ASB-A-271846393
See a problem?- Import Source
- https://storage.googleapis.com/android-osv/ASB-A-271846393.json
- JSON Data
- https://api.osv.dev/v1/vulns/ASB-A-271846393
- Aliases
-
- A-271846393
- CVE-2023-21126
- Published
- 2023-06-01T00:00:00Z
- Modified
- 2026-04-28T15:17:37.552933Z
- Summary
- [none]
- Details
-
In bindOutputSwitcherAndBroadcastButton of MediaControlPanel.java, there is a possible launch arbitrary activity under SysUI due to Unsafe Intent. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
- References
-
- https://source.android.com/security/bulletin/2023-06-01
- https://android.googlesource.com/platform/frameworks/base/+/b8e6044520761f537473d0a04a651118236d2c52
- https://android.googlesource.com/platform/frameworks/base/+/0f857518e3dd6490508a88ceac39309e77cb231b
- https://android.googlesource.com/platform/frameworks/base/+/3721a8ad742248e7c017115c088291015f40319d
Affected packages
Android / platform/frameworks/base
Package
Ecosystem specific
{
"spl": "2023-06-01",
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/335a3cb7b413fc178f0b190491b870b3327bd7b0"
],
"types": [
"EoP"
],
"vanir_signatures": [
{
"signature_type": "Line",
"signature_version": "v1",
"deprecated": false,
"digest": {
"line_hashes": [
"230872425411386100821262663441988830426",
"335998729608648514097043981959000028980",
"6240304599612048398399617321758657203",
"268339633816058748215191839376924963178",
"10228577753352876288741638779151831847",
"270418421542754298583062484102757970802",
"147287380065484115844283658550797767117",
"29032248104267286140973246322924577667",
"170114685066064521645076838693224070955",
"200233769167039245806986392946345344761",
"125369772353286533227611411828141335885"
],
"threshold": 0.9
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/335a3cb7b413fc178f0b190491b870b3327bd7b0",
"target": {
"file": "packages/SystemUI/src/com/android/systemui/media/controls/ui/MediaControlPanel.java"
},
"id": "ASB-A-271846393-0c32d536"
},
{
"signature_type": "Function",
"signature_version": "v1",
"deprecated": false,
"digest": {
"length": 4333.0,
"function_hash": "267687680715147476082275790442084180232"
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/335a3cb7b413fc178f0b190491b870b3327bd7b0",
"target": {
"function": "fixNotification",
"file": "services/core/java/com/android/server/notification/NotificationManagerService.java"
},
"id": "ASB-A-271846393-4bcc79a2"
},
{
"signature_type": "Function",
"signature_version": "v1",
"deprecated": false,
"digest": {
"length": 2645.0,
"function_hash": "307490493470022176088052483815322606955"
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/335a3cb7b413fc178f0b190491b870b3327bd7b0",
"target": {
"function": "bindOutputSwitcherAndBroadcastButton",
"file": "packages/SystemUI/src/com/android/systemui/media/controls/ui/MediaControlPanel.java"
},
"id": "ASB-A-271846393-746757cd"
},
{
"signature_type": "Line",
"signature_version": "v1",
"deprecated": false,
"digest": {
"line_hashes": [
"253903984705424358086722864435461574030",
"257869991310084047521084060057549809502",
"183057806017896848842730402937084941303",
"72332517352184135979223273446677720591"
],
"threshold": 0.9
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/335a3cb7b413fc178f0b190491b870b3327bd7b0",
"target": {
"file": "services/core/java/com/android/server/notification/NotificationManagerService.java"
},
"id": "ASB-A-271846393-eda05240"
}
],
"severity": "High"
}
Android / platform/frameworks/base
Package
Ecosystem specific
{
"spl": "2023-06-01",
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/6c4a347bd225f6427b50978ae02ad6f1af15f538",
"https://android.googlesource.com/platform/frameworks/base/+/3ee3b7a20a109063cdc2233a1429f78ad8c5ab79",
"https://android.googlesource.com/platform/frameworks/base/+/3c3056c16970d561175192e7a8909a9de784ae54"
],
"types": [
"EoP"
],
"vanir_signatures": [
{
"signature_type": "Function",
"exact_target_file_match_only": true,
