ASB-A-258422561

See a problem?
Import Source
https://storage.googleapis.com/android-osv/ASB-A-258422561.json
JSON Data
https://api.osv.dev/v1/vulns/ASB-A-258422561
Aliases
  • A-258422561
  • CVE-2023-20957
Published
2023-03-01T00:00:00Z
Modified
2024-08-07T19:30:09.054095Z
Summary
The setup wizard can be bypassed with the emergency dialer allowing app installation and file system access.
Details

In onAttach of SettingsPreferenceFragment.java, there is a possible bypass of Factory Reset Protections due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

References

Affected packages

Android / platform/packages/apps/Settings

Affected ranges

Type
ECOSYSTEM
Events
Introduced
13-next:0
Fixed
13-next:2023-03-01

Affected versions

Other

13-next

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "253905725794329273429239623328834708008",
                    "5430596346883040801355687436615025870",
                    "212534279849993206875968318701974782550"
                ]
            },
            "id": "ASB-A-258422561-1a49382c",
            "source": "https://android.googlesource.com/platform/packages/apps/Settings/+/07dd833a6a8fcdbec84e8ca12fe63f2a3a0954f0",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/com/android/settings/development/DevelopmentSettingsDashboardFragment.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "277974542194967743033616214638969334812",
                    "180625272624908837015322307608135686289",
                    "206721946741929951948759819694438306387"
                ]
            },
            "id": "ASB-A-258422561-858715cf",
            "source": "https://android.googlesource.com/platform/packages/apps/Settings/+/07dd833a6a8fcdbec84e8ca12fe63f2a3a0954f0",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/com/android/settings/system/ResetDashboardFragment.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "204591507093596832660957392389771437442",
                    "253784337652141328539550515319889088159",
                    "124143005154720856354032975756298121291",
                    "321658764293649752536956250768569820296",
                    "159189893367418579624848467916622116406",
                    "115500634181207680233885574558388493763",
                    "96921213287846426930412663261236308007",
                    "299133696125741238314944552670679026120",
                    "286418083805895189478250699666703402471",
                    "194827096131425488759663947675120060005",
                    "73724249774628576003726361123114177131",
                    "82231896817313988629974929912514785249",
                    "312326061603590731404173834342479355944",
                    "148318667472848142158102638704076000038",
                    "165453883568644649125230526995594784866"
                ]
            },
            "id": "ASB-A-258422561-92098786",
            "source": "https://android.googlesource.com/platform/packages/apps/Settings/+/07dd833a6a8fcdbec84e8ca12fe63f2a3a0954f0",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/com/android/settings/SettingsPreferenceFragment.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "247982987278929266277535587630264902348",
                    "75145575659929608824565357545578622255",
                    "241553931593134965945117851143552385916"
                ]
            },
            "id": "ASB-A-258422561-bdef389d",
            "source": "https://android.googlesource.com/platform/packages/apps/Settings/+/07dd833a6a8fcdbec84e8ca12fe63f2a3a0954f0",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/com/android/settings/accounts/AccountDashboardFragment.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "109055572680380147985767684955071918546",
                    "135367504798357426783746891748183142587",
                    "67416844110023636042360706581730839595"
                ]
            },
            "id": "ASB-A-258422561-fe8e0392",
            "source": "https://android.googlesource.com/platform/packages/apps/Settings/+/07dd833a6a8fcdbec84e8ca12fe63f2a3a0954f0",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/com/android/settings/applications/appinfo/AppInfoDashboardFragment.java"
            },
            "signature_type": "Line"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/packages/apps/Settings/+/07dd833a6a8fcdbec84e8ca12fe63f2a3a0954f0"
    ],
    "spl": "2023-03-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}

