ASB-A-256202273
See a problem?- Import Source
- https://storage.googleapis.com/android-osv/ASB-A-256202273.json
- JSON Data
- https://api.osv.dev/v1/vulns/ASB-A-256202273
- Aliases
-
- A-256202273
- CVE-2023-21116
- Published
- 2023-05-01T00:00:00Z
- Modified
- 2026-04-30T15:48:46.890647Z
- Summary
- [none]
- Details
-
In verifyReplacingVersionCode of InstallPackageHelper.java, there is a possible way to downgrade system apps below system image version due to a logic error in the code. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
- References
Affected packages
Android
platform/frameworks/base
Package
- Name
- platform/frameworks/base
Ecosystem specific
{
"severity": "Moderate",
"spl": "2023-05-01",
"vanir_signatures": [
{
"signature_type": "Function",
"digest": {
"length": 1452.0,
"function_hash": "237048816979219317842714686710299000619"
},
"id": "ASB-A-256202273-689b7777",
"signature_version": "v1",
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/a4484d7f1be1fa413258fe18644d61f85611f586",
"target": {
"file": "services/core/java/com/android/server/pm/InstallPackageHelper.java",
"function": "verifyReplacingVersionCode"
}
},
{
"signature_type": "Function",
"digest": {
"length": 1956.0,
"function_hash": "275082727597709184000753424244299309763"
},
"id": "ASB-A-256202273-6cc4f59f",
"signature_version": "v1",
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/ceeca68b8c3f0ed8427b0212f63defe2f075146e",
"target": {
"file": "services/core/java/com/android/server/pm/InstallPackageHelper.java",
"function": "verifyReplacingVersionCode"
}
},
{
"signature_type": "Line",
"digest": {
"line_hashes": [
"63605175448109501863603615311893262621",
"173546225366185263187613276852006820736",
"326190137785252094978958267753154377116",
"121636430540856708905499819382202482171",
"12470100640675359785548563315199428325",
"136411639950493568324331406542339470391",
"52084349353168562900965281274036000023",
"192309566731849079405040014069155480488",
"240044076485628183343597920015476546646",
"15846213334126375409777482138026109401",
"319783504689076465904149502568402839711",
"12970867237909160669962964194154689035"
],
"threshold": 0.9
},
"id": "ASB-A-256202273-d4508c35",
"signature_version": "v1",
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/ceeca68b8c3f0ed8427b0212f63defe2f075146e",
"target": {
"file": "services/core/java/com/android/server/pm/InstallPackageHelper.java"
}
},
{
"signature_type": "Line",
"digest": {
"line_hashes": [
"252983177159641901497723896441268108671",
"289387077589455534524918148746428779006",
"166768919924717948816029414026291778836",
"118651231370392224840236119108995357589",
"329066948714175627806594661537085099266",
"145223966657233973943848442135262436020",
"152484718102809675440709313061526254350",
"230304300726357595687715847273695966229",
"320009394454379053579531924820497384068",
"43546057785041335342916011230490229185",
"9246424559103928267710257347131600408",
"19143163316148291948041402688674573657",
"15846213334126375409777482138026109401",
"319783504689076465904149502568402839711",
"12970867237909160669962964194154689035",
"108587633537507210242609878158511307392"
],
"threshold": 0.9
},
"id": "ASB-A-256202273-f49fe111",
"signature_version": "v1",
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/a4484d7f1be1fa413258fe18644d61f85611f586",
"target": {
"file": "services/core/java/com/android/server/pm/InstallPackageHelper.java"
}
}
],
"types": [
"EoP"
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/a4484d7f1be1fa413258fe18644d61f85611f586",
"https://android.googlesource.com/platform/frameworks/base/+/ceeca68b8c3f0ed8427b0212f63defe2f075146e"
]
}platform/frameworks/base
Package
- Name
- platform/frameworks/base
Ecosystem specific
{
"severity": "Moderate",
"spl": "2023-05-01",
"vanir_signatures": [
{
"signature_type": "Function",
"digest": {
"length": 2261.0,
"function_hash": "151921374874206919726116965175953254668"
},
"id": "ASB-A-256202273-29b9f5a6",
"signature_version": "v1",
