ASB-A-260567867

See a problem?
Import Source
https://storage.googleapis.com/android-osv/ASB-A-260567867.json
JSON Data
https://api.osv.dev/v1/vulns/ASB-A-260567867
Aliases
Published
2023-04-01T00:00:00Z
Modified
2026-04-28T15:17:37.552933Z
Summary
[none]
Details

In multiple functions of AccountManagerService.java, there is a possible loading of arbitrary code into the System Settings app due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

References

Affected packages

Android
platform/frameworks/base

Package

Name
platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
13-next:0
Fixed
13-next:2023-04-01

Affected versions

Other
13-next

Ecosystem specific 

{
    "spl": "2023-04-01",
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/e7c9cedab64313054a5f1d6e249a3d7118f0fe6d"
    ],
    "types": [
        "EoP"
    ],
    "vanir_signatures": [
        {
            "signature_type": "Function",
            "signature_version": "v1",
            "deprecated": false,
            "digest": {
                "length": 2630.0,
                "function_hash": "24063364796261288084818385041544745461"
            },
            "source": "https://android.googlesource.com/platform/frameworks/base/+/e7c9cedab64313054a5f1d6e249a3d7118f0fe6d",
            "target": {
                "function": "onResult",
                "file": "services/core/java/com/android/server/accounts/AccountManagerService.java"
            },
            "id": "ASB-A-260567867-0f0395d8"
        },
        {
            "signature_type": "Line",
            "signature_version": "v1",
            "deprecated": false,
            "digest": {
                "line_hashes": [
                    "102621481333874520227160300226568916637",
                    "87791047021780292960520905960333961581",
                    "227810543805131443330981162682500543823",
                    "249209199335521875619203833124111623883",
                    "333632741528280604425310716873061856856",
                    "296970883249405432748384307226135802410",
                    "322653182359092500475659955130112784308",
                    "70126697754156643117209328007530417998",
                    "339481037997816317821671594887686512293",
                    "221003920048527419293013806736736766485",
                    "97919473584709779965486999353676586848",
                    "234298834527873990978626021844002463501",
                    "300167801387346797691020387596466947641",
                    "60697875491319249160746600633389088059",
                    "101255738353673951573916089828613134146",
                    "117460194778136373718489259647932296637",
                    "221339240173144341381788826707641692497",
                    "249209199335521875619203833124111623883",
                    "333632741528280604425310716873061856856"
                ],
                "threshold": 0.9
            },
            "source": "https://android.googlesource.com/platform/frameworks/base/+/e7c9cedab64313054a5f1d6e249a3d7118f0fe6d",
            "target": {
                "file": "services/core/java/com/android/server/accounts/AccountManagerService.java"
            },
            "id": "ASB-A-260567867-5018acee"
        },
        {
            "signature_type": "Function",
            "signature_version": "v1",
            "deprecated": false,
            "digest": {
                "length": 1320.0,
                "function_hash": "134451419846464950394386447436239146278"
            },
            "source": "https://android.googlesource.com/platform/frameworks/base/+/e7c9cedab64313054a5f1d6e249a3d7118f0fe6d",
            "target": {
                "function": "checkKeyIntent",
                "file": "services/core/java/com/android/server/accounts/AccountManagerService.java"
            },
            "id": "ASB-A-260567867-699f2b76"
        },
        {
            "signature_type": "Function",
            "signature_version": "v1",
            "deprecated": false,
            "digest": {
                "length": 347.0,
                "function_hash": "100361811884416474232114843533415316660"
            },
            "source": "https://android.googlesource.com/platform/frameworks/base/+/e7c9cedab64313054a5f1d6e249a3d7118f0fe6d",
            "target": {
                "function": "checkKeyIntentParceledCorrectly",
                "file": "services/core/java/com/android/server/accounts/AccountManagerService.java"
            },
            "id": "ASB-A-260567867-732e1150"
        },
        {
            "signature_type": "Function",
            "signature_version": "v1",
            "deprecated": false,
            "digest": {
                "length": 2228.0,
                "function_hash": "274929591755527814202843495797426672204"
            },
            "source": "https://android.googlesource.com/platform/frameworks/base/+/e7c9cedab64313054a5f1d6e249a3d7118f0fe6d",
            "target": {
                "function": "onResult",
                "file": "services/core/java/com/android/server/accounts/AccountManagerService.java"
            },
            "id": "ASB-A-260567867-8d45e500"
        }
    ],
    "severity": "High"
}

