ASB-A-258653813

See a problem?

Import Source

https://storage.googleapis.com/android-osv/ASB-A-258653813.json

JSON Data

https://api.osv.dev/v1/vulns/ASB-A-258653813

Aliases

A-258653813
CVE-2023-20955

Published

2023-03-01T00:00:00Z

Modified

2026-04-17T15:55:28.020024Z

Summary

[none]

Details

In onPrepareOptionsMenu of AppInfoDashboardFragment.java, there is a possible way to bypass admin restrictions and uninstall applications for all users due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

References

Affected packages

Android

platform/packages/apps/Settings

Package

Name: platform/packages/apps/Settings

Affected ranges

Type: ECOSYSTEM
Events: Introduced

13-next:0

Fixed

13-next:2023-03-01

Affected versions

Other

13-next

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 756.0,
                "function_hash": "14830728290335196445060469367171498722"
            },
            "id": "ASB-A-258653813-a09b2b7f",
            "deprecated": false,
            "signature_version": "v1",
            "signature_type": "Function",
            "source": "https://android.googlesource.com/platform/packages/apps/Settings/+/18e77f27aa09c39aa0265ec19f302e6bf3280cfc",
            "target": {
                "function": "onPrepareOptionsMenu",
                "file": "src/com/android/settings/applications/appinfo/AppInfoDashboardFragment.java"
            }
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "135048681631507444047838452576672208960",
                    "147967870485548236032927660014139311308",
                    "41739866459031209175434535783539986956",
                    "266353271555346109623841972192053097360"
                ]
            },
            "id": "ASB-A-258653813-edb13754",
            "deprecated": false,
            "signature_version": "v1",
            "signature_type": "Line",
            "source": "https://android.googlesource.com/platform/packages/apps/Settings/+/18e77f27aa09c39aa0265ec19f302e6bf3280cfc",
            "target": {
                "file": "src/com/android/settings/applications/appinfo/AppInfoDashboardFragment.java"
            }
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/packages/apps/Settings/+/18e77f27aa09c39aa0265ec19f302e6bf3280cfc"
    ],
    "types": [
        "EoP"
    ],
    "spl": "2023-03-01",
    "severity": "High"
}

Database specific

source

"https://storage.googleapis.com/android-osv/ASB-A-258653813.json"

platform/packages/apps/Settings

Package

Name: platform/packages/apps/Settings

Affected ranges

Type: ECOSYSTEM
Events: Introduced

11:0

Fixed

11:2023-03-01

Affected versions

Other

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "135048681631507444047838452576672208960",
                    "200293562576987570844025138663260918437",
                    "273338806753463825148908537991003059871",
                    "225055565300299958898457760001135011655"
                ]
            },
            "id": "ASB-A-258653813-5dd33b50",
            "deprecated": false,
            "signature_version": "v1",
            "signature_type": "Line",
            "source": "https://android.googlesource.com/platform/packages/apps/Settings/+/86914bedc84474c152e4536fb3cfa2fb488030b8",
            "target": {
                "file": "src/com/android/settings/applications/appinfo/AppInfoDashboardFragment.java"
            }
        },
        {
            "digest": {
                "length": 678.0,
                "function_hash": "256267160051243197012364446596867530403"
            },
            "id": "ASB-A-258653813-71f48967",
            "deprecated": false,
            "signature_version": "v1",
            "signature_type": "Function",
            "source": "https://android.googlesource.com/platform/packages/apps/Settings/+/86914bedc84474c152e4536fb3cfa2fb488030b8",
            "target": {
                "function": "onPrepareOptionsMenu",
                "file": "src/com/android/settings/applications/appinfo/AppInfoDashboardFragment.java"
            }
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/packages/apps/Settings/+/86914bedc84474c152e4536fb3cfa2fb488030b8"
    ],
    "types": [
        "EoP"
    ],
    "spl": "2023-03-01",
    "severity": "High"
}