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/341669af524058dd4c64a176ddc54ada589591e1",
"target": {
"file": "services/core/java/com/android/server/pm/PackageManagerService.java",
"function": "installLocationPolicy"
}
},
{
"signature_type": "Line",
"digest": {
"line_hashes": [
"222045767716832383749242769202942973343",
"172263085076743103645302221398148206822",
"18446807281274191545814384627051110285",
"112297621029225928974437681997739513542",
"331518267978878963206822687149281344246",
"250787900086695259348937561781946441234",
"160051001919916929319362551830565128885",
"197310569562891636888240421344010323645",
"51496819919166146182184529611958472721",
"271137473222270698938701965978340802630",
"255775851074356921542275084611197677254",
"201364310431016264446019349512943794105"
],
"threshold": 0.9
},
"id": "ASB-A-256202273-b8a8a16d",
"signature_version": "v1",
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/341669af524058dd4c64a176ddc54ada589591e1",
"target": {
"file": "services/core/java/com/android/server/pm/PackageManagerService.java"
}
},
{
"signature_type": "Function",
"digest": {
"length": 1826.0,
"function_hash": "173837231139755839627835745645918749546"
},
"id": "ASB-A-256202273-ef86efed",
"signature_version": "v1",
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/aec76152d65cfd5774f6c0dcf4cb6009ba48c1ee",
"target": {
"file": "services/core/java/com/android/server/pm/PackageManagerService.java",
"function": "installLocationPolicy"
}
},
{
"signature_type": "Line",
"digest": {
"line_hashes": [
"323383019452950439022721587221536495956",
"141646107424512681860211450863645381191",
"232267897797497898648796255356180266969",
"2370870929644306747326625601258318868",
"224242779210801795990559495442269668968",
"178573985239065263248700329163361724145",
"5330287858347148278703152876231282746",
"302345260809465962585949430366062394237",
"80355994349317547252844873612813219058",
"124486400087777756658524270427987607217",
"95769274484975723426472180748048707264",
"64241799393178439299039606659250128714",
"62892260601654439480810485495744612527",
"146314910599677978638984550390834355582",
"241325659543729037384589779924087367784",
"17841186410307136095848426418010374499",
"201364310431016264446019349512943794105",
"132157817494603273266127851704263228499"
],
"threshold": 0.9
},
"id": "ASB-A-256202273-ef9b11e7",
"signature_version": "v1",
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/aec76152d65cfd5774f6c0dcf4cb6009ba48c1ee",
"target": {
"file": "services/core/java/com/android/server/pm/PackageManagerService.java"
}
}
],
"types": [
"EoP"
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/aec76152d65cfd5774f6c0dcf4cb6009ba48c1ee",
"https://android.googlesource.com/platform/frameworks/base/+/341669af524058dd4c64a176ddc54ada589591e1"
]
}platform/frameworks/base
Package
- Name
- platform/frameworks/base
Ecosystem specific
{
"severity": "Moderate",
"spl": "2023-05-01",
"vanir_signatures": [
{
"signature_type": "Line",
"digest": {
"line_hashes": [
"63605175448109501863603615311893262621",
"250142924094795662928341993625371411063",
"18446807281274191545814384627051110285",
"340165447095735351540002167618760511049",
"248542275005549700453051888874914133157",
"136411639950493568324331406542339470391",
"52084349353168562900965281274036000023",
"249134487297397458092309921339558148163",
"233737105932200566546070308756911750531",
"258319162602653658646703650914315289041",
"295605658156574038169729860859021103416"
],
"threshold": 0.9
},
"id": "ASB-A-256202273-02759271",
"signature_version": "v1",
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/636cdf22b90ccb4866f380c307b7e1b92da03ed9",
"target": {
"file": "services/core/java/com/android/server/pm/PackageManagerService.java"
}
},
{
"signature_type": "Function",
"digest": {
"length": 1563.0,
"function_hash": "324227939287504300206201911245919687108"
},
"id": "ASB-A-256202273-4b6a4f7c",
"signature_version": "v1",
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/636cdf22b90ccb4866f380c307b7e1b92da03ed9",
"target": {
