PUB-A-267809568

See a problem?
Import Source
https://storage.googleapis.com/android-osv/PUB-A-267809568.json
JSON Data
https://api.osv.dev/v1/vulns/PUB-A-267809568
Aliases
  • A-267809568
  • CVE-2023-21184
Published
2023-06-01T00:00:00Z
Modified
2024-11-06T12:16:03.231308Z
Summary
[none]
Details

In getCurrentPrivilegedPackagesForAllUsers of CarrierPrivilegesTracker.java, there is a possible permission bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

References

Affected packages

Android / platform/frameworks/opt/telephony

Package

Name
platform/frameworks/opt/telephony

Affected ranges

Type
ECOSYSTEM
Events
Introduced
13-next:0
Fixed
13-next:2023-06-01

Affected versions

Other

13-next

Ecosystem specific 

{
    "vanir_signatures": [
        {
            "match_only_versions": [
                "13-next"
            ],
            "digest": {
                "length": 460.0,
                "function_hash": "5771547486773076770275120216396398533"
            },
            "id": "PUB-A-267809568-4034d0b5",
            "source": "https://android.googlesource.com/platform/frameworks/opt/telephony/+/5f2cc3b87dbc1aeb5350ad624fe4f5068eaf2f3a",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/java/com/android/internal/telephony/CarrierPrivilegesTracker.java",
                "function": "isPackagePrivileged"
            },
            "signature_type": "Function"
        },
        {
            "match_only_versions": [
                "13-next"
            ],
            "digest": {
                "length": 361.0,
                "function_hash": "201113409721399947625443452057281814487"
            },
            "id": "PUB-A-267809568-5c0a6f32",
            "source": "https://android.googlesource.com/platform/frameworks/opt/telephony/+/5f2cc3b87dbc1aeb5350ad624fe4f5068eaf2f3a",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/java/com/android/internal/telephony/CarrierPrivilegesTracker.java",
                "function": "getCurrentPrivilegedPackagesForAllUsers"
            },
            "signature_type": "Function"
        },
        {
            "match_only_versions": [
                "13-next"
            ],
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "133860786993307903240930719471997748662",
                    "327668188278990896461400068215585480857",
                    "270135952203417321175801858560680340778",
                    "291471331688111365999441700972870006015",
                    "163631582177775998346931319981212049298",
                    "57702665709567983532035777699280306385",
                    "151869266533203950716100223084264919027",
                    "81415990852441065919410672900707225400",
                    "99842688182736163255905431921154720261",
                    "295604800225291639323971911058942762999",
                    "24191575457373117331715467093593715473",
                    "115232715834788397362163295260313976728",
                    "94102061148820280725121907413828054894",
                    "61923593126335796033576707393177417223",
                    "25352923530947196920217051056440418006",
                    "113008113207345181749013955647458131364",
                    "12727994075362168980174449854522798626",
                    "289833324310821648102787239092038058289",
                    "37525565400142105250553726291089897329",
                    "220687770853706430826015534799852922207",
                    "299573725638367817069593312769141863625",
                    "113405483766243420886215939893988209139",
                    "76681566209410463307776797321747156844",
                    "303506172789429354404651473937046934911",
                    "147056084941642318221536053840593190489",
                    "265861306844938841039775175158867079047",
                    "193037440964125277813304146286524852161",
                    "113405483766243420886215939893988209139",
                    "105819196732736135217362003270260541981",
                    "17200717024254504266808268396833241043",
                    "148133759621197727053145612113951204935",
                    "93011993362860119027692100105914948570",
                    "113405483766243420886215939893988209139",
                    "223806271234802523021061016499458327744",
                    "108587633537507210242609878158511307392",
                    "188773964332395921629363995636504186348",
                    "193945555105656936453847297800470789796",
                    "223178474147455275682867820049089608675",
                    "249614435990149689983186371691608525356",
                    "141944508518706197675981189425905580813",
                    "136549914787974292627840592059281454288",
                    "270021213442385571659893817229155644871",
                    "44006679455793431311049063266212899625",
                    "220573612321300288990188342059682467859",
                    "67335646776396347222457528810217884483",
                    "335516299301332158460675029904294221139",
                    "113202982021298738460370170107960833090",
                    "59630037856463520692002926934246847253",
                    "332867604625726175702417694276724967666"
                ]
            },
            "id": "PUB-A-267809568-a46c6cdd",
            "source": "https://android.googlesource.com/platform/frameworks/opt/telephony/+/5f2cc3b87dbc1aeb5350ad624fe4f5068eaf2f3a",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/java/com/android/internal/telephony/CarrierPrivilegesTracker.java"
            },
            "signature_type": "Line"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/opt/telephony/+/5f2cc3b87dbc1aeb5350ad624fe4f5068eaf2f3a"
    ],
    "spl": "2023-06-01",
    "severity": "Moderate",
    "types": [
        "EoP"
    ]
}