ASB-A-251778420

See a problem?
Import Source
https://storage.googleapis.com/android-osv/ASB-A-251778420.json
JSON Data
https://api.osv.dev/v1/vulns/ASB-A-251778420
Aliases
  • A-251778420
  • CVE-2023-20953
Published
2023-03-01T00:00:00Z
Modified
2024-08-07T19:29:47.627032Z
Summary
Google Pixel Smartphone [FRP]Factory Reset Protection bypass due to share button (OS Version = android 13)
Details

In onPrimaryClipChanged of ClipboardListener.java, there is a possible way to bypass factory reset protection due to incorrect UI being shown prior to setup completion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

References

Affected packages

Android / platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
13-next:0
Fixed
13-next:2023-03-01

Affected versions

Other

13-next

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "156089486446672276104939384709799485012",
                    "247489564588645683066041968166888899408",
                    "159333107798570288722831522931981089116",
                    "7779789082296313623919544458835083841"
                ]
            },
            "id": "ASB-A-251778420-1ba90f53",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/828a0f4119dc9fcc4d37b7bebf273e50ad9452f8",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "packages/SystemUI/src/com/android/systemui/clipboardoverlay/ClipboardOverlayEvent.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 370.0,
                "function_hash": "163616617409505397925772287913492927131"
            },
            "id": "ASB-A-251778420-e65b21b2",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/828a0f4119dc9fcc4d37b7bebf273e50ad9452f8",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "packages/SystemUI/src/com/android/systemui/clipboardoverlay/ClipboardListener.java",
                "function": "ClipboardListener"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "309581880082468664890615874362150298307",
                    "290713473686484743134435199018660868192",
                    "125086800664531810233244192573394945604",
                    "213397167234201302211258576993310905521",
                    "278022484617456028622226787674637850115",
                    "223822114968220071995820990362281277239",
                    "60254624148788914146812642766198597675",
                    "122477520417919189248448050365781709757",
                    "131612434293971132997415771018155786932",
                    "269608855099054148987306395709298825063",
                    "122452521751584533698827875918308582641",
                    "74404033281583706059496170027092788709",
                    "19406050301543940170011858521462660821",
                    "257953885181127943614555779612410865412",
                    "151674660547208224282796242661472765441",
                    "241456740878156651035435419854837801161",
                    "271939621894415413819538425139888966960",
                    "286854077548159339452735490885179277316",
                    "12032462277226907458175941468009316201",
                    "193313797412553161777221056153129801807",
                    "248560729695152217155726981239557645810",
                    "156321972731938097640597609995111951200",
                    "75738616800887975703766665217168134669",
                    "108942948949134335390799107156065291892",
                    "70759375248159447586080211205304490687",
                    "63117889591247637637495899209034550212",
                    "95057946815911575937226800607872892391",
                    "334913295936487476872037364203414688009",
                    "310139932874319052922534928380921507855",
                    "229863061187885724883184160459852161773"
                ]
            },
            "id": "ASB-A-251778420-f7763afd",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/828a0f4119dc9fcc4d37b7bebf273e50ad9452f8",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "packages/SystemUI/src/com/android/systemui/clipboardoverlay/ClipboardListener.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 858.0,
                "function_hash": "219351335013367947261065571847453308197"
            },
            "id": "ASB-A-251778420-fd45b4c8",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/828a0f4119dc9fcc4d37b7bebf273e50ad9452f8",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "packages/SystemUI/src/com/android/systemui/clipboardoverlay/ClipboardListener.java",
                "function": "onPrimaryClipChanged"
            },
            "signature_type": "Function"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/828a0f4119dc9fcc4d37b7bebf273e50ad9452f8"
    ],
    "spl": "2023-03-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}

Android / platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
13:0
Fixed
13:2023-03-01

Affected versions

Other

13

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "309581880082468664890615874362150298307",
                    "290713473686484743134435199018660868192",
                    "125086800664531810233244192573394945604",
                    "213397167234201302211258576993310905521",
                    "278022484617456028622226787674637850115",
                    "223822114968220071995820990362281277239",
                    "60254624148788914146812642766198597675",
                    "122477520417919189248448050365781709757",
                    "131612434293971132997415771018155786932",
                    "125779980347631476019928671724312763687",
                    "169493190944002751429899487613272271182",
                    "66879199921287805607875445529951955848",
                    "314842808877825538817675070553731191825",
                    "25229828275610777341056241225813543088",
                    "281089925387180210179754115820347940627",
                    "170124664270987702032518632205966714408",
                    "195365186065560602252128432150883688526",
                    "104183916122917838078245832284816992076",
                    "98812802323807388100124691672265923753",
                    "74503409301123797152219791772415137143",
                    "330786941628146078507284131374059267072",
                    "203857675260388581819490843047309835141",
                    "52755846890464675160805277348157355398",
                    "70759375248159447586080211205304490687",
                    "63117889591247637637495899209034550212",
                    "95057946815911575937226800607872892391",
                    "255968344502106778106651872309622454916"
                ]
            },
            "id": "ASB-A-251778420-19954fb6",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/d7a278b39b01cc702b662be8b34bce1d57a9c1bc",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "packages/SystemUI/src/com/android/systemui/clipboardoverlay/ClipboardListener.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 205.0,
                "function_hash": "183291673990674099932770244616853195957"
            },
            "id": "ASB-A-251778420-c3f65ed1",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/d7a278b39b01cc702b662be8b34bce1d57a9c1bc",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "packages/SystemUI/src/com/android/systemui/clipboardoverlay/ClipboardListener.java",
                "function": "ClipboardListener"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 700.0,
                "function_hash": "279707309442175443040838845589895096753"
            },
            "id": "ASB-A-251778420-ca61cee5",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/d7a278b39b01cc702b662be8b34bce1d57a9c1bc",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "packages/SystemUI/src/com/android/systemui/clipboardoverlay/ClipboardListener.java",
                "function": "onPrimaryClipChanged"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "156089486446672276104939384709799485012",
                    "247489564588645683066041968166888899408",
                    "159333107798570288722831522931981089116",
                    "7779789082296313623919544458835083841"
                ]
            },
            "id": "ASB-A-251778420-d886441c",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/d7a278b39b01cc702b662be8b34bce1d57a9c1bc",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "packages/SystemUI/src/com/android/systemui/clipboardoverlay/ClipboardOverlayEvent.java"
            },
            "signature_type": "Line"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/d7a278b39b01cc702b662be8b34bce1d57a9c1bc"
    ],
    "spl": "2023-03-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}