ASB-A-277741109

See a problem?

Import Source

https://storage.googleapis.com/android-osv/ASB-A-277741109.json

JSON Data

https://api.osv.dev/v1/vulns/ASB-A-277741109

Aliases

A-277741109
CVE-2023-21279

Published

2023-08-01T00:00:00Z

Modified

2026-04-27T15:40:08.012512Z

Summary

[none]

Details

In visitUris of RemoteViews.java, there is a possible cross-user media read due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

References

Affected packages

Android / platform/frameworks/base

Package

Name: platform/frameworks/base

Affected ranges

Type: ECOSYSTEM
Events: Introduced

13-next:0

Fixed

13-next:2023-08-01

Affected versions

Other

13-next

Ecosystem specific

{
    "severity": "High",
    "spl": "2023-08-01",
    "vanir_signatures": [
        {
            "signature_type": "Function",
            "signature_version": "v1",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/1327550f2e6a36b33473ad82ae52377de644833b",
            "digest": {
                "function_hash": "332780869755485867808535814879376698615",
                "length": 316.0
            },
            "id": "ASB-A-277741109-445cf1e3",
            "target": {
                "file": "core/java/android/widget/RemoteViews.java",
                "function": "visitUris"
            },
            "deprecated": false
        },
        {
            "signature_type": "Line",
            "signature_version": "v1",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/1327550f2e6a36b33473ad82ae52377de644833b",
            "digest": {
                "line_hashes": [
                    "18893358093154404341348852068354358806",
                    "275218925872896456245916266479716530481",
                    "10039153857474388100689592245698426073",
                    "248275908032692090292148866998833167361"
                ],
                "threshold": 0.9
            },
            "id": "ASB-A-277741109-c9fed530",
            "target": {
                "file": "core/java/android/widget/RemoteViews.java"
            },
            "deprecated": false
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/1327550f2e6a36b33473ad82ae52377de644833b"
    ],
    "types": [
        "ID"
    ]
}

Database specific

source

"https://storage.googleapis.com/android-osv/ASB-A-277741109.json"

Android / platform/frameworks/base

Package

Name: platform/frameworks/base

Affected ranges

Type: ECOSYSTEM
Events: Introduced

12:0

Fixed

12:2023-08-01

Affected versions

Other

Ecosystem specific

{
    "severity": "High",
    "spl": "2023-08-01",
    "vanir_signatures": [
        {
            "signature_type": "Line",
            "signature_version": "v1",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/ae0d45137b0f8ea49a085bbce4d39f901685c4a5",
            "digest": {
                "line_hashes": [
                    "18893358093154404341348852068354358806",
                    "275218925872896456245916266479716530481",
                    "10039153857474388100689592245698426073",
                    "248275908032692090292148866998833167361"
                ],
                "threshold": 0.9
            },
            "id": "ASB-A-277741109-14ac3a57",
            "target": {
                "file": "core/java/android/widget/RemoteViews.java"
            },
            "deprecated": false
        },
        {
            "signature_type": "Function",
            "signature_version": "v1",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/ae0d45137b0f8ea49a085bbce4d39f901685c4a5",
            "digest": {
                "function_hash": "332780869755485867808535814879376698615",
                "length": 316.0
            },
            "id": "ASB-A-277741109-a73d40cd",
            "target": {
                "file": "core/java/android/widget/RemoteViews.java",
                "function": "visitUris"
            },
            "deprecated": false
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/ae0d45137b0f8ea49a085bbce4d39f901685c4a5"
    ],
    "types": [
        "ID"
    ]
}

Database specific

source

"https://storage.googleapis.com/android-osv/ASB-A-277741109.json"

Android / platform/frameworks/base

Package

Name: platform/frameworks/base

Affected ranges

Type: ECOSYSTEM
Events: Introduced

12L:0

Fixed

12L:2023-08-01

Affected versions

Other

12L

Ecosystem specific

{
    "severity": "High",
    "spl": "2023-08-01",
    "vanir_signatures": [
        {
            "signature_type": "Function",
            "signature_version": "v1",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/ae0d45137b0f8ea49a085bbce4d39f901685c4a5",
            "digest": {
                "function_hash": "332780869755485867808535814879376698615",
                "length": 316.0
            },
            "id": "ASB-A-277741109-143df73a",
            "target": {
                "file": "core/java/android/widget/RemoteViews.java",
                "function": "visitUris"
            },
            "deprecated": false
        },
        {
            "signature_type": "Line",
            "signature_version": "v1",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/ae0d45137b0f8ea49a085bbce4d39f901685c4a5",
            "digest": {
                "line_hashes": [
                    "18893358093154404341348852068354358806",
                    "275218925872896456245916266479716530481",
                    "10039153857474388100689592245698426073",
                    "248275908032692090292148866998833167361"
                ],
                "threshold": 0.9
            },
            "id": "ASB-A-277741109-17521968",
            "target": {
                "file": "core/java/android/widget/RemoteViews.java"
            },
            "deprecated": false
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/ae0d45137b0f8ea49a085bbce4d39f901685c4a5"
    ],
    "types": [
        "ID"
    ]
}

Database specific

source

"https://storage.googleapis.com/android-osv/ASB-A-277741109.json"

Android / platform/frameworks/base

Package

Name: platform/frameworks/base

Affected ranges

Type: ECOSYSTEM
Events: Introduced

13:0

Fixed

13:2023-08-01

Affected versions

Other

Ecosystem specific

{
    "severity": "High",
    "spl": "2023-08-01",
    "vanir_signatures": [
        {
            "signature_type": "Function",
            "signature_version": "v1",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/902f020bc81e5b584d5cb0276568b888a728fc4a",
            "digest": {
                "function_hash": "332780869755485867808535814879376698615",
                "length": 316.0
            },
            "id": "ASB-A-277741109-bf2806a7",
            "target": {
                "file": "core/java/android/widget/RemoteViews.java",
                "function": "visitUris"
            },
            "deprecated": false
        },
        {
            "signature_type": "Line",
            "signature_version": "v1",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/902f020bc81e5b584d5cb0276568b888a728fc4a",
            "digest": {
                "line_hashes": [
                    "18893358093154404341348852068354358806",
                    "275218925872896456245916266479716530481",
                    "10039153857474388100689592245698426073",
                    "248275908032692090292148866998833167361"
                ],
                "threshold": 0.9
            },
            "id": "ASB-A-277741109-bf4ebeeb",
            "target": {
                "file": "core/java/android/widget/RemoteViews.java"
            },
            "deprecated": false
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/902f020bc81e5b584d5cb0276568b888a728fc4a"
    ],
    "types": [
        "ID"
    ]
}

Database specific

source

"https://storage.googleapis.com/android-osv/ASB-A-277741109.json"