ASB-A-249057848
See a problem?- Import Source
- https://storage.googleapis.com/android-osv/ASB-A-249057848.json
- JSON Data
- https://api.osv.dev/v1/vulns/ASB-A-249057848
- Aliases
-
- A-249057848
- CVE-2023-20959
- Published
- 2023-03-01T00:00:00Z
- Modified
- 2026-04-17T15:55:28.020024Z
- Summary
- [none]
- Details
-
In AddSupervisedUserActivity, guest users are not prevented from starting the activity due to missing permissions checks. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
- References
Affected packages
Android / platform/packages/apps/Settings
Package
Ecosystem specific
{
"vanir_signatures": [
{
"digest": {
"length": 307.0,
"function_hash": "152032311291223134051207966755248074620"
},
"id": "ASB-A-249057848-37f021ed",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/packages/apps/Settings/+/ee476cab1832f7aaa1b0dba429012ee7e15163b9",
"target": {
"function": "createUserAsync",
"file": "src/com/android/settings/users/AddSupervisedUserActivity.java"
}
},
{
"digest": {
"length": 372.0,
"function_hash": "125448046524385430546644897797624735976"
},
"id": "ASB-A-249057848-3e9977e7",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/packages/apps/Settings/+/ee476cab1832f7aaa1b0dba429012ee7e15163b9",
"target": {
"function": "onAddSupervisedUserClicked",
"file": "src/com/android/settings/users/UserSettings.java"
}
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"79696630694058341520977792996687278567",
"210224602416366609415369919527607943644",
"20784868880650158563581677206695775308",
"10675202281971526141278686275591364772",
"57575771666957091292195481595775483083",
"250183057479608523356918100036816802086",
"121758150281084159141184460328217905460",
"140620219488231434920834368405697736389"
]
},
"id": "ASB-A-249057848-4e6837e2",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/packages/apps/Settings/+/ee476cab1832f7aaa1b0dba429012ee7e15163b9",
"target": {
"file": "src/com/android/settings/users/UserSettings.java"
}
},
{
"digest": {
"length": 730.0,
"function_hash": "222513770788736878613687022768572034034"
},
"id": "ASB-A-249057848-8b4a5bbb",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/packages/apps/Settings/+/ee476cab1832f7aaa1b0dba429012ee7e15163b9",
"target": {
"function": "createUser",
"file": "src/com/android/settings/users/AddSupervisedUserActivity.java"
}
},
{
"digest": {
"length": 292.0,
"function_hash": "268736349178251010256568304349474934258"
},
"id": "ASB-A-249057848-b58409ba",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/packages/apps/Settings/+/ee476cab1832f7aaa1b0dba429012ee7e15163b9",
"target": {
"function": "onCreate",
"file": "src/com/android/settings/users/AddSupervisedUserActivity.java"
}
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"305873569609393846976616465235695245990",
"55138052067469463587091833971365160996",
"295501762730910254957270930728965558374",
"310447235855845337269600757385684865488",
"316929078201520097648999636004306168312",
"263336139629658685906512687479680636794",
"119253055156991849443775449131393798094",
"165024262257007326680262366270342439203",
"286728897412480087728880212970477927480",
"327360636722530481084654956531529983446",
"124831910276810722588311809849406136998",
"310761244311916668487102395423239396077",
"285136906999233034898236810202282342786",
"254087369534004667671163056790355454758",
"240886723290893535789825438021994498998",
"32020699032312066249858967478062568919",
"318937117251383544559884429704677332209",
"91635293276924158824521545354876235583",
"116309551459179584818023529644986747148",
"338935267596342727930650058580636542762",
"154394391390259868051070678380187247823",
"312276352317469461793232791149295250090",
"259854547474692127951162518493643506446",
"274227438741446204047444054290005117009",
"301987041770641061430832879529083197642",
"155437188570057364309689488068997234786",
"171415879930543071547424728043069074183",
"28070901752357985799957797377811542299",
"186301567133147952765037437363013760713",
"252971720685703378361053281434971953533",
"299619311643994885376526179099972328998",
"215984883274265393776894974127866280770",
"61717884555751813200057634374613312471",
"309439692483558489052802015358687542486",
"273078863237475930825877701501525914421",
"138204054951225578328461863910938816447",
"237126774763249863889191768320048987719",
"200240324290241502481761404164596526721",
"135149538864745751837619296334549960606",
"330075924151724677572669678234682604663",
"6466666301955282490205082652925821154",
"133955896147975316507061704885389211556",
"217523373156665695230874744526583691999",
"110151920042906070396915185523784718908",
"323309029648952384507727870040631907263",
"146616043827720205081856815355772846714",
"216411984308718542887038292562589040297",
"55122642808595003733947937090677864230",
"62639341129858120831674500399011926031",
"150908306846295010936230764330771784740",
"228913705735766828537383401754552632579",
"313578643251578201108126858367964752664",
"46405445752877418809147913126693758040",
"135088653753125215584179356624558428745",
"289582253109813654505228092403789073626",
"153639385889078851469780207637406655777",
"244125084856819352952595829882912148068"
]
},
"id": "ASB-A-249057848-e7d18a9b",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/packages/apps/Settings/+/ee476cab1832f7aaa1b0dba429012ee7e15163b9",
"target": {
"file": "src/com/android/settings/users/AddSupervisedUserActivity.java"