Android / platform/packages/apps/Settings

Affected ranges

Type
ECOSYSTEM
Events
Introduced
11:0
Fixed
11:2023-03-01

Affected versions

Other

11

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "61911919454641198269507583318625266670",
                    "276861638252733184166932434519818671409",
                    "10269938556252046246009182403786764940",
                    "159189893367418579624848467916622116406",
                    "115500634181207680233885574558388493763",
                    "96921213287846426930412663261236308007",
                    "299133696125741238314944552670679026120",
                    "176193110290625215501357101965125597896",
                    "202635184189409941914817550472023118893",
                    "206399084614360314981444668695019622197",
                    "198027225425852893303937505947234814171",
                    "312326061603590731404173834342479355944",
                    "148318667472848142158102638704076000038",
                    "165453883568644649125230526995594784866"
                ]
            },
            "id": "ASB-A-258422561-4a56dc8f",
            "source": "https://android.googlesource.com/platform/packages/apps/Settings/+/ff5bfb40c8b09ab477efaae6a0199911a0d703dd",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/com/android/settings/SettingsPreferenceFragment.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "109055572680380147985767684955071918546",
                    "135367504798357426783746891748183142587",
                    "67416844110023636042360706581730839595"
                ]
            },
            "id": "ASB-A-258422561-88b1cc51",
            "source": "https://android.googlesource.com/platform/packages/apps/Settings/+/ff5bfb40c8b09ab477efaae6a0199911a0d703dd",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/com/android/settings/applications/appinfo/AppInfoDashboardFragment.java"
            },
            "signature_type": "Line"
        },
        {
            "match_only_versions": [
                "11"
            ],
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "265881156066901375337323192923752089936",
                    "71754913500024379636852691292318375527",
                    "164546795505812202876752054648167293020",
                    "261754223485102725403498656976720073635"
                ]
            },
            "id": "ASB-A-258422561-8e0602e8",
            "source": "https://android.googlesource.com/platform/packages/apps/Settings/+/ff5bfb40c8b09ab477efaae6a0199911a0d703dd",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/com/android/settings/development/DevelopmentSettingsDashboardFragment.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "238786650362251204176783184911990282260",
                    "288928205809266350149979652607563786436",
                    "123655781870715313113724384613216627217"
                ]
            },
            "id": "ASB-A-258422561-acc6bced",
            "source": "https://android.googlesource.com/platform/packages/apps/Settings/+/ff5bfb40c8b09ab477efaae6a0199911a0d703dd",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/com/android/settings/accounts/AccountDashboardFragment.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "115208899486057586428158152219760646195",
                    "10735212417250222429913690597372689468",
                    "206721946741929951948759819694438306387"
                ]
            },
            "id": "ASB-A-258422561-e02b8261",
            "source": "https://android.googlesource.com/platform/packages/apps/Settings/+/ff5bfb40c8b09ab477efaae6a0199911a0d703dd",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/com/android/settings/system/ResetDashboardFragment.java"
            },
            "signature_type": "Line"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/packages/apps/Settings/+/ff5bfb40c8b09ab477efaae6a0199911a0d703dd"
    ],
    "spl": "2023-03-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}

Android / platform/packages/apps/Settings

Affected ranges

Type
ECOSYSTEM
Events
Introduced
12:0
Fixed
12:2023-03-01

Affected versions

Other

12

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "204591507093596832660957392389771437442",
                    "253784337652141328539550515319889088159",
                    "124143005154720856354032975756298121291",
                    "321658764293649752536956250768569820296",
                    "159189893367418579624848467916622116406",
                    "115500634181207680233885574558388493763",
                    "96921213287846426930412663261236308007",
                    "299133696125741238314944552670679026120",
                    "176193110290625215501357101965125597896",
                    "202635184189409941914817550472023118893",
                    "206399084614360314981444668695019622197",
                    "82231896817313988629974929912514785249",
                    "312326061603590731404173834342479355944",
                    "148318667472848142158102638704076000038",
                    "165453883568644649125230526995594784866"
                ]
            },
            "id": "ASB-A-258422561-241ef91c",
            "source": "https://android.googlesource.com/platform/packages/apps/Settings/+/71f2d836884ef74a1330e535907362e68e12489f",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/com/android/settings/SettingsPreferenceFragment.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "277974542194967743033616214638969334812",
                    "180625272624908837015322307608135686289",
                    "206721946741929951948759819694438306387"
                ]
            },
            "id": "ASB-A-258422561-3ba08780",
            "source": "https://android.googlesource.com/platform/packages/apps/Settings/+/71f2d836884ef74a1330e535907362e68e12489f",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/com/android/settings/system/ResetDashboardFragment.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "109055572680380147985767684955071918546",
                    "135367504798357426783746891748183142587",
                    "67416844110023636042360706581730839595"
                ]
            },
            "id": "ASB-A-258422561-825e6e78",
            "source": "https://android.googlesource.com/platform/packages/apps/Settings/+/71f2d836884ef74a1330e535907362e68e12489f",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/com/android/settings/applications/appinfo/AppInfoDashboardFragment.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "253905725794329273429239623328834708008",
                    "5430596346883040801355687436615025870",
                    "212534279849993206875968318701974782550"
                ]
            },
            "id": "ASB-A-258422561-c03d3c42",
            "source": "https://android.googlesource.com/platform/packages/apps/Settings/+/71f2d836884ef74a1330e535907362e68e12489f",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/com/android/settings/development/DevelopmentSettingsDashboardFragment.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "247982987278929266277535587630264902348",
                    "75145575659929608824565357545578622255",
                    "241553931593134965945117851143552385916"
                ]
            },
            "id": "ASB-A-258422561-e3686762",
            "source": "https://android.googlesource.com/platform/packages/apps/Settings/+/71f2d836884ef74a1330e535907362e68e12489f",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/com/android/settings/accounts/AccountDashboardFragment.java"
            },
            "signature_type": "Line"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/packages/apps/Settings/+/71f2d836884ef74a1330e535907362e68e12489f"
    ],
    "spl": "2023-03-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}