"deprecated": false,
"digest": {
"length": 1041.0,
"function_hash": "286088843615190968846333630048081541692"
},
"target": {
"function": "startPendingIntentDismissingKeyguard",
"file": "packages/SystemUI/src/com/android/systemui/statusbar/phone/CentralSurfacesImpl.java"
},
"id": "ASB-A-271846393-02634982",
"source": "https://android.googlesource.com/platform/frameworks/base/+/3ee3b7a20a109063cdc2233a1429f78ad8c5ab79",
"signature_version": "v1"
},
{
"signature_type": "Function",
"exact_target_file_match_only": true,
"deprecated": false,
"digest": {
"length": 1303.0,
"function_hash": "178616258967409317397577551229532770967"
},
"target": {
"function": "onNotificationClicked",
"file": "packages/SystemUI/src/com/android/systemui/statusbar/phone/StatusBarNotificationActivityStarter.java"
},
"id": "ASB-A-271846393-056f5202",
"source": "https://android.googlesource.com/platform/frameworks/base/+/3ee3b7a20a109063cdc2233a1429f78ad8c5ab79",
"signature_version": "v1"
},
{
"match_only_versions": [
"13"
],
"signature_type": "Line",
"deprecated": false,
"digest": {
"line_hashes": [
"50454412654763931134233321317447229068",
"30013225977220218034766024897994265391",
"293822949742712987548957482238716755057",
"242150876751779382888717150321923980653",
"40800314990889636612815428278997086650"
],
"threshold": 0.9
},
"exact_target_file_match_only": true,
"target": {
"file": "packages/SystemUI/src/com/android/systemui/statusbar/phone/StatusBarRemoteInputCallback.java"
},
"id": "ASB-A-271846393-0c18efce",
"source": "https://android.googlesource.com/platform/frameworks/base/+/3ee3b7a20a109063cdc2233a1429f78ad8c5ab79",
"signature_version": "v1"
},
{
"signature_type": "Line",
"signature_version": "v1",
"deprecated": false,
"digest": {
"line_hashes": [
"206535368192165133378864555332304687207",
"197278158694007071014626855053256538322",
"102611065600773785065285762143892405323",
"330408950157360963923318400147103041533"
],
"threshold": 0.9
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/6c4a347bd225f6427b50978ae02ad6f1af15f538",
"target": {
"file": "services/core/java/com/android/server/pm/PackageManagerInternalBase.java"
},
"id": "ASB-A-271846393-1dd69cf5"
},
{
"match_only_versions": [
"13"
],
"signature_type": "Function",
"deprecated": false,
"digest": {
"length": 635.0,
"function_hash": "184541793108889883826723746171360051309"
},
"exact_target_file_match_only": true,
"target": {
"function": "handleRemoteViewClick",
"file": "packages/SystemUI/src/com/android/systemui/statusbar/phone/StatusBarRemoteInputCallback.java"
},
"id": "ASB-A-271846393-37edc787",
"source": "https://android.googlesource.com/platform/frameworks/base/+/3ee3b7a20a109063cdc2233a1429f78ad8c5ab79",
"signature_version": "v1"
},
{
"signature_type": "Line",
"signature_version": "v1",
"deprecated": false,
"digest": {
"line_hashes": [
"182059258388804975474889324181877838990",
"335998729608648514097043981959000028980",
"6240304599612048398399617321758657203",
"268339633816058748215191839376924963178",
"10228577753352876288741638779151831847",
"228918169161884123250268003204920681",
"158268664502523512606263587910112303237",
"151975675633060941526667962719081131298",
"209588549583639288037407407012691368536"
],
"threshold": 0.9
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/3c3056c16970d561175192e7a8909a9de784ae54",
"target": {
"file": "packages/SystemUI/src/com/android/systemui/media/MediaControlPanel.java"
},
"id": "ASB-A-271846393-3803b6fc"
},
{
"signature_type": "Function",
"signature_version": "v1",
"deprecated": false,
"digest": {
"length": 1525.0,
"function_hash": "71265258157114590545540351001838412508"
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/3c3056c16970d561175192e7a8909a9de784ae54",
"target": {
"function": "bindOutputSwitcherChip",
"file": "packages/SystemUI/src/com/android/systemui/media/MediaControlPanel.java"
},
"id": "ASB-A-271846393-4e2db01b"
},
{
"signature_type": "Function",
