ASB-A-267231571

See a problem?
Import Source
https://storage.googleapis.com/android-osv/ASB-A-267231571.json
JSON Data
https://api.osv.dev/v1/vulns/ASB-A-267231571
Aliases
  • A-267231571
  • CVE-2023-21113
Published
2024-06-01T00:00:00Z
Modified
2024-08-07T19:29:49.654372Z
Summary
[Platform Fix] AttributionSource may incorrectly validate the calling uid and pid depending on usage
Details

In multiple locations, there is a possible permission bypass due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

References

Affected packages

Android / platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
14-next:0
Fixed
14-next:2024-06-01

Affected versions

Other

14-next

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "195550402797816292588254912733162168417",
                    "222726315588530079562870485722224082572",
                    "78024095867342747406732826113626643203"
                ]
            },
            "id": "ASB-A-267231571-50be1bb8",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/922e52bc3d2a6576cc3e45268dfc3ecd3550f45f",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "core/java/android/content/AttributionSource.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 118.0,
                "function_hash": "65482561538392167503070118561692593568"
            },
            "id": "ASB-A-267231571-a7437eb9",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/922e52bc3d2a6576cc3e45268dfc3ecd3550f45f",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "core/java/android/content/AttributionSource.java",
                "function": "AttributionSource"
            },
            "signature_type": "Function"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/922e52bc3d2a6576cc3e45268dfc3ecd3550f45f"
    ],
    "spl": "2024-06-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}

Android / platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
12:0
Fixed
12:2024-06-01

Affected versions

Other

12

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 118.0,
                "function_hash": "65482561538392167503070118561692593568"
            },
            "id": "ASB-A-267231571-214cc72e",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/694ba52858703c3959e6811edb9b3df32aeca702",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "core/java/android/content/AttributionSource.java",
                "function": "AttributionSource"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "85608146440550624711451569515011265786",
                    "134667738726446689465885015204823379435",
                    "193516609944774318276346078664239869520",
                    "72504497297320099541759337590342829110",
                    "143564837106201668626758104559472530739",
                    "81080628058858943913114647875447428095",
                    "62910983559400613884819492693008982423",
                    "35496733709311527721067366405464355179",
                    "195550402797816292588254912733162168417",
                    "222726315588530079562870485722224082572",
                    "78024095867342747406732826113626643203",
                    "184341647606462936188424543868571227788"
                ]
            },
            "id": "ASB-A-267231571-eaab9820",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/694ba52858703c3959e6811edb9b3df32aeca702",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "core/java/android/content/AttributionSource.java"
            },
            "signature_type": "Line"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/694ba52858703c3959e6811edb9b3df32aeca702"
    ],
    "spl": "2024-06-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}

Android / platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
12L:0
Fixed
12L:2024-06-01

Affected versions

Other

12L

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 118.0,
                "function_hash": "65482561538392167503070118561692593568"
            },
            "id": "ASB-A-267231571-3449e761",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/694ba52858703c3959e6811edb9b3df32aeca702",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "core/java/android/content/AttributionSource.java",
                "function": "AttributionSource"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "85608146440550624711451569515011265786",
                    "134667738726446689465885015204823379435",
                    "193516609944774318276346078664239869520",
                    "72504497297320099541759337590342829110",
                    "143564837106201668626758104559472530739",
                    "81080628058858943913114647875447428095",
                    "62910983559400613884819492693008982423",
                    "35496733709311527721067366405464355179",
                    "195550402797816292588254912733162168417",
                    "222726315588530079562870485722224082572",
                    "78024095867342747406732826113626643203",
                    "184341647606462936188424543868571227788"
                ]
            },
            "id": "ASB-A-267231571-dd46d33b",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/694ba52858703c3959e6811edb9b3df32aeca702",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "core/java/android/content/AttributionSource.java"
            },
            "signature_type": "Line"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/694ba52858703c3959e6811edb9b3df32aeca702"
    ],
    "spl": "2024-06-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}

Android / platform/build/soong

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
13:0
Fixed
13:2024-06-01

Affected versions

Other

13

Ecosystem specific

{
    "fixes": [
        "https://android.googlesource.com/platform/build/soong/+/6fa44c197335a8bea4f96cce3296f5c92d8dd7e7"
    ],
    "spl": "2024-06-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}

Android / platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
13:0
Fixed
13:2024-06-01

Affected versions

Other

13

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 118.0,
                "function_hash": "65482561538392167503070118561692593568"
            },
            "id": "ASB-A-267231571-8d6d74a9",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/5d79e535b9a802680062545e15fc1faaf779c0bf",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "core/java/android/content/AttributionSource.java",
                "function": "AttributionSource"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "85608146440550624711451569515011265786",
                    "134667738726446689465885015204823379435",
                    "193516609944774318276346078664239869520",
                    "72504497297320099541759337590342829110",
                    "143564837106201668626758104559472530739",
                    "81080628058858943913114647875447428095",
                    "62910983559400613884819492693008982423",
                    "35496733709311527721067366405464355179",
                    "195550402797816292588254912733162168417",
                    "222726315588530079562870485722224082572",
                    "78024095867342747406732826113626643203",
                    "184341647606462936188424543868571227788"
                ]
            },
            "id": "ASB-A-267231571-d5ae90aa",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/5d79e535b9a802680062545e15fc1faaf779c0bf",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "core/java/android/content/AttributionSource.java"
            },
            "signature_type": "Line"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/5d79e535b9a802680062545e15fc1faaf779c0bf"
    ],
    "spl": "2024-06-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}

Android / platform/prebuilts/module_sdk/Wifi

Affected ranges

Type
ECOSYSTEM
Events
Introduced
13:0
Fixed
13:2024-06-01

Affected versions

Other

13

Ecosystem specific

{
    "fixes": [
        "https://android.googlesource.com/platform/prebuilts/module_sdk/Wifi/+/2ff2726e38819c05769e09dee3e0dfe56ac7e857"
    ],
    "spl": "2024-06-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}