Database specific

source

"https://storage.googleapis.com/android-osv/ASB-A-258653813.json"

platform/packages/apps/Settings

Package

Name: platform/packages/apps/Settings

Affected ranges

Type: ECOSYSTEM
Events: Introduced

12:0

Fixed

12:2023-03-01

Affected versions

Other

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 678.0,
                "function_hash": "256267160051243197012364446596867530403"
            },
            "id": "ASB-A-258653813-7369288a",
            "deprecated": false,
            "signature_version": "v1",
            "signature_type": "Function",
            "source": "https://android.googlesource.com/platform/packages/apps/Settings/+/16500a7ada6b0730bec2787055667c4394fa3468",
            "target": {
                "function": "onPrepareOptionsMenu",
                "file": "src/com/android/settings/applications/appinfo/AppInfoDashboardFragment.java"
            }
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "135048681631507444047838452576672208960",
                    "200293562576987570844025138663260918437",
                    "273338806753463825148908537991003059871",
                    "225055565300299958898457760001135011655"
                ]
            },
            "id": "ASB-A-258653813-7f5b1329",
            "deprecated": false,
            "signature_version": "v1",
            "signature_type": "Line",
            "source": "https://android.googlesource.com/platform/packages/apps/Settings/+/16500a7ada6b0730bec2787055667c4394fa3468",
            "target": {
                "file": "src/com/android/settings/applications/appinfo/AppInfoDashboardFragment.java"
            }
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/packages/apps/Settings/+/16500a7ada6b0730bec2787055667c4394fa3468"
    ],
    "types": [
        "EoP"
    ],
    "spl": "2023-03-01",
    "severity": "High"
}

Database specific

source

"https://storage.googleapis.com/android-osv/ASB-A-258653813.json"

platform/packages/apps/Settings

Package

Name: platform/packages/apps/Settings

Affected ranges

Type: ECOSYSTEM
Events: Introduced

12L:0

Fixed

12L:2023-03-01

Affected versions

Other

12L

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "135048681631507444047838452576672208960",
                    "200293562576987570844025138663260918437",
                    "273338806753463825148908537991003059871",
                    "225055565300299958898457760001135011655"
                ]
            },
            "id": "ASB-A-258653813-aa08fd9b",
            "deprecated": false,
            "signature_version": "v1",
            "signature_type": "Line",
            "source": "https://android.googlesource.com/platform/packages/apps/Settings/+/9191ec13e25e28fa9d6afbbb0573557c7b891520",
            "target": {
                "file": "src/com/android/settings/applications/appinfo/AppInfoDashboardFragment.java"
            }
        },
        {
            "digest": {
                "length": 678.0,
                "function_hash": "256267160051243197012364446596867530403"
            },
            "id": "ASB-A-258653813-ce52d479",
            "deprecated": false,
            "signature_version": "v1",
            "signature_type": "Function",
            "source": "https://android.googlesource.com/platform/packages/apps/Settings/+/9191ec13e25e28fa9d6afbbb0573557c7b891520",
            "target": {
                "function": "onPrepareOptionsMenu",
                "file": "src/com/android/settings/applications/appinfo/AppInfoDashboardFragment.java"
            }
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/packages/apps/Settings/+/9191ec13e25e28fa9d6afbbb0573557c7b891520"
    ],
    "types": [
        "EoP"
    ],
    "spl": "2023-03-01",
    "severity": "High"
}

Database specific

source

"https://storage.googleapis.com/android-osv/ASB-A-258653813.json"

platform/packages/apps/Settings

Package

Name: platform/packages/apps/Settings

Affected ranges

Type: ECOSYSTEM
Events: Introduced

13:0

Fixed

13:2023-03-01

Affected versions

Other

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 756.0,
                "function_hash": "14830728290335196445060469367171498722"
            },
            "id": "ASB-A-258653813-6a9cfb1f",
            "deprecated": false,
            "signature_version": "v1",
            "signature_type": "Function",
            "source": "https://android.googlesource.com/platform/packages/apps/Settings/+/22e4eebafe1bb646618fa4b64e5038a9dc00ac14",
            "target": {
                "function": "onPrepareOptionsMenu",
                "file": "src/com/android/settings/applications/appinfo/AppInfoDashboardFragment.java"
            }
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "135048681631507444047838452576672208960",
                    "147967870485548236032927660014139311308",
                    "41739866459031209175434535783539986956",
                    "266353271555346109623841972192053097360"
                ]
            },
            "id": "ASB-A-258653813-a15041a2",
            "deprecated": false,
            "signature_version": "v1",
            "signature_type": "Line",
            "source": "https://android.googlesource.com/platform/packages/apps/Settings/+/22e4eebafe1bb646618fa4b64e5038a9dc00ac14",
            "target": {
                "file": "src/com/android/settings/applications/appinfo/AppInfoDashboardFragment.java"
            }
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/packages/apps/Settings/+/22e4eebafe1bb646618fa4b64e5038a9dc00ac14"
    ],
    "types": [
        "EoP"
    ],
    "spl": "2023-03-01",
    "severity": "High"
}

Database specific

source

"https://storage.googleapis.com/android-osv/ASB-A-258653813.json"