ASB-A-253043490

See a problem?
Import Source
https://storage.googleapis.com/android-osv/ASB-A-253043490.json
JSON Data
https://api.osv.dev/v1/vulns/ASB-A-253043490
Aliases
Published
2023-08-01T00:00:00Z
Modified
2026-04-03T15:37:31.002635Z
Summary
[none]
Details

In onCreate of ManagePermissionsActivity.java, there is a possible way to bypass factory reset protections due to a missing permission check. This could lead to local escalation of privilege with physical access to a device that's been factory reset with no additional execution privileges needed. User interaction is not needed for exploitation.

References

Affected packages

Android
platform/packages/modules/Permission

Package

Name
platform/packages/modules/Permission

Affected ranges

Type
ECOSYSTEM
Events
Introduced
13-next:0
Fixed
13-next:2023-08-01

Affected versions

Other
13-next

Ecosystem specific 

{
    "fixes": [
        "https://android.googlesource.com/platform/packages/modules/Permission/+/df252474fd06e6c32bdfc139cc4ae6652ff634b8"
    ],
    "spl": "2023-08-01",
    "severity": "High",
    "types": [
        "EoP"
    ],
    "vanir_signatures": [
        {
            "deprecated": false,
            "signature_type": "Function",
            "signature_version": "v1",
            "digest": {
                "function_hash": "19550475777279499778566048034414586681",
                "length": 9798.0
            },
            "source": "https://android.googlesource.com/platform/packages/modules/Permission/+/df252474fd06e6c32bdfc139cc4ae6652ff634b8",
            "id": "ASB-A-253043490-74ba7f93",
            "target": {
                "file": "PermissionController/src/com/android/permissioncontroller/permission/ui/ManagePermissionsActivity.java",
                "function": "onCreate"
            }
        },
        {
            "deprecated": false,
            "signature_type": "Line",
            "signature_version": "v1",
            "digest": {
                "line_hashes": [
                    "248349732906043956064980509565774782156",
                    "283656740424355907390535518213267350112",
                    "143758378226874456382843457310206284939",
                    "68253136204695582412165319054757246568",
                    "122172952947234953401504464214546525630",
                    "195303676814766850257551404529581926429",
                    "318667993667043690101703295441056620895"
                ],
                "threshold": 0.9
            },
            "source": "https://android.googlesource.com/platform/packages/modules/Permission/+/df252474fd06e6c32bdfc139cc4ae6652ff634b8",
            "id": "ASB-A-253043490-a8347857",
            "target": {
                "file": "PermissionController/src/com/android/permissioncontroller/permission/ui/ManagePermissionsActivity.java"
            }
        }
    ]
}

Database specific

source 
"https://storage.googleapis.com/android-osv/ASB-A-253043490.json"
platform/packages/modules/Permission

Package

Name
platform/packages/modules/Permission

Affected ranges

Type
ECOSYSTEM
Events
Introduced
12:0
Fixed
12:2023-08-01

Affected versions

Other
12

Ecosystem specific 

{
    "fixes": [
        "https://android.googlesource.com/platform/packages/modules/Permission/+/5e297ab51388db5375093f7dc21d37bd59de827c"
    ],
    "spl": "2023-08-01",
    "severity": "High",
    "types": [
        "EoP"
    ],
    "vanir_signatures": [
        {
            "deprecated": false,
            "signature_type": "Function",
            "signature_version": "v1",
            "digest": {
                "function_hash": "158329375275023421078547036698727559324",
                "length": 7160.0
            },
            "source": "https://android.googlesource.com/platform/packages/modules/Permission/+/5e297ab51388db5375093f7dc21d37bd59de827c",
            "id": "ASB-A-253043490-1233a94f",
            "target": {
                "file": "PermissionController/src/com/android/permissioncontroller/permission/ui/ManagePermissionsActivity.java",
                "function": "onCreate"
            }
        },
        {
            "deprecated": false,
            "signature_type": "Line",
            "signature_version": "v1",
            "digest": {
                "line_hashes": [
                    "102272497511510792636288077474635019966",
                    "73830320043416912536756213596268634802",
                    "334814977310204735028133236293272434200",
                    "214950123086942979686128144202008858930",
                    "122172952947234953401504464214546525630",
                    "195303676814766850257551404529581926429",
                    "318667993667043690101703295441056620895"
                ],
                "threshold": 0.9
            },
            "source": "https://android.googlesource.com/platform/packages/modules/Permission/+/5e297ab51388db5375093f7dc21d37bd59de827c",
            "id": "ASB-A-253043490-ebfa433f",
            "target": {
                "file": "PermissionController/src/com/android/permissioncontroller/permission/ui/ManagePermissionsActivity.java"
            }
        }
    ]
}

