ASB-A-277740848
See a problem?- Import Source
- https://storage.googleapis.com/android-osv/ASB-A-277740848.json
- JSON Data
- https://api.osv.dev/v1/vulns/ASB-A-277740848
- Aliases
-
- A-277740848
- CVE-2023-21238
- Published
- 2023-07-01T00:00:00Z
- Modified
- 2026-05-01T15:24:27.653932Z
- Summary
- [none]
- Details
-
In visitUris of RemoteViews.java, there is a possible leak of images between users due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
- References
Affected packages
Android
platform/frameworks/base
Package
- Name
- platform/frameworks/base
Ecosystem specific
{
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/b4692946c10d11c1e935869e11dc709a9cdcba69",
"https://android.googlesource.com/platform/frameworks/base/+/d82e19ca7dc95e724cbc8477688818cda33fdba0"
],
"severity": "High",
"spl": "2023-07-01",
"vanir_signatures": [
{
"deprecated": false,
"signature_version": "v1",
"id": "ASB-A-277740848-57eada37",
"digest": {
"line_hashes": [
"18893358093154404341348852068354358806",
"50423517392454067396854009113314657598",
"60246086670864434399416018304216395629",
"193393101714492895223609934779057213903"
],
"threshold": 0.9
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/d82e19ca7dc95e724cbc8477688818cda33fdba0",
"signature_type": "Line",
"target": {
"file": "core/java/android/widget/RemoteViews.java"
}
},
{
"deprecated": false,
"signature_version": "v1",
"id": "ASB-A-277740848-5ea3c7f8",
"digest": {
"length": 190.0,
"function_hash": "111810108874556137557640008461423736335"
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/b4692946c10d11c1e935869e11dc709a9cdcba69",
"signature_type": "Function",
"target": {
"file": "core/java/android/widget/RemoteViews.java",
"function": "visitUris"
}
},
{
"deprecated": false,
"signature_version": "v1",
"id": "ASB-A-277740848-638a6408",
"digest": {
"line_hashes": [
"18893358093154404341348852068354358806",
"50423517392454067396854009113314657598",
"60246086670864434399416018304216395629",
"193393101714492895223609934779057213903"
],
"threshold": 0.9
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/b4692946c10d11c1e935869e11dc709a9cdcba69",
"signature_type": "Line",
"target": {
"file": "core/java/android/widget/RemoteViews.java"
}
},
{
"deprecated": false,
"signature_version": "v1",
"id": "ASB-A-277740848-96c2507c",
"digest": {
"length": 190.0,
"function_hash": "111810108874556137557640008461423736335"
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/d82e19ca7dc95e724cbc8477688818cda33fdba0",
"signature_type": "Function",
"target": {
"file": "core/java/android/widget/RemoteViews.java",
"function": "visitUris"
}
}
],
"types": [
"ID"
]
}platform/frameworks/base
Package
- Name
- platform/frameworks/base
Ecosystem specific
{
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/43e1ae4e0d408604b9e3c18ac0e9bf87529b92a8"
],
"severity": "High",
"spl": "2023-07-01",
"vanir_signatures": [
{
"deprecated": false,
"signature_version": "v1",
"id": "ASB-A-277740848-69894fd5",
"digest": {
"line_hashes": [
"18893358093154404341348852068354358806",
"50423517392454067396854009113314657598",
"60246086670864434399416018304216395629",
"193393101714492895223609934779057213903"
],
"threshold": 0.9
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/43e1ae4e0d408604b9e3c18ac0e9bf87529b92a8",
"signature_type": "Line",
"target": {
"file": "core/java/android/widget/RemoteViews.java"
}
},
{
"deprecated": false,
"signature_version": "v1",
"id": "ASB-A-277740848-dc878155",
"digest": {
"length": 190.0,
"function_hash": "111810108874556137557640008461423736335"
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/43e1ae4e0d408604b9e3c18ac0e9bf87529b92a8",
