ASB-A-271845008

See a problem?
Import Source
https://storage.googleapis.com/android-osv/ASB-A-271845008.json
JSON Data
https://api.osv.dev/v1/vulns/ASB-A-271845008
Aliases
  • A-271845008
  • CVE-2023-21139
Published
2023-06-01T00:00:00Z
Modified
2024-08-07T19:29:50.760429Z
Summary
LaunchAnywhere in SysUI via media notification
Details

In bindPlayer of MediaControlPanel.java, there is a possible launch arbitrary activity in SysUI due to Unsafe Intent. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

References

Affected packages

Android / platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
13-next:0
Fixed
13-next:2023-06-01

Affected versions

Other

13-next

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 2059.0,
                "function_hash": "254644884694687109360640311617995831397"
            },
            "id": "ASB-A-271845008-39f9dd6a",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/cb2904c7ff653a87cc98904bcb3bcb9c3b6e06ea",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "packages/SystemUI/src/com/android/systemui/media/controls/ui/MediaControlPanel.java",
                "function": "bindPlayer"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "32321186622478425026496799812965654746",
                    "197114536167534174216724412977697749190",
                    "55029022760377548866766922750307769264",
                    "285752621455018809560792986311288391383",
                    "123869556378501402335999624476096384971",
                    "40050375078905834760266758753264741740",
                    "139755580631488945207257615634045370019",
                    "171453231171332376786162237006679997530",
                    "273566126816688337839650409248451707822",
                    "219183577639449754228598901883934237633",
                    "247361110281580611028390613820865588334"
                ]
            },
            "id": "ASB-A-271845008-43c5ff1b",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/cb2904c7ff653a87cc98904bcb3bcb9c3b6e06ea",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "packages/SystemUI/src/com/android/systemui/media/controls/ui/MediaControlPanel.java"
            },
            "signature_type": "Line"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/cb2904c7ff653a87cc98904bcb3bcb9c3b6e06ea"
    ],
    "spl": "2023-06-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}

Android / platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
13:0
Fixed
13:2023-06-01

