ASB-A-243378132-e79bcdfb"
}
],
"severity": "High"
}platform/frameworks/base
Package
- Name
- platform/frameworks/base
Ecosystem specific
{
"spl": "2023-01-01",
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/e1f343acdeeddd9a08c9f6c832faf788ce101763"
],
"types": [
"EoP"
],
"vanir_signatures": [
{
"signature_type": "Line",
"signature_version": "v1",
"deprecated": false,
"digest": {
"line_hashes": [
"120544117324700545087338990654297186575",
"298300173742793367670243473200708659368",
"75028889963202810443403858792404514626",
"1814652559885654915609354500658874335",
"18432821694174943006265164083414281214",
"293554040932675007454802700746005267112",
"22732033932196370463803681708292818366",
"225326834748319365348113367094016570252",
"297015841027970518372091856753329288334",
"122714709178344749347158447730012232573",
"304452781087085710561676062515564431274",
"26484132709224229574958746359851073956",
"207719386867169009892832194776872560967",
"186460278978359319341555873407909587196",
"318161903193323979827882538396094327559",
"335742583378191237584529136782329445411",
"182076733878820234577063963982364458997",
"188634755782281652840004754257306185162",
"293949540968280903538352693917672011553",
"108587633537507210242609878158511307392",
"295747577431459138783214723720080232905"
],
"threshold": 0.9
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/e1f343acdeeddd9a08c9f6c832faf788ce101763",
"target": {
"file": "services/accessibility/java/com/android/server/accessibility/AccessibilityManagerService.java"
},
"id": "ASB-A-243378132-06c4a3e8"
},
{
"signature_type": "Function",
"signature_version": "v1",
"deprecated": false,
"digest": {
"length": 5358.0,
"function_hash": "213937848733813786983288430467818877027"
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/e1f343acdeeddd9a08c9f6c832faf788ce101763",
"target": {
"function": "registerBroadcastReceivers",
"file": "services/accessibility/java/com/android/server/accessibility/AccessibilityManagerService.java"
},
"id": "ASB-A-243378132-ebe202a0"
},
{
"signature_type": "Function",
"signature_version": "v1",
"deprecated": false,
"digest": {
"length": 917.0,
"function_hash": "122592281931139715014269638805728949640"
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/e1f343acdeeddd9a08c9f6c832faf788ce101763",
"target": {
"function": "onPackageRemoved",
"file": "services/accessibility/java/com/android/server/accessibility/AccessibilityManagerService.java"
},
"id": "ASB-A-243378132-ec23a969"
}
],
"severity": "High"
}