"signature_type": "Function",
"target": {
"file": "core/java/android/widget/RemoteViews.java",
"function": "visitUris"
}
}
],
"types": [
"ID"
]
}platform/frameworks/base
Package
- Name
- platform/frameworks/base
Ecosystem specific
{
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/b4692946c10d11c1e935869e11dc709a9cdcba69"
],
"severity": "High",
"spl": "2023-07-01",
"vanir_signatures": [
{
"deprecated": false,
"signature_version": "v1",
"id": "ASB-A-277740848-830714f5",
"digest": {
"length": 190.0,
"function_hash": "111810108874556137557640008461423736335"
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/b4692946c10d11c1e935869e11dc709a9cdcba69",
"signature_type": "Function",
"target": {
"file": "core/java/android/widget/RemoteViews.java",
"function": "visitUris"
}
},
{
"deprecated": false,
"signature_version": "v1",
"id": "ASB-A-277740848-bb3659f3",
"digest": {
"line_hashes": [
"18893358093154404341348852068354358806",
"50423517392454067396854009113314657598",
"60246086670864434399416018304216395629",
"193393101714492895223609934779057213903"
],
"threshold": 0.9
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/b4692946c10d11c1e935869e11dc709a9cdcba69",
"signature_type": "Line",
"target": {
"file": "core/java/android/widget/RemoteViews.java"
}
}
],
"types": [
"ID"
]
}platform/frameworks/base
Package
- Name
- platform/frameworks/base
Ecosystem specific
{
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/b4692946c10d11c1e935869e11dc709a9cdcba69"
],
"severity": "High",
"spl": "2023-07-01",
"vanir_signatures": [
{
"deprecated": false,
"signature_version": "v1",
"id": "ASB-A-277740848-a2f9bb46",
"digest": {
"line_hashes": [
"18893358093154404341348852068354358806",
"50423517392454067396854009113314657598",
"60246086670864434399416018304216395629",
"193393101714492895223609934779057213903"
],
"threshold": 0.9
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/b4692946c10d11c1e935869e11dc709a9cdcba69",
"signature_type": "Line",
"target": {
"file": "core/java/android/widget/RemoteViews.java"
}
},
{
"deprecated": false,
"signature_version": "v1",
"id": "ASB-A-277740848-a5b1e781",
"digest": {
"length": 190.0,
"function_hash": "111810108874556137557640008461423736335"
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/b4692946c10d11c1e935869e11dc709a9cdcba69",
"signature_type": "Function",
"target": {
"file": "core/java/android/widget/RemoteViews.java",
"function": "visitUris"
}
}
],
"types": [
"ID"
]
}platform/frameworks/base
Package
- Name
- platform/frameworks/base
Ecosystem specific
{
"fixes": [
"https://android.googlesource.com/platform/frameworks/base/+/b4692946c10d11c1e935869e11dc709a9cdcba69"
],
"severity": "High",
"spl": "2023-07-01",
"vanir_signatures": [
{
"deprecated": false,
"signature_version": "v1",
"id": "ASB-A-277740848-8289e474",
"digest": {
"length": 190.0,
"function_hash": "111810108874556137557640008461423736335"
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/b4692946c10d11c1e935869e11dc709a9cdcba69",
"signature_type": "Function",
"target": {
"file": "core/java/android/widget/RemoteViews.java",
"function": "visitUris"
}
},
{
"deprecated": false,
"signature_version": "v1",
"id": "ASB-A-277740848-91d1ab5e",
"digest": {
"line_hashes": [
"18893358093154404341348852068354358806",
"50423517392454067396854009113314657598",
"60246086670864434399416018304216395629",
"193393101714492895223609934779057213903"
],
"threshold": 0.9
},
"source": "https://android.googlesource.com/platform/frameworks/base/+/b4692946c10d11c1e935869e11dc709a9cdcba69",
"signature_type": "Line",
"target": {
"file": "core/java/android/widget/RemoteViews.java"
}
}
],
"types": [
"ID"
]
}