"signature_version": "v1",
"deprecated": false,
"digest": {
"length": 197.0,
"function_hash": "78745471563276901678845532427090193812"
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/6c4a347bd225f6427b50978ae02ad6f1af15f538",
"target": {
"function": "queryIntentActivities",
"file": "services/core/java/com/android/server/pm/PackageManagerInternalBase.java"
},
"id": "ASB-A-271846393-502537c9"
},
{
"match_only_versions": [
"13"
],
"signature_type": "Function",
"deprecated": false,
"digest": {
"length": 1021.0,
"function_hash": "174970559769128569528789129778070214766"
},
"target": {
"function": "queryIntentComponentsForIntentSender",
"file": "services/core/java/com/android/server/am/ActivityManagerService.java"
},
"id": "ASB-A-271846393-531242fa",
"source": "https://android.googlesource.com/platform/frameworks/base/+/6c4a347bd225f6427b50978ae02ad6f1af15f538",
"signature_version": "v1"
},
{
"match_only_versions": [
"13"
],
"signature_type": "Line",
"deprecated": false,
"digest": {
"line_hashes": [
"135542876691881457800174126891548670462",
"101494581465747771988168920529117761495",
"131922853351039576208234686243169401070",
"9413301174270534008443788113338114451",
"115382658339630236465444767598201868514",
"240451254422274110276975739140569497810",
"214438263518390320628691608255003429185",
"34845624562396525403054196938655793516",
"178599353584987838950370902475955887095",
"8205114977588376554469430109309893620",
"245685455233671269279525686641618557432",
"262184241501960405093244552451478728060",
"62955635762453522672927935346905470104",
"262318357714189165330933641641657186838",
"241973081496200180792888983685832963467",
"47395095852786439646745444343823516853",
"8794521445931323481114660403684841272",
"108121731112564968108325370293693694843",
"174115300151019868265826333063888095008",
"182471343304056705691555222777593887353",
"215387031388644380581660308928954296454",
"89125285953424595303937648151201236370",
"100152070943127767372669874702743098404"
],
"threshold": 0.9
},
"target": {
"file": "services/core/java/com/android/server/am/ActivityManagerService.java"
},
"id": "ASB-A-271846393-88d7613c",
"source": "https://android.googlesource.com/platform/frameworks/base/+/6c4a347bd225f6427b50978ae02ad6f1af15f538",
"signature_version": "v1"
},
{
"signature_type": "Line",
"signature_version": "v1",
"deprecated": false,
"digest": {
"line_hashes": [
"219103171606208111390459282156658106579",
"42751191032676820378334489928836626626",
"212879122132098680344943225565944546688"
],
"threshold": 0.9
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/6c4a347bd225f6427b50978ae02ad6f1af15f538",
"target": {
"file": "services/core/java/com/android/server/pm/ComputerEngine.java"
},
"id": "ASB-A-271846393-8b4150f5"
},
{
"signature_type": "Line",
"exact_target_file_match_only": true,
"deprecated": false,
"digest": {
"line_hashes": [
"227111203126462132839911405617692621574",
"299731065251190970605764112717447872684",
"181064642354844931985489510036490731993",
"83614579089263366459761726885417309166"
],
"threshold": 0.9
},
"target": {
"file": "packages/SystemUI/src/com/android/systemui/statusbar/phone/CentralSurfacesImpl.java"
},
"id": "ASB-A-271846393-93038577",
"source": "https://android.googlesource.com/platform/frameworks/base/+/3ee3b7a20a109063cdc2233a1429f78ad8c5ab79",
"signature_version": "v1"
},
{
"signature_type": "Line",
"signature_version": "v1",
"deprecated": false,
"digest": {
"line_hashes": [
"253903984705424358086722864435461574030",
"287775789796330345679124622318788623133",
"54266001961200714770078663532211025569",
"165569965810641641097497766197025949713"
],
"threshold": 0.9
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/3c3056c16970d561175192e7a8909a9de784ae54",
"target": {
"file": "services/core/java/com/android/server/notification/NotificationManagerService.java"
},
"id": "ASB-A-271846393-97722b11"
},
{
"signature_type": "Line",
"signature_version": "v1",