Affected versions

Other

13

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 197.0,
                "function_hash": "78745471563276901678845532427090193812"
            },
            "id": "ASB-A-271845008-064e8ae4",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/6c4a347bd225f6427b50978ae02ad6f1af15f538",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/pm/PackageManagerInternalBase.java",
                "function": "queryIntentActivities"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "219103171606208111390459282156658106579",
                    "42751191032676820378334489928836626626",
                    "212879122132098680344943225565944546688"
                ]
            },
            "id": "ASB-A-271845008-1e38d5ff",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/6c4a347bd225f6427b50978ae02ad6f1af15f538",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/pm/ComputerEngine.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "32321186622478425026496799812965654746",
                    "197114536167534174216724412977697749190",
                    "55029022760377548866766922750307769264",
                    "285752621455018809560792986311288391383",
                    "123869556378501402335999624476096384971",
                    "40050375078905834760266758753264741740",
                    "139755580631488945207257615634045370019",
                    "171453231171332376786162237006679997530",
                    "273566126816688337839650409248451707822",
                    "219183577639449754228598901883934237633",
                    "247361110281580611028390613820865588334"
                ]
            },
            "id": "ASB-A-271845008-224c541f",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/223e9c5839308d8cd2e14242315a0e27a5154258",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "packages/SystemUI/src/com/android/systemui/media/MediaControlPanel.java"
            },
            "signature_type": "Line"
        },
        {
            "match_only_versions": [
                "13"
            ],
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "135542876691881457800174126891548670462",
                    "101494581465747771988168920529117761495",
                    "131922853351039576208234686243169401070",
                    "9413301174270534008443788113338114451",
                    "115382658339630236465444767598201868514",
                    "240451254422274110276975739140569497810",
                    "214438263518390320628691608255003429185",
                    "34845624562396525403054196938655793516",
                    "178599353584987838950370902475955887095",
                    "8205114977588376554469430109309893620",
                    "245685455233671269279525686641618557432",
                    "262184241501960405093244552451478728060",
                    "62955635762453522672927935346905470104",
                    "262318357714189165330933641641657186838",
                    "241973081496200180792888983685832963467",
                    "47395095852786439646745444343823516853",
                    "8794521445931323481114660403684841272",
                    "108121731112564968108325370293693694843",
                    "174115300151019868265826333063888095008",
                    "182471343304056705691555222777593887353",
                    "215387031388644380581660308928954296454",
                    "89125285953424595303937648151201236370",
                    "100152070943127767372669874702743098404"
                ]
            },
            "id": "ASB-A-271845008-40a54a35",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/6c4a347bd225f6427b50978ae02ad6f1af15f538",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/am/ActivityManagerService.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "206535368192165133378864555332304687207",
                    "197278158694007071014626855053256538322",
                    "102611065600773785065285762143892405323",
                    "330408950157360963923318400147103041533"
                ]
            },
            "id": "ASB-A-271845008-4ea7c97d",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/6c4a347bd225f6427b50978ae02ad6f1af15f538",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/pm/PackageManagerInternalBase.java"
            },
            "signature_type": "Line"
        },
        {
            "match_only_versions": [
                "13"
            ],
            "digest": {
                "length": 635.0,
                "function_hash": "184541793108889883826723746171360051309"
            },
            "exact_target_file_match_only": true,
            "source": "https://android.googlesource.com/platform/frameworks/base/+/3ee3b7a20a109063cdc2233a1429f78ad8c5ab79",
            "deprecated": false,
            "id": "ASB-A-271845008-53b18e7a",
            "signature_version": "v1",
            "target": {
                "file": "packages/SystemUI/src/com/android/systemui/statusbar/phone/StatusBarRemoteInputCallback.java",
                "function": "handleRemoteViewClick"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 1041.0,
                "function_hash": "286088843615190968846333630048081541692"
            },
            "exact_target_file_match_only": true,
            "source": "https://android.googlesource.com/platform/frameworks/base/+/3ee3b7a20a109063cdc2233a1429f78ad8c5ab79",
            "deprecated": false,
            "id": "ASB-A-271845008-88762823",
            "signature_version": "v1",
            "target": {
                "file": "packages/SystemUI/src/com/android/systemui/statusbar/phone/CentralSurfacesImpl.java",
                "function": "startPendingIntentDismissingKeyguard"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 1303.0,
                "function_hash": "178616258967409317397577551229532770967"
            },
            "exact_target_file_match_only": true,
            "source": "https://android.googlesource.com/platform/frameworks/base/+/3ee3b7a20a109063cdc2233a1429f78ad8c5ab79",
            "deprecated": false,
            "id": "ASB-A-271845008-8df68b40",
            "signature_version": "v1",
            "target": {
                "file": "packages/SystemUI/src/com/android/systemui/statusbar/phone/StatusBarNotificationActivityStarter.java",
                "function": "onNotificationClicked"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 1728.0,
                "function_hash": "64086447659528062863062671250108132"
            },
            "id": "ASB-A-271845008-9195db4e",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/223e9c5839308d8cd2e14242315a0e27a5154258",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "packages/SystemUI/src/com/android/systemui/media/MediaControlPanel.java",
                "function": "bindPlayer"
            },
            "signature_type": "Function"