Database specific

source 
"https://storage.googleapis.com/android-osv/ASB-A-260567867.json"
platform/frameworks/base

Package

Name
platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
11:0
Fixed
11:2023-04-01

Affected versions

Other
11

Ecosystem specific 

{
    "spl": "2023-04-01",
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/9f623983a8d4ec48d58b0eda56fa461fc6748981"
    ],
    "types": [
        "EoP"
    ],
    "vanir_signatures": [
        {
            "signature_type": "Function",
            "signature_version": "v1",
            "deprecated": false,
            "digest": {
                "length": 2614.0,
                "function_hash": "41023448064838139733511489886308780141"
            },
            "source": "https://android.googlesource.com/platform/frameworks/base/+/9f623983a8d4ec48d58b0eda56fa461fc6748981",
            "target": {
                "function": "onResult",
                "file": "services/core/java/com/android/server/accounts/AccountManagerService.java"
            },
            "id": "ASB-A-260567867-44161b57"
        },
        {
            "signature_type": "Function",
            "signature_version": "v1",
            "deprecated": false,
            "digest": {
                "length": 1331.0,
                "function_hash": "52865478785358617343039264453162914792"
            },
            "source": "https://android.googlesource.com/platform/frameworks/base/+/9f623983a8d4ec48d58b0eda56fa461fc6748981",
            "target": {
                "function": "checkKeyIntent",
                "file": "services/core/java/com/android/server/accounts/AccountManagerService.java"
            },
            "id": "ASB-A-260567867-6d37caa9"
        },
        {
            "signature_type": "Function",
            "signature_version": "v1",
            "deprecated": false,
            "digest": {
                "length": 333.0,
                "function_hash": "94708205251876746338000343560764915402"
            },
            "source": "https://android.googlesource.com/platform/frameworks/base/+/9f623983a8d4ec48d58b0eda56fa461fc6748981",
            "target": {
                "function": "checkKeyIntentParceledCorrectly",
                "file": "services/core/java/com/android/server/accounts/AccountManagerService.java"
            },
            "id": "ASB-A-260567867-8462678d"
        },
        {
            "signature_type": "Line",
            "signature_version": "v1",
            "deprecated": false,
            "digest": {
                "line_hashes": [
                    "102621481333874520227160300226568916637",
                    "17410907499065417407586688844885386759",
                    "137971137004370039771630188077221928616",
                    "171654467451521752340925975754762571437",
                    "200743198349192667103830392242710855312",
                    "243628083512321978905245199028732910147",
                    "143497601475118715788948267903722960923",
                    "34403552962753278911522365955453991311",
                    "212527219679643165604639129087184543552",
                    "278096025294005194601942749711161288359",
                    "210066205031285334355977896094228933501",
                    "254649137641918737601387565419334774469",
                    "60013202798819483283863555381222552713",
                    "101255738353673951573916089828613134146",
                    "50186522400419522845497711063170164678",
                    "267026741779168971949661977336207845381",
                    "171654467451521752340925975754762571437",
                    "200743198349192667103830392242710855312"
                ],
                "threshold": 0.9
            },
            "source": "https://android.googlesource.com/platform/frameworks/base/+/9f623983a8d4ec48d58b0eda56fa461fc6748981",
            "target": {
                "file": "services/core/java/com/android/server/accounts/AccountManagerService.java"
            },
            "id": "ASB-A-260567867-85083a16"
        },
        {
            "signature_type": "Function",
            "signature_version": "v1",
            "deprecated": false,
            "digest": {
                "length": 2212.0,
                "function_hash": "267799739317786220573746323388235990046"
            },
            "source": "https://android.googlesource.com/platform/frameworks/base/+/9f623983a8d4ec48d58b0eda56fa461fc6748981",
            "target": {
                "function": "onResult",
                "file": "services/core/java/com/android/server/accounts/AccountManagerService.java"
            },
            "id": "ASB-A-260567867-a7b9bb0b"
        }
    ],
    "severity": "High"
}

Database specific

source 
"https://storage.googleapis.com/android-osv/ASB-A-260567867.json"
platform/frameworks/base

Package

Name
platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
12:0
Fixed
12:2023-04-01

