ASB-A-253043058

See a problem?
Import Source
https://storage.googleapis.com/android-osv/ASB-A-253043058.json
JSON Data
https://api.osv.dev/v1/vulns/ASB-A-253043058
Aliases
  • A-253043058
  • CVE-2023-20926
Published
2023-03-01T00:00:00Z
Modified
2025-10-24T15:26:23.750784Z
Summary
[none]
Details

In onParentVisible of HeaderPrivacyIconsController.kt, there is a possible way to bypass factory reset protections due to a missing permission check. This could lead to local escalation of privilege with physical access to a device that's been factory reset with no additional execution privileges needed. User interaction is not needed for exploitation.

References

Affected packages

Android / platform/frameworks/base

Package

Name
platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
13-next:0
Fixed
13-next:2023-03-01

Affected versions

Other

13-next

Ecosystem specific 

{
    "spl": "2023-03-01",
    "severity": "High",
    "types": [
        "EoP"
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/ea4a8ec146f2d916af8a3f6e605690ad2b189755"
    ]
}

Android / platform/frameworks/base

Package

Name
platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
12:0
Fixed
12:2023-03-01

Affected versions

Other

12

Ecosystem specific 

{
    "types": [
        "EoP"
    ],
    "spl": "2023-03-01",
    "severity": "High",
    "vanir_signatures": [
        {
            "source": "https://android.googlesource.com/platform/frameworks/base/+/daf67271ee002312fce075ed90045bf49fc19343",
            "target": {
                "function": "onViewAttached",
                "file": "packages/SystemUI/src/com/android/systemui/qs/QuickStatusBarHeaderController.java"
            },
            "id": "ASB-A-253043058-005d83ef",
            "deprecated": false,
            "signature_version": "v1",
            "signature_type": "Function",
            "digest": {
                "function_hash": "182134228654380238200265801837275660804",
                "length": 1145.0
            }
        },
        {
            "source": "https://android.googlesource.com/platform/frameworks/base/+/daf67271ee002312fce075ed90045bf49fc19343",
            "target": {
                "function": "onClick",
                "file": "packages/SystemUI/src/com/android/systemui/qs/QuickStatusBarHeaderController.java"
            },
            "id": "ASB-A-253043058-55d267a3",
            "deprecated": false,
            "signature_version": "v1",
            "signature_type": "Function",
            "digest": {
                "function_hash": "91236399034154880095485467413957159516",
                "length": 203.0
            }
        },
        {
            "source": "https://android.googlesource.com/platform/frameworks/base/+/daf67271ee002312fce075ed90045bf49fc19343",
            "target": {
                "function": "onViewDetached",
                "file": "packages/SystemUI/src/com/android/systemui/qs/QuickStatusBarHeaderController.java"
            },
            "id": "ASB-A-253043058-83d07e00",
            "deprecated": false,
            "signature_version": "v1",
            "signature_type": "Function",
            "digest": {
                "function_hash": "368927216835442927117627494009382231",
                "length": 294.0
            }
        },
        {
            "source": "https://android.googlesource.com/platform/frameworks/base/+/daf67271ee002312fce075ed90045bf49fc19343",
            "target": {
                "function": "QuickStatusBarHeaderController",
                "file": "packages/SystemUI/src/com/android/systemui/qs/QuickStatusBarHeaderController.java"
            },
            "id": "ASB-A-253043058-86cf8ac0",
            "deprecated": false,
            "signature_version": "v1",
            "signature_type": "Function",
            "digest": {
                "function_hash": "51597536627319254713705806297664493381",
                "length": 1479.0
            }
        },
        {
            "source": "https://android.googlesource.com/platform/frameworks/base/+/daf67271ee002312fce075ed90045bf49fc19343",
            "target": {
                "file": "packages/SystemUI/src/com/android/systemui/qs/QuickStatusBarHeaderController.java"
            },
            "id": "ASB-A-253043058-a501737c",
            "deprecated": false,
            "signature_version": "v1",
            "signature_type": "Line",
            "digest": {
                "line_hashes": [
                    "196181244649531076012080953363762113597",
                    "75829393135523775569988246208824172530",
                    "120530325272347949803821802255716713580",
                    "301939091149968521662745740956408905973",
                    "72126404402679397466589718159856450117",
                    "301750889404680231293231109692932858906",
                    "296637153429652387779180202727209164542",
                    "231528509909902996724000094841511477979",
                    "23801158908234210254718154071829158133",
                    "311978980089726173737826441834317334540",
                    "162910203180083737102864468485972720096",
                    "165030282364816917325791677139558294305",
                    "205932476989848647843888882529840678620",
                    "116081812255203009608658530735777271372",
                    "171719054761240371998179068480302936262",
                    "221582866885598575091226121944129338015",
                    "149025608291877980400046697876328566403",
                    "324397049119450825115410379859979557199",
                    "63865226036195281911157439035313452999",
                    "130554256036830514129756447212805973576",
                    "308614747281971961502691176339914559055",
                    "70165082219256390302935122116494341303",
                    "196555426692990930275501756001580768981",
                    "216478248828167145775803919205002182464",
                    "274244535397341161963402092859986445220",
                    "296258908905529165761732249683689510687",
                    "102660501174861811799545124829977516504",
                    "316490848381225122721807328774638647961",
                    "265109944217446559103259490015551679451",
                    "115372396774418327582334455433671957625",
                    "195694062444042664216242618251612036200",
                    "254569953977302101771373710744154995752",
                    "72794338624177540243263003502312571601",
                    "152500517706996910376089296973159926813",
                    "281035021311436000557711518374769362663"
                ],
                "threshold": 0.9
            }
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/daf67271ee002312fce075ed90045bf49fc19343"
    ]
}

Android / platform/frameworks/base

Package

Name
platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
12L:0
Fixed
12L:2023-03-01

Affected versions

Other

12L

Ecosystem specific 

{
    "spl": "2023-03-01",
    "severity": "High",
    "types": [
        "EoP"
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/d5038c7253e80f7e60e9b63701a8ced050a35a8c"
    ]
}

Android / platform/frameworks/base

Package

Name
platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
13:0
Fixed
13:2023-03-01

Affected versions

Other

13

Ecosystem specific 

{
    "spl": "2023-03-01",
    "severity": "High",
    "types": [
        "EoP"
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/ea4a8ec146f2d916af8a3f6e605690ad2b189755"
    ]
}