"deprecated": false,
"digest": {
"line_hashes": [
"46199225223002498813501284967081537155",
"184384096706449390226371002128345091409",
"142758306640343396013190116045428603001",
"261710390796188921390051419611002869500"
],
"threshold": 0.9
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/6c4a347bd225f6427b50978ae02ad6f1af15f538",
"target": {
"file": "services/core/java/com/android/server/pm/Computer.java"
},
"id": "ASB-A-271846393-a7821dcb"
},
{
"match_only_versions": [
"13"
],
"signature_type": "Line",
"deprecated": false,
"digest": {
"line_hashes": [
"279452420605944529287858660104943227928",
"297817759332956460786286352756478452973",
"283718113760667542417593542265634207274",
"297142545432450160884900722838657984254",
"171166836102926374318215215279548522872",
"44929399260439157859268675000730310207",
"36657217421929944235347609769914142476",
"297899968368295158094566844842418354821",
"47104960082448654964506702767101529405",
"112438216916822437734175830135656700409",
"104763288006786384546874089997686914683",
"6786696123406831254262800566828319140",
"209987263421852108559154336121566171762",
"220942021495262776868147244381106568562",
"266341740573206455300379416695739530969",
"89116456000894999502422585451747833580",
"279005987229065417342160784455435867539",
"63516849009322620667611818542424714483",
"67754155622386422899887103761490160876",
"175840438916755706840317225996919333203",
"209538324099419047165411068880982334196",
"93927960070191315016039441139628115968",
"31907771833404063579795170068209517135",
"101997094792374482962736997198288031261",
"15854559075848294332399399505026274927",
"76429923685655151830610341265204503946",
"214179078821018585551078105206271108550",
"254582942163694371096891418714042637901",
"252224366672296261498230455905136005603"
],
"threshold": 0.9
},
"exact_target_file_match_only": true,
"target": {
"file": "packages/SystemUI/src/com/android/systemui/ActivityIntentHelper.java"
},
"id": "ASB-A-271846393-aae65a75",
"source": "https://android.googlesource.com/platform/frameworks/base/+/3ee3b7a20a109063cdc2233a1429f78ad8c5ab79",
"signature_version": "v1"
},
{
"signature_type": "Function",
"signature_version": "v1",
"deprecated": false,
"digest": {
"length": 1864.0,
"function_hash": "265197953717209014322459107828658171341"
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/3c3056c16970d561175192e7a8909a9de784ae54",
"target": {
"function": "fixNotification",
"file": "services/core/java/com/android/server/notification/NotificationManagerService.java"
},
"id": "ASB-A-271846393-ee9a8818"
},
{
"match_only_versions": [
"13"
],
"signature_type": "Function",
"deprecated": false,
"digest": {
"length": 522.0,
"function_hash": "258082371803861302409038893350652173138"
},
"exact_target_file_match_only": true,
"target": {
"function": "getTargetActivityInfo",
"file": "packages/SystemUI/src/com/android/systemui/ActivityIntentHelper.java"
},
"id": "ASB-A-271846393-f8039713",
"source": "https://android.googlesource.com/platform/frameworks/base/+/3ee3b7a20a109063cdc2233a1429f78ad8c5ab79",
"signature_version": "v1"
},
{
"signature_type": "Line",
"exact_target_file_match_only": true,
"deprecated": false,
"digest": {
"line_hashes": [
"154158448839737934387782205624416406452",
"189343675409681482264294634432802115312",
"159589826654596615965487049535684055662",
"290480052243468584272391351789721865298",
"251378210182350005787949925835752974625",
"48070887955904611512823487357584091551",
"292249950543453124863373236695554660520",
"120792672116670357853305694201266022212",
"27545028907470929425206290872797400585"
],
"threshold": 0.9
},
"target": {
"file": "packages/SystemUI/src/com/android/systemui/statusbar/phone/StatusBarNotificationActivityStarter.java"
},
"id": "ASB-A-271846393-ff2b786e",
"source": "https://android.googlesource.com/platform/frameworks/base/+/3ee3b7a20a109063cdc2233a1429f78ad8c5ab79",
"signature_version": "v1"
}
],
"severity": "High"
}