}
}
],
"fixes": [
"https://android.googlesource.com/platform/packages/apps/Settings/+/ee476cab1832f7aaa1b0dba429012ee7e15163b9"
],
"types": [
"EoP"
],
"spl": "2023-03-01",
"severity": "High"
}
Android / platform/packages/apps/Settings
Package
Ecosystem specific
{
"vanir_signatures": [
{
"digest": {
"length": 372.0,
"function_hash": "125448046524385430546644897797624735976"
},
"id": "ASB-A-249057848-28df6766",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/packages/apps/Settings/+/ee476cab1832f7aaa1b0dba429012ee7e15163b9",
"target": {
"function": "onAddSupervisedUserClicked",
"file": "src/com/android/settings/users/UserSettings.java"
}
},
{
"digest": {
"length": 730.0,
"function_hash": "222513770788736878613687022768572034034"
},
"id": "ASB-A-249057848-409c32b7",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/packages/apps/Settings/+/ee476cab1832f7aaa1b0dba429012ee7e15163b9",
"target": {
"function": "createUser",
"file": "src/com/android/settings/users/AddSupervisedUserActivity.java"
}
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"305873569609393846976616465235695245990",
"55138052067469463587091833971365160996",
"295501762730910254957270930728965558374",
"310447235855845337269600757385684865488",
"316929078201520097648999636004306168312",
"263336139629658685906512687479680636794",
"119253055156991849443775449131393798094",
"165024262257007326680262366270342439203",
"286728897412480087728880212970477927480",
"327360636722530481084654956531529983446",
"124831910276810722588311809849406136998",
"310761244311916668487102395423239396077",
"285136906999233034898236810202282342786",
"254087369534004667671163056790355454758",
"240886723290893535789825438021994498998",
"32020699032312066249858967478062568919",
"318937117251383544559884429704677332209",
"91635293276924158824521545354876235583",
"116309551459179584818023529644986747148",
"338935267596342727930650058580636542762",
"154394391390259868051070678380187247823",
"312276352317469461793232791149295250090",
"259854547474692127951162518493643506446",
"274227438741446204047444054290005117009",
"301987041770641061430832879529083197642",
"155437188570057364309689488068997234786",
"171415879930543071547424728043069074183",
"28070901752357985799957797377811542299",
"186301567133147952765037437363013760713",
"252971720685703378361053281434971953533",
"299619311643994885376526179099972328998",
"215984883274265393776894974127866280770",
"61717884555751813200057634374613312471",
"309439692483558489052802015358687542486",
"273078863237475930825877701501525914421",
"138204054951225578328461863910938816447",
"237126774763249863889191768320048987719",
"200240324290241502481761404164596526721",
"135149538864745751837619296334549960606",
"330075924151724677572669678234682604663",
"6466666301955282490205082652925821154",
"133955896147975316507061704885389211556",
"217523373156665695230874744526583691999",
"110151920042906070396915185523784718908",
"323309029648952384507727870040631907263",
"146616043827720205081856815355772846714",
"216411984308718542887038292562589040297",
"55122642808595003733947937090677864230",
"62639341129858120831674500399011926031",
"150908306846295010936230764330771784740",
"228913705735766828537383401754552632579",
"313578643251578201108126858367964752664",
"46405445752877418809147913126693758040",
"135088653753125215584179356624558428745",
"289582253109813654505228092403789073626",
"153639385889078851469780207637406655777",
"244125084856819352952595829882912148068"
]
},
"id": "ASB-A-249057848-4e4f292e",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/packages/apps/Settings/+/ee476cab1832f7aaa1b0dba429012ee7e15163b9",
"target": {
"file": "src/com/android/settings/users/AddSupervisedUserActivity.java"
}
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"79696630694058341520977792996687278567",
"210224602416366609415369919527607943644",
"20784868880650158563581677206695775308",
"10675202281971526141278686275591364772",
"57575771666957091292195481595775483083",
"250183057479608523356918100036816802086",
"121758150281084159141184460328217905460",
"140620219488231434920834368405697736389"
]
},
"id": "ASB-A-249057848-9096ed5b",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"source": "https://android.googlesource.com/platform/packages/apps/Settings/+/ee476cab1832f7aaa1b0dba429012ee7e15163b9",
"target": {
"file": "src/com/android/settings/users/UserSettings.java"
}
},
{
"digest": {
"length": 292.0,
"function_hash": "268736349178251010256568304349474934258"
},
"id": "ASB-A-249057848-a0f083f2",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/packages/apps/Settings/+/ee476cab1832f7aaa1b0dba429012ee7e15163b9",
"target": {
"function": "onCreate",
"file": "src/com/android/settings/users/AddSupervisedUserActivity.java"
}
},
{
"digest": {
"length": 307.0,
"function_hash": "152032311291223134051207966755248074620"
},
"id": "ASB-A-249057848-f73bf1c9",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"source": "https://android.googlesource.com/platform/packages/apps/Settings/+/ee476cab1832f7aaa1b0dba429012ee7e15163b9",
"target": {
"function": "createUserAsync",
"file": "src/com/android/settings/users/AddSupervisedUserActivity.java"
}
}
],
"fixes": [
"https://android.googlesource.com/platform/packages/apps/Settings/+/ee476cab1832f7aaa1b0dba429012ee7e15163b9"
],
"types": [
"EoP"
],
"spl": "2023-03-01",
"severity": "High"
}