PUB-A-184847040
See a problem?- Import Source
- https://storage.googleapis.com/android-osv/PUB-A-184847040.json
- JSON Data
- https://api.osv.dev/v1/vulns/PUB-A-184847040
- Aliases
-
- A-184847040
- CVE-2023-21035
- Published
- 2023-03-01T00:00:00Z
- Modified
- 2024-11-06T12:16:03.231308Z
- Summary
- [none]
- Details
-
In multiple functions of BackupHelper.java, there is a possible way for an app to get permissions previously granted to another app with the same package name due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
- References
Affected packages
Android / platform/packages/modules/Permission
Package
Ecosystem specific
{
"vanir_signatures": [
{
"match_only_versions": [
"13"
],
"digest": {
"length": 576.0,
"function_hash": "121772509326297233808666616204060095274"
},
"id": "PUB-A-184847040-2fb60746",
"source": "https://android.googlesource.com/platform/packages/modules/Permission/+/20b5c4deea740e1be5b83694e174c101e33bb9ad",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "PermissionController/src/com/android/permissioncontroller/permission/service/BackupHelper.java",
"function": "restoreState"
},
"signature_type": "Function"
},
{
"match_only_versions": [
"13"
],
"digest": {
"threshold": 0.9,
"line_hashes": [
"43032228927462822342452236490762689535",
"15059225992926352648322423451923568173",
"68014523979087862551635101569879517189",
"229342248046384201563298567857820340628",
"232114699739685182005429043265396148877",
"20082701335626505167606038099015146283",
"254454615178926056880120567857553340746",
"103104412225771683117794613562427465100"
]
},
"id": "PUB-A-184847040-5143e837",
"source": "https://android.googlesource.com/platform/packages/modules/Permission/+/20b5c4deea740e1be5b83694e174c101e33bb9ad",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "PermissionController/src/com/android/permissioncontroller/permission/utils/CollectionUtils.java"
},
"signature_type": "Line"
},
{
"match_only_versions": [
"13"
],
"digest": {
"length": 586.0,
"function_hash": "254911684776159838257076422776409980238"
},
"id": "PUB-A-184847040-733453be",
"source": "https://android.googlesource.com/platform/packages/modules/Permission/+/20b5c4deea740e1be5b83694e174c101e33bb9ad",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "PermissionController/src/com/android/permissioncontroller/permission/service/BackupHelper.java",
"function": "fromAppPermissions"
},
"signature_type": "Function"
},
{
"match_only_versions": [
"13"
],
"digest": {
"length": 117.0,
"function_hash": "22313021177170591923983578585799462512"
},
"id": "PUB-A-184847040-877d89c0",
"source": "https://android.googlesource.com/platform/packages/modules/Permission/+/20b5c4deea740e1be5b83694e174c101e33bb9ad",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "PermissionController/src/com/android/permissioncontroller/permission/service/BackupHelper.java",
"function": "BackupPackageState"
},
"signature_type": "Function"
},
{
"match_only_versions": [
"13"
],
"digest": {
"threshold": 0.9,
"line_hashes": [
"84843049019302761863065014092449215728",
"264868265656289673523769242114766418396",
"330272999486898339010377919508557050873",
"238491412444631929259607570213563032890",
"212335473773116938990804158033114407646",
"134058316672115466578326395665985276744",
"228512767525940964661812594906433801133",
"233937374947696925692218840410494002904",
"171144675047614504884192740912079595229",
"264009995128844015939027582107486172111",
"107083936107729207877225933750509582959",
"160378149280285647527448676439387697175",
"272189067143468548201249739342392907688",
"152581516656832625565662774003373965946",
"17420550499946334915489961918184163474",
"334970370657539059144312493719319344801",
"272797693633173649503569264023746803157",
"95978107259082001532038822276914454309",
"8818789897582096869070266549742860991",
"129283745040351863577189490146225506285",
"228729908969966056806646850418318249483",
"13384915708799494335160810930570058360",
"299412018832045862676816100797748218910",
"4742087960972795378123464567966795813",
"118381729486424510154429270416018514768",
"55940143718924595368152194732605773808",
"232750173667708018063122654624091780474",
"115444434307155611743719658575516868162",
"258208249832469845229414774678816800645",
"176947216730517605933724620437887834299",
"298840148933479489772422689021635243193",
"324839459591708210349174576831371353881",
"241313337864735710305073706758733108487",
"122824315743963056007668466065238333286",
"100893846625247827684837216972821015725",
"126057789561660815302145050549324193805",
"34713639438136822066599953981348073739",
"295708026625774449588549722076965171260",
"120074438840541939371715319936114458802",
"329344797790915338574761306898915614414",
"338909792849878972852967967565773764856",
"336454364212485952485312509186942841886",
"317947333734852680233374750952830335762",
"233341579077497733609931062168910746240",
"122867727361647026489673136368895088981",
"39047478053297817336745674637801629439",