Database specific

source 
"https://storage.googleapis.com/android-osv/ASB-A-253043490.json"
platform/packages/modules/Permission

Package

Name
platform/packages/modules/Permission

Affected ranges

Type
ECOSYSTEM
Events
Introduced
12L:0
Fixed
12L:2023-08-01

Affected versions

Other
12L

Ecosystem specific 

{
    "fixes": [
        "https://android.googlesource.com/platform/packages/modules/Permission/+/8ba7136f816cd1b0182dc4c3a5cd70d023cad48e"
    ],
    "spl": "2023-08-01",
    "severity": "High",
    "types": [
        "EoP"
    ],
    "vanir_signatures": [
        {
            "deprecated": false,
            "signature_type": "Function",
            "signature_version": "v1",
            "digest": {
                "function_hash": "34104573745813964544688129800069138067",
                "length": 7185.0
            },
            "source": "https://android.googlesource.com/platform/packages/modules/Permission/+/8ba7136f816cd1b0182dc4c3a5cd70d023cad48e",
            "id": "ASB-A-253043490-86970ca0",
            "target": {
                "file": "PermissionController/src/com/android/permissioncontroller/permission/ui/ManagePermissionsActivity.java",
                "function": "onCreate"
            }
        },
        {
            "deprecated": false,
            "signature_type": "Line",
            "signature_version": "v1",
            "digest": {
                "line_hashes": [
                    "102272497511510792636288077474635019966",
                    "73830320043416912536756213596268634802",
                    "334814977310204735028133236293272434200",
                    "214950123086942979686128144202008858930",
                    "122172952947234953401504464214546525630",
                    "195303676814766850257551404529581926429",
                    "318667993667043690101703295441056620895"
                ],
                "threshold": 0.9
            },
            "source": "https://android.googlesource.com/platform/packages/modules/Permission/+/8ba7136f816cd1b0182dc4c3a5cd70d023cad48e",
            "id": "ASB-A-253043490-b1cc1558",
            "target": {
                "file": "PermissionController/src/com/android/permissioncontroller/permission/ui/ManagePermissionsActivity.java"
            }
        }
    ]
}

Database specific

source 
"https://storage.googleapis.com/android-osv/ASB-A-253043490.json"
platform/packages/modules/Permission

Package

Name
platform/packages/modules/Permission

Affected ranges

Type
ECOSYSTEM
Events
Introduced
13:0
Fixed
13:2023-08-01

Affected versions

Other
13

Ecosystem specific 

{
    "fixes": [
        "https://android.googlesource.com/platform/packages/modules/Permission/+/8a6f1f59d6cb5367f0c88980a75ddc227dba956a"
    ],
    "spl": "2023-08-01",
    "severity": "High",
    "types": [
        "EoP"
    ],
    "vanir_signatures": [
        {
            "deprecated": false,
            "signature_type": "Line",
            "signature_version": "v1",
            "digest": {
                "line_hashes": [
                    "248349732906043956064980509565774782156",
                    "188298556496395972709875190714230932667",
                    "232483192585281304532110593037372097532",
                    "31072592749161546704343042741305513274",
                    "122172952947234953401504464214546525630",
                    "195303676814766850257551404529581926429",
                    "318667993667043690101703295441056620895"
                ],
                "threshold": 0.9
            },
            "source": "https://android.googlesource.com/platform/packages/modules/Permission/+/8a6f1f59d6cb5367f0c88980a75ddc227dba956a",
            "id": "ASB-A-253043490-ac2b2350",
            "target": {
                "file": "PermissionController/src/com/android/permissioncontroller/permission/ui/ManagePermissionsActivity.java"
            }
        },
        {
            "deprecated": false,
            "signature_type": "Function",
            "signature_version": "v1",
            "digest": {
                "function_hash": "42122007481256104765885868242226930324",
                "length": 8670.0
            },
            "source": "https://android.googlesource.com/platform/packages/modules/Permission/+/8a6f1f59d6cb5367f0c88980a75ddc227dba956a",
            "id": "ASB-A-253043490-c9bb99ef",
            "target": {
                "file": "PermissionController/src/com/android/permissioncontroller/permission/ui/ManagePermissionsActivity.java",
                "function": "onCreate"
            }
        }
    ]
}

Database specific

source 
"https://storage.googleapis.com/android-osv/ASB-A-253043490.json"