ASB-A-259938771

See a problem?
Import Source
https://storage.googleapis.com/android-osv/ASB-A-259938771.json
JSON Data
https://api.osv.dev/v1/vulns/ASB-A-259938771
Aliases
  • A-259938771
  • CVE-2023-21104
Published
2023-05-01T00:00:00Z
Modified
2024-08-07T19:30:06.178632Z
Summary
TaskFragmentOrganizer.applySyncTransaction() allows leaking SurfaceControl of outer Task
Details

In applySyncTransaction of WindowOrganizer.java, a missing permission check could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

References

Affected packages

Android / platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
13-next:0
Fixed
13-next:2023-05-01

Affected versions

Other

13-next

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "24167277397551134546542269956654826946",
                    "59354035683255245686438663322948847719",
                    "141436198444055060434533248862068064600",
                    "71372327696440544856753655530964729435",
                    "210089888014606679534144853351660770729"
                ]
            },
            "id": "ASB-A-259938771-94e054c1",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/65ac64c3476f42f8437481bff77485f53ab4f391",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "core/java/android/window/WindowOrganizer.java"
            },
            "signature_type": "Line"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/65ac64c3476f42f8437481bff77485f53ab4f391"
    ],
    "spl": "2023-05-01",
    "severity": "High",
    "types": [
        "ID"
    ]
}

Android / platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
12L:0
Fixed
12L:2023-05-01

Affected versions

Other

12L

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "94873515176354498119726965180125014759",
                    "69134896768068446205333039147865737471",
                    "43153660374862486007131981049621156825",
                    "47773090083289433534609771822341692986"
                ]
            },
            "id": "ASB-A-259938771-1d083d4d",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/9a91f75d298a7fd81367ee89aef4bc2b7d27d80d",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/wm/WindowOrganizerController.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 146.0,
                "function_hash": "125141909306182988522930486158020411585"
            },
            "id": "ASB-A-259938771-c37c9c70",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/9a91f75d298a7fd81367ee89aef4bc2b7d27d80d",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "core/java/android/window/TaskFragmentOrganizer.java",
                "function": "applySyncTransaction"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 515.0,
                "function_hash": "85499661603049198270436623753962518799"
            },
            "id": "ASB-A-259938771-dfe336fc",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/9a91f75d298a7fd81367ee89aef4bc2b7d27d80d",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/wm/WindowOrganizerController.java",
                "function": "applySyncTransaction"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "108595815495287482905946503145369390890",
                    "273699918406182242923181054390688436475",
                    "170937474303982607169189269718626162175",
                    "133450629759479855441231124383360709263",
                    "7496200274902299290492361216841137135",
                    "156773150231249587012878326627470087874",
                    "54067275844175185450265451145859420513",
                    "139008005705741279889019115769842795249",
                    "301954793450460953634022364525325029661",
                    "244195558835990736426134245007675438194"
                ]
            },
            "id": "ASB-A-259938771-e14366b9",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/9a91f75d298a7fd81367ee89aef4bc2b7d27d80d",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "core/java/android/window/TaskFragmentOrganizer.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "24167277397551134546542269956654826946",
                    "59354035683255245686438663322948847719",
                    "141436198444055060434533248862068064600",
                    "71372327696440544856753655530964729435",
                    "210089888014606679534144853351660770729"
                ]
            },
            "id": "ASB-A-259938771-edd0be08",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/9a91f75d298a7fd81367ee89aef4bc2b7d27d80d",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "core/java/android/window/WindowOrganizer.java"
            },
            "signature_type": "Line"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/9a91f75d298a7fd81367ee89aef4bc2b7d27d80d"
    ],
    "spl": "2023-05-01",
    "severity": "High",
    "types": [
        "ID"
    ]
}

Android / platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
13:0
Fixed
13:2023-05-01

Affected versions

Other

13

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "108595815495287482905946503145369390890",
                    "273699918406182242923181054390688436475",
                    "170937474303982607169189269718626162175",
                    "133450629759479855441231124383360709263",
                    "7496200274902299290492361216841137135",
                    "156773150231249587012878326627470087874",
                    "54067275844175185450265451145859420513",
                    "139008005705741279889019115769842795249",
                    "301954793450460953634022364525325029661",
                    "244195558835990736426134245007675438194"
                ]
            },
            "id": "ASB-A-259938771-56a13645",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/6d848929eab6249b0ba1b8bd6d454744850b1718",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "core/java/android/window/TaskFragmentOrganizer.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 146.0,
                "function_hash": "125141909306182988522930486158020411585"
            },
            "id": "ASB-A-259938771-817d648c",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/6d848929eab6249b0ba1b8bd6d454744850b1718",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "core/java/android/window/TaskFragmentOrganizer.java",
                "function": "applySyncTransaction"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "24167277397551134546542269956654826946",
                    "59354035683255245686438663322948847719",
                    "141436198444055060434533248862068064600",
                    "71372327696440544856753655530964729435",
                    "210089888014606679534144853351660770729"
                ]
            },
            "id": "ASB-A-259938771-ad972a6d",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/6d848929eab6249b0ba1b8bd6d454744850b1718",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "core/java/android/window/WindowOrganizer.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 909.0,
                "function_hash": "94972001688045139022611512129235857976"
            },
            "id": "ASB-A-259938771-b416cfee",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/6d848929eab6249b0ba1b8bd6d454744850b1718",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/wm/WindowOrganizerController.java",
                "function": "applySyncTransaction"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "94873515176354498119726965180125014759",
                    "69134896768068446205333039147865737471",
                    "43153660374862486007131981049621156825",
                    "47773090083289433534609771822341692986"
                ]
            },
            "id": "ASB-A-259938771-c13d2766",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/6d848929eab6249b0ba1b8bd6d454744850b1718",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/wm/WindowOrganizerController.java"
            },
            "signature_type": "Line"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/6d848929eab6249b0ba1b8bd6d454744850b1718"
    ],
    "spl": "2023-05-01",
    "severity": "High",
    "types": [
        "ID"
    ]
}