Affected versions

Other
12

Ecosystem specific 

{
    "spl": "2023-04-01",
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/9f623983a8d4ec48d58b0eda56fa461fc6748981"
    ],
    "types": [
        "EoP"
    ],
    "vanir_signatures": [
        {
            "signature_type": "Function",
            "signature_version": "v1",
            "deprecated": false,
            "digest": {
                "length": 1331.0,
                "function_hash": "52865478785358617343039264453162914792"
            },
            "source": "https://android.googlesource.com/platform/frameworks/base/+/9f623983a8d4ec48d58b0eda56fa461fc6748981",
            "target": {
                "function": "checkKeyIntent",
                "file": "services/core/java/com/android/server/accounts/AccountManagerService.java"
            },
            "id": "ASB-A-260567867-27a42bd3"
        },
        {
            "signature_type": "Line",
            "signature_version": "v1",
            "deprecated": false,
            "digest": {
                "line_hashes": [
                    "102621481333874520227160300226568916637",
                    "17410907499065417407586688844885386759",
                    "137971137004370039771630188077221928616",
                    "171654467451521752340925975754762571437",
                    "200743198349192667103830392242710855312",
                    "243628083512321978905245199028732910147",
                    "143497601475118715788948267903722960923",
                    "34403552962753278911522365955453991311",
                    "212527219679643165604639129087184543552",
                    "278096025294005194601942749711161288359",
                    "210066205031285334355977896094228933501",
                    "254649137641918737601387565419334774469",
                    "60013202798819483283863555381222552713",
                    "101255738353673951573916089828613134146",
                    "50186522400419522845497711063170164678",
                    "267026741779168971949661977336207845381",
                    "171654467451521752340925975754762571437",
                    "200743198349192667103830392242710855312"
                ],
                "threshold": 0.9
            },
            "source": "https://android.googlesource.com/platform/frameworks/base/+/9f623983a8d4ec48d58b0eda56fa461fc6748981",
            "target": {
                "file": "services/core/java/com/android/server/accounts/AccountManagerService.java"
            },
            "id": "ASB-A-260567867-40603fb1"
        },
        {
            "signature_type": "Function",
            "signature_version": "v1",
            "deprecated": false,
            "digest": {
                "length": 333.0,
                "function_hash": "94708205251876746338000343560764915402"
            },
            "source": "https://android.googlesource.com/platform/frameworks/base/+/9f623983a8d4ec48d58b0eda56fa461fc6748981",
            "target": {
                "function": "checkKeyIntentParceledCorrectly",
                "file": "services/core/java/com/android/server/accounts/AccountManagerService.java"
            },
            "id": "ASB-A-260567867-450f3afb"
        },
        {
            "signature_type": "Function",
            "signature_version": "v1",
            "deprecated": false,
            "digest": {
                "length": 2614.0,
                "function_hash": "41023448064838139733511489886308780141"
            },
            "source": "https://android.googlesource.com/platform/frameworks/base/+/9f623983a8d4ec48d58b0eda56fa461fc6748981",
            "target": {
                "function": "onResult",
                "file": "services/core/java/com/android/server/accounts/AccountManagerService.java"
            },
            "id": "ASB-A-260567867-53e9a05e"
        },
        {
            "signature_type": "Function",
            "signature_version": "v1",
            "deprecated": false,
            "digest": {
                "length": 2212.0,
                "function_hash": "267799739317786220573746323388235990046"
            },
            "source": "https://android.googlesource.com/platform/frameworks/base/+/9f623983a8d4ec48d58b0eda56fa461fc6748981",
            "target": {
                "function": "onResult",
                "file": "services/core/java/com/android/server/accounts/AccountManagerService.java"
            },
            "id": "ASB-A-260567867-c75e5dd8"
        }
    ],
    "severity": "High"
}

Database specific

source 
"https://storage.googleapis.com/android-osv/ASB-A-260567867.json"
platform/frameworks/base

Package

Name
platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
12L:0
Fixed
12L:2023-04-01