Android / platform/packages/apps/Settings

Affected ranges

Type
ECOSYSTEM
Events
Introduced
12L:0
Fixed
12L:2023-03-01

Affected versions

Other

12L

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "253905725794329273429239623328834708008",
                    "5430596346883040801355687436615025870",
                    "212534279849993206875968318701974782550"
                ]
            },
            "id": "ASB-A-258422561-2f4496fe",
            "source": "https://android.googlesource.com/platform/packages/apps/Settings/+/1cf31d17aae6798e6174f6b4eaf60603352aa7f7",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/com/android/settings/development/DevelopmentSettingsDashboardFragment.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "247982987278929266277535587630264902348",
                    "75145575659929608824565357545578622255",
                    "241553931593134965945117851143552385916"
                ]
            },
            "id": "ASB-A-258422561-5e2ba7e1",
            "source": "https://android.googlesource.com/platform/packages/apps/Settings/+/1cf31d17aae6798e6174f6b4eaf60603352aa7f7",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/com/android/settings/accounts/AccountDashboardFragment.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "109055572680380147985767684955071918546",
                    "135367504798357426783746891748183142587",
                    "67416844110023636042360706581730839595"
                ]
            },
            "id": "ASB-A-258422561-76133452",
            "source": "https://android.googlesource.com/platform/packages/apps/Settings/+/1cf31d17aae6798e6174f6b4eaf60603352aa7f7",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/com/android/settings/applications/appinfo/AppInfoDashboardFragment.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "204591507093596832660957392389771437442",
                    "253784337652141328539550515319889088159",
                    "124143005154720856354032975756298121291",
                    "321658764293649752536956250768569820296",
                    "159189893367418579624848467916622116406",
                    "115500634181207680233885574558388493763",
                    "96921213287846426930412663261236308007",
                    "299133696125741238314944552670679026120",
                    "286418083805895189478250699666703402471",
                    "194827096131425488759663947675120060005",
                    "73724249774628576003726361123114177131",
                    "82231896817313988629974929912514785249",
                    "312326061603590731404173834342479355944",
                    "148318667472848142158102638704076000038",
                    "165453883568644649125230526995594784866"
                ]
            },
            "id": "ASB-A-258422561-b508089c",
            "source": "https://android.googlesource.com/platform/packages/apps/Settings/+/1cf31d17aae6798e6174f6b4eaf60603352aa7f7",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/com/android/settings/SettingsPreferenceFragment.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "277974542194967743033616214638969334812",
                    "180625272624908837015322307608135686289",
                    "206721946741929951948759819694438306387"
                ]
            },
            "id": "ASB-A-258422561-efd0be29",
            "source": "https://android.googlesource.com/platform/packages/apps/Settings/+/1cf31d17aae6798e6174f6b4eaf60603352aa7f7",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/com/android/settings/system/ResetDashboardFragment.java"
            },
            "signature_type": "Line"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/packages/apps/Settings/+/1cf31d17aae6798e6174f6b4eaf60603352aa7f7"
    ],
    "spl": "2023-03-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}