ASB-A-249057848

See a problem?
Import Source
https://storage.googleapis.com/android-osv/ASB-A-249057848.json
JSON Data
https://api.osv.dev/v1/vulns/ASB-A-249057848
Aliases
  • A-249057848
  • CVE-2023-20959
Published
2023-03-01T00:00:00Z
Modified
2024-08-07T19:29:12.123713Z
Summary
Guest user can add a new user via Settings#AddSupervisedUserActivity
Details

In AddSupervisedUserActivity, guest users are not prevented from starting the activity due to missing permissions checks. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

References

Affected packages

Android / platform/packages/apps/Settings

Affected ranges

Type
ECOSYSTEM
Events
Introduced
13-next:0
Fixed
13-next:2023-03-01

Affected versions

Other

13-next

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 307.0,
                "function_hash": "152032311291223134051207966755248074620"
            },
            "id": "ASB-A-249057848-37f021ed",
            "source": "https://android.googlesource.com/platform/packages/apps/Settings/+/ee476cab1832f7aaa1b0dba429012ee7e15163b9",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/com/android/settings/users/AddSupervisedUserActivity.java",
                "function": "createUserAsync"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 372.0,
                "function_hash": "125448046524385430546644897797624735976"
            },
            "id": "ASB-A-249057848-3e9977e7",
            "source": "https://android.googlesource.com/platform/packages/apps/Settings/+/ee476cab1832f7aaa1b0dba429012ee7e15163b9",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/com/android/settings/users/UserSettings.java",
                "function": "onAddSupervisedUserClicked"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "79696630694058341520977792996687278567",
                    "210224602416366609415369919527607943644",
                    "20784868880650158563581677206695775308",
                    "10675202281971526141278686275591364772",
                    "57575771666957091292195481595775483083",
                    "250183057479608523356918100036816802086",
                    "121758150281084159141184460328217905460",
                    "140620219488231434920834368405697736389"
                ]
            },
            "id": "ASB-A-249057848-4e6837e2",
            "source": "https://android.googlesource.com/platform/packages/apps/Settings/+/ee476cab1832f7aaa1b0dba429012ee7e15163b9",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/com/android/settings/users/UserSettings.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 730.0,
                "function_hash": "222513770788736878613687022768572034034"
            },
            "id": "ASB-A-249057848-8b4a5bbb",
            "source": "https://android.googlesource.com/platform/packages/apps/Settings/+/ee476cab1832f7aaa1b0dba429012ee7e15163b9",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/com/android/settings/users/AddSupervisedUserActivity.java",
                "function": "createUser"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 292.0,
                "function_hash": "268736349178251010256568304349474934258"
            },
            "id": "ASB-A-249057848-b58409ba",
            "source": "https://android.googlesource.com/platform/packages/apps/Settings/+/ee476cab1832f7aaa1b0dba429012ee7e15163b9",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/com/android/settings/users/AddSupervisedUserActivity.java",
                "function": "onCreate"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "305873569609393846976616465235695245990",
                    "55138052067469463587091833971365160996",
                    "295501762730910254957270930728965558374",
                    "310447235855845337269600757385684865488",
                    "316929078201520097648999636004306168312",
                    "263336139629658685906512687479680636794",
                    "119253055156991849443775449131393798094",
                    "165024262257007326680262366270342439203",
                    "286728897412480087728880212970477927480",
                    "327360636722530481084654956531529983446",
                    "124831910276810722588311809849406136998",
                    "310761244311916668487102395423239396077",
                    "285136906999233034898236810202282342786",
                    "254087369534004667671163056790355454758",
                    "240886723290893535789825438021994498998",
                    "32020699032312066249858967478062568919",
                    "318937117251383544559884429704677332209",
                    "91635293276924158824521545354876235583",
                    "116309551459179584818023529644986747148",
                    "338935267596342727930650058580636542762",
                    "154394391390259868051070678380187247823",
                    "312276352317469461793232791149295250090",
                    "259854547474692127951162518493643506446",
                    "274227438741446204047444054290005117009",
                    "301987041770641061430832879529083197642",
                    "155437188570057364309689488068997234786",
                    "171415879930543071547424728043069074183",
                    "28070901752357985799957797377811542299",
                    "186301567133147952765037437363013760713",
                    "252971720685703378361053281434971953533",
                    "299619311643994885376526179099972328998",
                    "215984883274265393776894974127866280770",
                    "61717884555751813200057634374613312471",
                    "309439692483558489052802015358687542486",
                    "273078863237475930825877701501525914421",
                    "138204054951225578328461863910938816447",
                    "237126774763249863889191768320048987719",
                    "200240324290241502481761404164596526721",
                    "135149538864745751837619296334549960606",
                    "330075924151724677572669678234682604663",
                    "6466666301955282490205082652925821154",
                    "133955896147975316507061704885389211556",
                    "217523373156665695230874744526583691999",
                    "110151920042906070396915185523784718908",
                    "323309029648952384507727870040631907263",
                    "146616043827720205081856815355772846714",
                    "216411984308718542887038292562589040297",
                    "55122642808595003733947937090677864230",
                    "62639341129858120831674500399011926031",
                    "150908306846295010936230764330771784740",
                    "228913705735766828537383401754552632579",
                    "313578643251578201108126858367964752664",
                    "46405445752877418809147913126693758040",
                    "135088653753125215584179356624558428745",
                    "289582253109813654505228092403789073626",
                    "153639385889078851469780207637406655777",
                    "244125084856819352952595829882912148068"
                ]
            },
            "id": "ASB-A-249057848-e7d18a9b",
            "source": "https://android.googlesource.com/platform/packages/apps/Settings/+/ee476cab1832f7aaa1b0dba429012ee7e15163b9",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/com/android/settings/users/AddSupervisedUserActivity.java"
            },
            "signature_type": "Line"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/packages/apps/Settings/+/ee476cab1832f7aaa1b0dba429012ee7e15163b9"
    ],
    "spl": "2023-03-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}