Affected versions

Other
12L

Ecosystem specific 

{
    "spl": "2023-04-01",
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/9f623983a8d4ec48d58b0eda56fa461fc6748981"
    ],
    "types": [
        "EoP"
    ],
    "vanir_signatures": [
        {
            "signature_type": "Function",
            "signature_version": "v1",
            "deprecated": false,
            "digest": {
                "length": 2212.0,
                "function_hash": "267799739317786220573746323388235990046"
            },
            "source": "https://android.googlesource.com/platform/frameworks/base/+/9f623983a8d4ec48d58b0eda56fa461fc6748981",
            "target": {
                "function": "onResult",
                "file": "services/core/java/com/android/server/accounts/AccountManagerService.java"
            },
            "id": "ASB-A-260567867-147a6479"
        },
        {
            "signature_type": "Function",
            "signature_version": "v1",
            "deprecated": false,
            "digest": {
                "length": 1331.0,
                "function_hash": "52865478785358617343039264453162914792"
            },
            "source": "https://android.googlesource.com/platform/frameworks/base/+/9f623983a8d4ec48d58b0eda56fa461fc6748981",
            "target": {
                "function": "checkKeyIntent",
                "file": "services/core/java/com/android/server/accounts/AccountManagerService.java"
            },
            "id": "ASB-A-260567867-6cbd2519"
        },
        {
            "signature_type": "Function",
            "signature_version": "v1",
            "deprecated": false,
            "digest": {
                "length": 333.0,
                "function_hash": "94708205251876746338000343560764915402"
            },
            "source": "https://android.googlesource.com/platform/frameworks/base/+/9f623983a8d4ec48d58b0eda56fa461fc6748981",
            "target": {
                "function": "checkKeyIntentParceledCorrectly",
                "file": "services/core/java/com/android/server/accounts/AccountManagerService.java"
            },
            "id": "ASB-A-260567867-814bca32"
        },
        {
            "signature_type": "Line",
            "signature_version": "v1",
            "deprecated": false,
            "digest": {
                "line_hashes": [
                    "102621481333874520227160300226568916637",
                    "17410907499065417407586688844885386759",
                    "137971137004370039771630188077221928616",
                    "171654467451521752340925975754762571437",
                    "200743198349192667103830392242710855312",
                    "243628083512321978905245199028732910147",
                    "143497601475118715788948267903722960923",
                    "34403552962753278911522365955453991311",
                    "212527219679643165604639129087184543552",
                    "278096025294005194601942749711161288359",
                    "210066205031285334355977896094228933501",
                    "254649137641918737601387565419334774469",
                    "60013202798819483283863555381222552713",
                    "101255738353673951573916089828613134146",
                    "50186522400419522845497711063170164678",
                    "267026741779168971949661977336207845381",
                    "171654467451521752340925975754762571437",
                    "200743198349192667103830392242710855312"
                ],
                "threshold": 0.9
            },
            "source": "https://android.googlesource.com/platform/frameworks/base/+/9f623983a8d4ec48d58b0eda56fa461fc6748981",
            "target": {
                "file": "services/core/java/com/android/server/accounts/AccountManagerService.java"
            },
            "id": "ASB-A-260567867-b420f77c"
        },
        {
            "signature_type": "Function",
            "signature_version": "v1",
            "deprecated": false,
            "digest": {
                "length": 2614.0,
                "function_hash": "41023448064838139733511489886308780141"
            },
            "source": "https://android.googlesource.com/platform/frameworks/base/+/9f623983a8d4ec48d58b0eda56fa461fc6748981",
            "target": {
                "function": "onResult",
                "file": "services/core/java/com/android/server/accounts/AccountManagerService.java"
            },
            "id": "ASB-A-260567867-b9f8b81f"
        }
    ],
    "severity": "High"
}

Database specific

source 
"https://storage.googleapis.com/android-osv/ASB-A-260567867.json"
platform/frameworks/base

Package

Name
platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
13:0
Fixed
13:2023-04-01