"file": "services/core/java/com/android/server/pm/PackageManagerService.java",
"function": "verifyReplacingVersionCode"
}
},
{
"signature_type": "Function",
"digest": {
"length": 1111.0,
"function_hash": "250529198514725569443102932472638047305"
},
"id": "ASB-A-256202273-9bac9516",
"signature_version": "v1",
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/cc9d3867082ac1518b7264c3752442f5ca112aa1",
"target": {
"file": "services/core/java/com/android/server/pm/PackageManagerService.java",
"function": "verifyReplacingVersionCode"
}
},
{
"signature_type": "Line",
"digest": {
"line_hashes": [
"131655243573161465468771858895034204693",
"291195504830007423434832839912940856673",
"163754913564646426883622002668483255590",
"227106837693655100677620947068783042509",
"104806414475779496517183112360544567596",
"266471921177581853385264246682457700002",
"5330287858347148278703152876231282746",
"302345260809465962585949430366062394237",
"80355994349317547252844873612813219058",
"124486400087777756658524270427987607217",
"95769274484975723426472180748048707264",
"64241799393178439299039606659250128714",
"62892260601654439480810485495744612527",
"45426094693595652196730483522232069233",
"122916161304883719854949885499528448722",
"328468289020675297204756527397870397097",
"295605658156574038169729860859021103416",
"108587633537507210242609878158511307392"
],
"threshold": 0.9
},
"id": "ASB-A-256202273-9bf563d5",
"signature_version": "v1",
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/cc9d3867082ac1518b7264c3752442f5ca112aa1",
"target": {
"file": "services/core/java/com/android/server/pm/PackageManagerService.java"
}
}
],
"types": [
"EoP"
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/cc9d3867082ac1518b7264c3752442f5ca112aa1",
"https://android.googlesource.com/platform/frameworks/base/+/636cdf22b90ccb4866f380c307b7e1b92da03ed9"
]
}platform/frameworks/base
Package
- Name
- platform/frameworks/base
Ecosystem specific
{
"severity": "Moderate",
"spl": "2023-05-01",
"vanir_signatures": [
{
"signature_type": "Function",
"digest": {
"length": 1111.0,
"function_hash": "250529198514725569443102932472638047305"
},
"id": "ASB-A-256202273-556bc385",
"signature_version": "v1",
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/eada93575f98dfc12854dbdcf54b6e5c6d417b97",
"target": {
"file": "services/core/java/com/android/server/pm/PackageManagerService.java",
"function": "verifyReplacingVersionCode"
}
},
{
"signature_type": "Line",
"digest": {
"line_hashes": [
"131655243573161465468771858895034204693",
"291195504830007423434832839912940856673",
"163754913564646426883622002668483255590",
"227106837693655100677620947068783042509",
"104806414475779496517183112360544567596",
"266471921177581853385264246682457700002",
"5330287858347148278703152876231282746",
"302345260809465962585949430366062394237",
"80355994349317547252844873612813219058",
"124486400087777756658524270427987607217",
"95769274484975723426472180748048707264",
"64241799393178439299039606659250128714",
"62892260601654439480810485495744612527",
"45426094693595652196730483522232069233",
"122916161304883719854949885499528448722",
"328468289020675297204756527397870397097",
"295605658156574038169729860859021103416",
"108587633537507210242609878158511307392"
],
"threshold": 0.9
},
"id": "ASB-A-256202273-6313a522",
"signature_version": "v1",
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/eada93575f98dfc12854dbdcf54b6e5c6d417b97",
"target": {
"file": "services/core/java/com/android/server/pm/PackageManagerService.java"
}
},
{
"signature_type": "Line",
"digest": {
"line_hashes": [
"63605175448109501863603615311893262621",
"250142924094795662928341993625371411063",
"18446807281274191545814384627051110285",
"340165447095735351540002167618760511049",
"248542275005549700453051888874914133157",
"136411639950493568324331406542339470391",
"52084349353168562900965281274036000023",
"249134487297397458092309921339558148163",
"233737105932200566546070308756911750531",
"258319162602653658646703650914315289041",
"295605658156574038169729860859021103416"