"160709546613986628274461840001657761058",
"142214370399749670337290002351313537725",
"121506927583770159611383698574899691108",
"290187340577643090211833089575726309284",
"8086904502449774582137344794449317842",
"14365447657664993759865504784314100297",
"301245095004872445367746301117547467864",
"44800969953661819834564641945146190332",
"144180961801702456540075717018092628729",
"131542289587207083776604612861542654087",
"64067858790180593005362939125353067452",
"252867612429068384485880249189219544826",
"5734078675196224577398842139089718719",
"249038250807104320692266941039812661070",
"334085875832893933698930970825722128632",
"74307956833279735491709731661218543999",
"294133986353694889088641684558251658923",
"92750749618021248271968084195900611139",
"303542330409926398319807664756869843746",
"93502754692320634048537897340840167680",
"50944242166658100240420385617026685860",
"336951116393885096362166210447591258905",
"302618801560575942391314988469121726844",
"237664014145279428359701477789088744367",
"33514390769234739660743843800106359521",
"70464342963837185694733314876513059489",
"313785845506715615313911303745603875348",
"284395442707751894149293761353288195023",
"226056816875687927926202966320056865523",
"286982401824229114784767830232939707462",
"6261514209757005563720283717376494312",
"232096581946278684662878038200227974631",
"129715267683248418266053721892328857641",
"61655522085747596594871990584470030985",
"72963479676679129762117341839113149461",
"59723772430105333561426687278662221697",
"242286839995190536712281595258991305929",
"62332265159522511892652992662304330264",
"5215945808670779786580212120046778885",
"278999178717078094647009283431723847502",
"277455797444418779668058670147263285440",
"121914163835655081715333237693164135415",
"270299140831799103856299209921752533728",
"150795311814388669920580123755367611431",
"314326577786631519312177337308130062568",
"40985571648696868188356130129024669558",
"125907105415178325028651785125537620407",
"92006235680231052789865677633488235217",
"88502203556570426997113938840978739680",
"4283205366327779605153781494998329563",
"272506128104646525416133708195724800085",
"241278445286239139869287886671798826753",
"155932022840712717920829980852381074738",
"91979647387661250173676310892023414582",
"62825861441265738485328063170452949658",
"35192094060705160799670636065562508318",
"65899339385329711512659557262708130880",
"193272573877067885183576708741241119502"
]
},
"id": "PUB-A-184847040-8e934464",
"source": "https://android.googlesource.com/platform/packages/modules/Permission/+/20b5c4deea740e1be5b83694e174c101e33bb9ad",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "PermissionController/src/com/android/permissioncontroller/permission/service/BackupHelper.java"
},
"signature_type": "Line"
},
{
"match_only_versions": [
"13"
],
"digest": {
"length": 392.0,
"function_hash": "38836111435667112698082018631472905594"
},
"id": "PUB-A-184847040-8e9c048d",
"source": "https://android.googlesource.com/platform/packages/modules/Permission/+/20b5c4deea740e1be5b83694e174c101e33bb9ad",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "PermissionController/src/com/android/permissioncontroller/permission/service/BackupHelper.java",
"function": "writeState"
},
"signature_type": "Function"
},
{
"match_only_versions": [
"13"
],
"digest": {
"length": 430.0,
"function_hash": "56278284315922569464383854409474583806"
},
"id": "PUB-A-184847040-b41d31b8",
"source": "https://android.googlesource.com/platform/packages/modules/Permission/+/20b5c4deea740e1be5b83694e174c101e33bb9ad",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "PermissionController/src/com/android/permissioncontroller/permission/service/BackupHelper.java",
"function": "writeAsXml"
},
"signature_type": "Function"
},
{
"match_only_versions": [
"13"
],
"digest": {
"length": 1031.0,
"function_hash": "151632702335691916565437966936806462156"
},
"id": "PUB-A-184847040-f42db682",
"source": "https://android.googlesource.com/platform/packages/modules/Permission/+/20b5c4deea740e1be5b83694e174c101e33bb9ad",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "PermissionController/src/com/android/permissioncontroller/permission/service/BackupHelper.java",
"function": "restoreDelayedState"
},
"signature_type": "Function"
},
{
"match_only_versions": [
"13"
],
"digest": {
"length": 945.0,
"function_hash": "288205416372555814080559718911102546679"
},
"id": "PUB-A-184847040-f81e396d",
"source": "https://android.googlesource.com/platform/packages/modules/Permission/+/20b5c4deea740e1be5b83694e174c101e33bb9ad",
"deprecated": false,
"signature_version": "v1",
"target": {
"file": "PermissionController/src/com/android/permissioncontroller/permission/service/BackupHelper.java",
"function": "parseFromXml"
},
"signature_type": "Function"
}
],
"fixes": [
"https://android.googlesource.com/platform/packages/modules/Permission/+/20b5c4deea740e1be5b83694e174c101e33bb9ad"
],
"spl": "2023-03-01",
"severity": "Moderate",
"types": [
"EoP"
]
}