Affected versions

Other
13

Ecosystem specific 

{
    "spl": "2023-04-01",
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/3723f400e2f7f6b72be5d76ae6058e2be579b002"
    ],
    "types": [
        "EoP"
    ],
    "vanir_signatures": [
        {
            "signature_type": "Function",
            "signature_version": "v1",
            "deprecated": false,
            "digest": {
                "length": 5624.0,
                "function_hash": "187948086070591231297392488894148739647"
            },
            "source": "https://android.googlesource.com/platform/frameworks/base/+/3723f400e2f7f6b72be5d76ae6058e2be579b002",
            "target": {
                "function": "getAuthToken",
                "file": "services/core/java/com/android/server/accounts/AccountManagerService.java"
            },
            "id": "ASB-A-260567867-517e3a33"
        },
        {
            "signature_type": "Function",
            "signature_version": "v1",
            "deprecated": false,
            "digest": {
                "length": 2212.0,
                "function_hash": "267799739317786220573746323388235990046"
            },
            "source": "https://android.googlesource.com/platform/frameworks/base/+/3723f400e2f7f6b72be5d76ae6058e2be579b002",
            "target": {
                "function": "onResult",
                "file": "services/core/java/com/android/server/accounts/AccountManagerService.java"
            },
            "id": "ASB-A-260567867-8ba17ec0"
        },
        {
            "match_only_versions": [
                "13"
            ],
            "signature_type": "Function",
            "deprecated": false,
            "digest": {
                "length": 1606.0,
                "function_hash": "261227585194831626479415770564533148761"
            },
            "target": {
                "function": "onResult",
                "file": "services/core/java/com/android/server/accounts/AccountManagerService.java"
            },
            "id": "ASB-A-260567867-b857cd09",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/3723f400e2f7f6b72be5d76ae6058e2be579b002",
            "signature_version": "v1"
        },
        {
            "signature_type": "Function",
            "signature_version": "v1",
            "deprecated": false,
            "digest": {
                "length": 2614.0,
                "function_hash": "41023448064838139733511489886308780141"
            },
            "source": "https://android.googlesource.com/platform/frameworks/base/+/3723f400e2f7f6b72be5d76ae6058e2be579b002",
            "target": {
                "function": "onResult",
                "file": "services/core/java/com/android/server/accounts/AccountManagerService.java"
            },
            "id": "ASB-A-260567867-b906f6fc"
        },
        {
            "signature_type": "Function",
            "signature_version": "v1",
            "deprecated": false,
            "digest": {
                "length": 1320.0,
                "function_hash": "134451419846464950394386447436239146278"
            },
            "source": "https://android.googlesource.com/platform/frameworks/base/+/3723f400e2f7f6b72be5d76ae6058e2be579b002",
            "target": {
                "function": "checkKeyIntent",
                "file": "services/core/java/com/android/server/accounts/AccountManagerService.java"
            },
            "id": "ASB-A-260567867-ca1cbc91"
        },
        {
            "signature_type": "Function",
            "signature_version": "v1",
            "deprecated": false,
            "digest": {
                "length": 347.0,
                "function_hash": "100361811884416474232114843533415316660"
            },
            "source": "https://android.googlesource.com/platform/frameworks/base/+/3723f400e2f7f6b72be5d76ae6058e2be579b002",
            "target": {
                "function": "checkKeyIntentParceledCorrectly",
                "file": "services/core/java/com/android/server/accounts/AccountManagerService.java"
            },
            "id": "ASB-A-260567867-eb9ea585"
        },
        {
            "signature_type": "Line",
            "signature_version": "v1",
            "deprecated": false,
            "digest": {
                "line_hashes": [
                    "3345597861118770780059298766421267087",
                    "242732919793228362579209848120206281270",
                    "191848758192162543277547550033520109670",
                    "141394416191930872290709805739668594678",
                    "102621481333874520227160300226568916637",
                    "17410907499065417407586688844885386759",
                    "137971137004370039771630188077221928616",
                    "171654467451521752340925975754762571437",
                    "200743198349192667103830392242710855312",
                    "296970883249405432748384307226135802410",
                    "322653182359092500475659955130112784308",
                    "70126697754156643117209328007530417998",
                    "339481037997816317821671594887686512293",
                    "221003920048527419293013806736736766485",
                    "97919473584709779965486999353676586848",
                    "234298834527873990978626021844002463501",
                    "300167801387346797691020387596466947641",
                    "60697875491319249160746600633389088059",
                    "101255738353673951573916089828613134146",
                    "50186522400419522845497711063170164678",
                    "267026741779168971949661977336207845381",
                    "171654467451521752340925975754762571437",
                    "200743198349192667103830392242710855312"
                ],
                "threshold": 0.9
            },
            "source": "https://android.googlesource.com/platform/frameworks/base/+/3723f400e2f7f6b72be5d76ae6058e2be579b002",
            "target": {
                "file": "services/core/java/com/android/server/accounts/AccountManagerService.java"
            },
            "id": "ASB-A-260567867-f6e0a46f"
        }
    ],
    "severity": "High"
}

Database specific

source 
"https://storage.googleapis.com/android-osv/ASB-A-260567867.json"