Android / platform/packages/apps/Settings

Affected ranges

Type
ECOSYSTEM
Events
Introduced
13:0
Fixed
13:2023-03-01

Affected versions

Other

13

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 372.0,
                "function_hash": "125448046524385430546644897797624735976"
            },
            "id": "ASB-A-249057848-28df6766",
            "source": "https://android.googlesource.com/platform/packages/apps/Settings/+/ee476cab1832f7aaa1b0dba429012ee7e15163b9",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/com/android/settings/users/UserSettings.java",
                "function": "onAddSupervisedUserClicked"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 730.0,
                "function_hash": "222513770788736878613687022768572034034"
            },
            "id": "ASB-A-249057848-409c32b7",
            "source": "https://android.googlesource.com/platform/packages/apps/Settings/+/ee476cab1832f7aaa1b0dba429012ee7e15163b9",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/com/android/settings/users/AddSupervisedUserActivity.java",
                "function": "createUser"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "305873569609393846976616465235695245990",
                    "55138052067469463587091833971365160996",
                    "295501762730910254957270930728965558374",
                    "310447235855845337269600757385684865488",
                    "316929078201520097648999636004306168312",
                    "263336139629658685906512687479680636794",
                    "119253055156991849443775449131393798094",
                    "165024262257007326680262366270342439203",
                    "286728897412480087728880212970477927480",
                    "327360636722530481084654956531529983446",
                    "124831910276810722588311809849406136998",
                    "310761244311916668487102395423239396077",
                    "285136906999233034898236810202282342786",
                    "254087369534004667671163056790355454758",
                    "240886723290893535789825438021994498998",
                    "32020699032312066249858967478062568919",
                    "318937117251383544559884429704677332209",
                    "91635293276924158824521545354876235583",
                    "116309551459179584818023529644986747148",
                    "338935267596342727930650058580636542762",
                    "154394391390259868051070678380187247823",
                    "312276352317469461793232791149295250090",
                    "259854547474692127951162518493643506446",
                    "274227438741446204047444054290005117009",
                    "301987041770641061430832879529083197642",
                    "155437188570057364309689488068997234786",
                    "171415879930543071547424728043069074183",
                    "28070901752357985799957797377811542299",
                    "186301567133147952765037437363013760713",
                    "252971720685703378361053281434971953533",
                    "299619311643994885376526179099972328998",
                    "215984883274265393776894974127866280770",
                    "61717884555751813200057634374613312471",
                    "309439692483558489052802015358687542486",
                    "273078863237475930825877701501525914421",
                    "138204054951225578328461863910938816447",
                    "237126774763249863889191768320048987719",
                    "200240324290241502481761404164596526721",
                    "135149538864745751837619296334549960606",
                    "330075924151724677572669678234682604663",
                    "6466666301955282490205082652925821154",
                    "133955896147975316507061704885389211556",
                    "217523373156665695230874744526583691999",
                    "110151920042906070396915185523784718908",
                    "323309029648952384507727870040631907263",
                    "146616043827720205081856815355772846714",
                    "216411984308718542887038292562589040297",
                    "55122642808595003733947937090677864230",
                    "62639341129858120831674500399011926031",
                    "150908306846295010936230764330771784740",
                    "228913705735766828537383401754552632579",
                    "313578643251578201108126858367964752664",
                    "46405445752877418809147913126693758040",
                    "135088653753125215584179356624558428745",
                    "289582253109813654505228092403789073626",
                    "153639385889078851469780207637406655777",
                    "244125084856819352952595829882912148068"
                ]
            },
            "id": "ASB-A-249057848-4e4f292e",
            "source": "https://android.googlesource.com/platform/packages/apps/Settings/+/ee476cab1832f7aaa1b0dba429012ee7e15163b9",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/com/android/settings/users/AddSupervisedUserActivity.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "79696630694058341520977792996687278567",
                    "210224602416366609415369919527607943644",
                    "20784868880650158563581677206695775308",
                    "10675202281971526141278686275591364772",
                    "57575771666957091292195481595775483083",
                    "250183057479608523356918100036816802086",
                    "121758150281084159141184460328217905460",
                    "140620219488231434920834368405697736389"
                ]
            },
            "id": "ASB-A-249057848-9096ed5b",
            "source": "https://android.googlesource.com/platform/packages/apps/Settings/+/ee476cab1832f7aaa1b0dba429012ee7e15163b9",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/com/android/settings/users/UserSettings.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 292.0,
                "function_hash": "268736349178251010256568304349474934258"
            },
            "id": "ASB-A-249057848-a0f083f2",
            "source": "https://android.googlesource.com/platform/packages/apps/Settings/+/ee476cab1832f7aaa1b0dba429012ee7e15163b9",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/com/android/settings/users/AddSupervisedUserActivity.java",
                "function": "onCreate"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 307.0,
                "function_hash": "152032311291223134051207966755248074620"
            },
            "id": "ASB-A-249057848-f73bf1c9",
            "source": "https://android.googlesource.com/platform/packages/apps/Settings/+/ee476cab1832f7aaa1b0dba429012ee7e15163b9",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/com/android/settings/users/AddSupervisedUserActivity.java",
                "function": "createUserAsync"
            },
            "signature_type": "Function"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/packages/apps/Settings/+/ee476cab1832f7aaa1b0dba429012ee7e15163b9"
    ],
    "spl": "2023-03-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}