ASB-A-254736794
See a problem?- Import Source
- https://storage.googleapis.com/android-osv/ASB-A-254736794.json
- JSON Data
- https://api.osv.dev/v1/vulns/ASB-A-254736794
- Aliases
-
- A-254736794
- CVE-2023-21254
- Published
- 2023-07-01T00:00:00Z
- Modified
- 2026-04-27T15:40:08.012512Z
- Summary
- [none]
- Details
-
In getCurrentState of OneTimePermissionUserManager.java, there is a possible way to hold one-time permissions after the app is being killed due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
- References
Affected packages
Android / platform/frameworks/base
Package
Ecosystem specific
{
"vanir_signatures": [
{
"deprecated": false,
"digest": {
"length": 230.0,
"function_hash": "286731377711939635674905074908431232409"
},
"signature_type": "Function",
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/base/+/a5c6abbdf084fddc7d511faed911e97ff80bf3a7",
"id": "ASB-A-254736794-150db067",
"target": {
"function": "getCurrentState",
"file": "services/core/java/com/android/server/pm/permission/OneTimePermissionUserManager.java"
}
},
{
"deprecated": false,
"digest": {
"line_hashes": [
"2012088019728896796373346529697119661",
"95794887678244685017967769009345707309",
"269473325157219616924923563745773375448",
"154820972000404752573118643516014957341",
"169098446295692466798229884776274637005",
"67219821689456268388489880111183157946",
"81611614958380172139615727478591205864",
"225201598122517943733666693027874673645",
"237205250153135466490122010482236680762",
"258373914556850159813516484305773392827",
"125910280071661462423652500860628301922",
"113538152592414822415748897100386305573",
"233144689361163071165913764396211623748",
"272268049520737346018390666615642509419",
"327200272399841684421769554567479185010",
"197512901002234036421909392540332515687",
"48230772581453563322002997973370902025",
"231488850382554498332132733718306136571",
"105095112724300480145608650652271240823",
"238399159099680063683957948576794709363",
"151419067622790176455733014614730665027",
"301034873234891899052665121603635606246",
"250514607572004205542612161216221479765",
"247503341480896072712975524814651163330"
],
"threshold": 0.9
},
"signature_type": "Line",
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/base/+/a5c6abbdf084fddc7d511faed911e97ff80bf3a7",
"id": "ASB-A-254736794-185febc0",
"target": {
"file": "services/core/java/com/android/server/pm/permission/OneTimePermissionUserManager.java"
}
},
{
"deprecated": false,
"digest": {
"length": 290.0,
"function_hash": "66636180706436326696362511061246090529"
},
"signature_type": "Function",
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/base/+/a5c6abbdf084fddc7d511faed911e97ff80bf3a7",
"id": "ASB-A-254736794-b35f72e7",
"target": {
"function": "OneTimePermissionUserManager",
"file": "services/core/java/com/android/server/pm/permission/OneTimePermissionUserManager.java"
}
}
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/a5c6abbdf084fddc7d511faed911e97ff80bf3a7"
],
"spl": "2023-07-01",
"severity": "High",
"types": [
"EoP"
]
}
Android / platform/frameworks/base
Package
Ecosystem specific
{
"vanir_signatures": [
{
"deprecated": false,
"digest": {
"line_hashes": [
"2012088019728896796373346529697119661",
"95794887678244685017967769009345707309",
"269473325157219616924923563745773375448",
"154820972000404752573118643516014957341",
"104213317420452091492353394712202028201",
"115008296082753412527057053867333611588",
"327946308160344602239660896448104314510",
"225201598122517943733666693027874673645",
"237205250153135466490122010482236680762",
"258373914556850159813516484305773392827",
"125910280071661462423652500860628301922",
"113538152592414822415748897100386305573",
"233144689361163071165913764396211623748",
"39614901207402222558656648053840086968",
"69252160723633962585538215955562754152",
"197512901002234036421909392540332515687",
"48230772581453563322002997973370902025",
"231488850382554498332132733718306136571",
"105095112724300480145608650652271240823",
"238399159099680063683957948576794709363",
"151419067622790176455733014614730665027",
"301034873234891899052665121603635606246",
"250514607572004205542612161216221479765",
"247503341480896072712975524814651163330"
],
"threshold": 0.9
},
"signature_type": "Line",
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/base/+/e836611f3057cf9eae589a34a39fe80d0a9145f3",
"id": "ASB-A-254736794-098c99e5",
"target": {
"file": "services/core/java/com/android/server/pm/permission/OneTimePermissionUserManager.java"
}
},
{
"deprecated": false,
"digest": {
"length": 230.0,
"function_hash": "286731377711939635674905074908431232409"
},
"signature_type": "Function",
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/base/+/e836611f3057cf9eae589a34a39fe80d0a9145f3",
"id": "ASB-A-254736794-5294ec01",
"target": {
"function": "getCurrentState",
"file": "services/core/java/com/android/server/pm/permission/OneTimePermissionUserManager.java"
}
},
{
"deprecated": false,
"digest": {
"length": 265.0,
"function_hash": "189535468120640384763674111584510550352"
},
"signature_type": "Function",
"signature_version": "v1",
"source": "https://android.googlesource.com/platform/frameworks/base/+/e836611f3057cf9eae589a34a39fe80d0a9145f3",
"id": "ASB-A-254736794-7993dbd8",
"target": {
"function": "OneTimePermissionUserManager",
"file": "services/core/java/com/android/server/pm/permission/OneTimePermissionUserManager.java"
}
}
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/e836611f3057cf9eae589a34a39fe80d0a9145f3"
],
"spl": "2023-07-01",
"severity": "High",
"types": [
"EoP"
]
}