],
"threshold": 0.9
},
"id": "ASB-A-256202273-7dd07e5f",
"signature_version": "v1",
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/8e804c13abb3773e417638251490fce369766592",
"target": {
"file": "services/core/java/com/android/server/pm/PackageManagerService.java"
}
},
{
"signature_type": "Function",
"digest": {
"length": 1563.0,
"function_hash": "324227939287504300206201911245919687108"
},
"id": "ASB-A-256202273-c5b50012",
"signature_version": "v1",
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/8e804c13abb3773e417638251490fce369766592",
"target": {
"file": "services/core/java/com/android/server/pm/PackageManagerService.java",
"function": "verifyReplacingVersionCode"
}
}
],
"types": [
"EoP"
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/eada93575f98dfc12854dbdcf54b6e5c6d417b97",
"https://android.googlesource.com/platform/frameworks/base/+/8e804c13abb3773e417638251490fce369766592"
]
}platform/frameworks/base
Package
- Name
- platform/frameworks/base
Ecosystem specific
{
"severity": "Moderate",
"spl": "2023-05-01",
"vanir_signatures": [
{
"signature_type": "Function",
"digest": {
"length": 1956.0,
"function_hash": "275082727597709184000753424244299309763"
},
"id": "ASB-A-256202273-1ac3335d",
"signature_version": "v1",
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/14a91d2bc85a633de67584b27f4cef58c1645637",
"target": {
"file": "services/core/java/com/android/server/pm/InstallPackageHelper.java",
"function": "verifyReplacingVersionCode"
}
},
{
"signature_type": "Function",
"digest": {
"length": 1452.0,
"function_hash": "237048816979219317842714686710299000619"
},
"id": "ASB-A-256202273-3fbed38b",
"signature_version": "v1",
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/224da6d4c2579c01f88fb0bac9fd4c0f16ebe667",
"target": {
"file": "services/core/java/com/android/server/pm/InstallPackageHelper.java",
"function": "verifyReplacingVersionCode"
}
},
{
"signature_type": "Line",
"digest": {
"line_hashes": [
"63605175448109501863603615311893262621",
"173546225366185263187613276852006820736",
"326190137785252094978958267753154377116",
"121636430540856708905499819382202482171",
"12470100640675359785548563315199428325",
"136411639950493568324331406542339470391",
"52084349353168562900965281274036000023",
"192309566731849079405040014069155480488",
"240044076485628183343597920015476546646",
"15846213334126375409777482138026109401",
"319783504689076465904149502568402839711",
"12970867237909160669962964194154689035"
],
"threshold": 0.9
},
"id": "ASB-A-256202273-5d5f71cc",
"signature_version": "v1",
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/14a91d2bc85a633de67584b27f4cef58c1645637",
"target": {
"file": "services/core/java/com/android/server/pm/InstallPackageHelper.java"
}
},
{
"signature_type": "Line",
"digest": {
"line_hashes": [
"252983177159641901497723896441268108671",
"289387077589455534524918148746428779006",
"166768919924717948816029414026291778836",
"118651231370392224840236119108995357589",
"329066948714175627806594661537085099266",
"145223966657233973943848442135262436020",
"152484718102809675440709313061526254350",
"230304300726357595687715847273695966229",
"320009394454379053579531924820497384068",
"43546057785041335342916011230490229185",
"9246424559103928267710257347131600408",
"19143163316148291948041402688674573657",
"15846213334126375409777482138026109401",
"319783504689076465904149502568402839711",
"12970867237909160669962964194154689035",
"108587633537507210242609878158511307392"
],
"threshold": 0.9
},
"id": "ASB-A-256202273-7d6c016f",
"signature_version": "v1",
"deprecated": false,
"source": "https://android.googlesource.com/platform/frameworks/base/+/224da6d4c2579c01f88fb0bac9fd4c0f16ebe667",
"target": {
"file": "services/core/java/com/android/server/pm/InstallPackageHelper.java"
}
}
],
"types": [
"EoP"
],
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/224da6d4c2579c01f88fb0bac9fd4c0f16ebe667",
"https://android.googlesource.com/platform/frameworks/base/+/14a91d2bc85a633de67584b27f4cef58c1645637"
]
}