PUB-A-262243574

See a problem?

Import Source

https://storage.googleapis.com/android-osv/PUB-A-262243574.json

JSON Data

https://api.osv.dev/v1/vulns/PUB-A-262243574

Aliases

A-262243574
CVE-2023-21175

Published

2023-06-01T00:00:00Z

Modified

2024-11-06T12:16:03.231308Z

Summary

[none]

Details

In onCreate of DataUsageSummary.java, there is a possible method for a guest user to enable or disable mobile data due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

References

https://source.android.com/security/bulletin/2023-06-01

Affected packages

Android / platform/packages/apps/Settings

Package

Name: platform/packages/apps/Settings

Affected ranges

Type: ECOSYSTEM
Events: Introduced

13-next:0

Fixed

13-next:2023-06-01

Affected versions

Other

13-next

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "289775964770338534937929443563253898950",
                    "314595573047544790838692184700851291842",
                    "8133609504256125300793232577262595955",
                    "264141043893279336225063883389833965675",
                    "284142347386925878852953156911388617997",
                    "172312743759585737625155020817470910335",
                    "252393765184578001254333808922527105671",
                    "90099136365689279482792781570319599273",
                    "31902753032025459023805107647427996905",
                    "262418508065456750991423589510372709668",
                    "133774122168042211072767887716410896787",
                    "326309609642970304782940784258528918890",
                    "228836070610663873979443454572671652650",
                    "66473847125902031294695956932660225394"
                ]
            },
            "id": "PUB-A-262243574-3121cc16",
            "source": "https://android.googlesource.com/platform/packages/apps/Settings/+/3abf4d9d5f0662064819979948422db2c2cecec7",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/com/android/settings/datausage/DataUsageSummary.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 811.0,
                "function_hash": "294211287289100097267714547732021295103"
            },
            "id": "PUB-A-262243574-dbc71201",
            "source": "https://android.googlesource.com/platform/packages/apps/Settings/+/3abf4d9d5f0662064819979948422db2c2cecec7",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/com/android/settings/datausage/DataUsageSummary.java",
                "function": "onCreate"
            },
            "signature_type": "Function"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/packages/apps/Settings/+/3abf4d9d5f0662064819979948422db2c2cecec7"
    ],
    "spl": "2023-06-01",
    "severity": "Moderate",
    "types": [
        "EoP"
    ]
}