        },
        {
            "match_only_versions": [
                "13"
            ],
            "digest": {
                "length": 522.0,
                "function_hash": "258082371803861302409038893350652173138"
            },
            "exact_target_file_match_only": true,
            "source": "https://android.googlesource.com/platform/frameworks/base/+/3ee3b7a20a109063cdc2233a1429f78ad8c5ab79",
            "deprecated": false,
            "id": "ASB-A-271845008-9c90767f",
            "signature_version": "v1",
            "target": {
                "file": "packages/SystemUI/src/com/android/systemui/ActivityIntentHelper.java",
                "function": "getTargetActivityInfo"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "227111203126462132839911405617692621574",
                    "299731065251190970605764112717447872684",
                    "181064642354844931985489510036490731993",
                    "83614579089263366459761726885417309166"
                ]
            },
            "exact_target_file_match_only": true,
            "source": "https://android.googlesource.com/platform/frameworks/base/+/3ee3b7a20a109063cdc2233a1429f78ad8c5ab79",
            "deprecated": false,
            "id": "ASB-A-271845008-9d7d5a5e",
            "signature_version": "v1",
            "target": {
                "file": "packages/SystemUI/src/com/android/systemui/statusbar/phone/CentralSurfacesImpl.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "154158448839737934387782205624416406452",
                    "189343675409681482264294634432802115312",
                    "159589826654596615965487049535684055662",
                    "290480052243468584272391351789721865298",
                    "251378210182350005787949925835752974625",
                    "48070887955904611512823487357584091551",
                    "292249950543453124863373236695554660520",
                    "120792672116670357853305694201266022212",
                    "27545028907470929425206290872797400585"
                ]
            },
            "exact_target_file_match_only": true,
            "source": "https://android.googlesource.com/platform/frameworks/base/+/3ee3b7a20a109063cdc2233a1429f78ad8c5ab79",
            "deprecated": false,
            "id": "ASB-A-271845008-b200de20",
            "signature_version": "v1",
            "target": {
                "file": "packages/SystemUI/src/com/android/systemui/statusbar/phone/StatusBarNotificationActivityStarter.java"
            },
            "signature_type": "Line"
        },
        {
            "match_only_versions": [
                "13"
            ],
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "50454412654763931134233321317447229068",
                    "30013225977220218034766024897994265391",
                    "293822949742712987548957482238716755057",
                    "242150876751779382888717150321923980653",
                    "40800314990889636612815428278997086650"
                ]
            },
            "exact_target_file_match_only": true,
            "source": "https://android.googlesource.com/platform/frameworks/base/+/3ee3b7a20a109063cdc2233a1429f78ad8c5ab79",
            "deprecated": false,
            "id": "ASB-A-271845008-c1c1fa3c",
            "signature_version": "v1",
            "target": {
                "file": "packages/SystemUI/src/com/android/systemui/statusbar/phone/StatusBarRemoteInputCallback.java"
            },
            "signature_type": "Line"
        },
        {
            "match_only_versions": [
                "13"
            ],
            "digest": {
                "length": 1021.0,
                "function_hash": "174970559769128569528789129778070214766"
            },
            "id": "ASB-A-271845008-cd6f432c",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/6c4a347bd225f6427b50978ae02ad6f1af15f538",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/am/ActivityManagerService.java",
                "function": "queryIntentComponentsForIntentSender"
            },
            "signature_type": "Function"
        },
        {
            "match_only_versions": [
                "13"
            ],
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "279452420605944529287858660104943227928",
                    "297817759332956460786286352756478452973",
                    "283718113760667542417593542265634207274",
                    "297142545432450160884900722838657984254",
                    "171166836102926374318215215279548522872",
                    "44929399260439157859268675000730310207",
                    "36657217421929944235347609769914142476",
                    "297899968368295158094566844842418354821",
                    "47104960082448654964506702767101529405",
                    "112438216916822437734175830135656700409",
                    "104763288006786384546874089997686914683",
                    "6786696123406831254262800566828319140",
                    "209987263421852108559154336121566171762",
                    "220942021495262776868147244381106568562",
                    "266341740573206455300379416695739530969",
                    "89116456000894999502422585451747833580",
                    "279005987229065417342160784455435867539",
                    "63516849009322620667611818542424714483",
                    "67754155622386422899887103761490160876",
                    "175840438916755706840317225996919333203",
                    "209538324099419047165411068880982334196",
                    "93927960070191315016039441139628115968",
                    "31907771833404063579795170068209517135",
                    "101997094792374482962736997198288031261",
                    "15854559075848294332399399505026274927",
                    "76429923685655151830610341265204503946",
                    "214179078821018585551078105206271108550",
                    "254582942163694371096891418714042637901",
                    "252224366672296261498230455905136005603"
                ]
            },
            "exact_target_file_match_only": true,
            "source": "https://android.googlesource.com/platform/frameworks/base/+/3ee3b7a20a109063cdc2233a1429f78ad8c5ab79",
            "deprecated": false,
            "id": "ASB-A-271845008-d11d6208",
            "signature_version": "v1",
            "target": {
                "file": "packages/SystemUI/src/com/android/systemui/ActivityIntentHelper.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "46199225223002498813501284967081537155",
                    "184384096706449390226371002128345091409",
                    "142758306640343396013190116045428603001",
                    "261710390796188921390051419611002869500"
                ]
            },
            "id": "ASB-A-271845008-f50c0fd5",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/6c4a347bd225f6427b50978ae02ad6f1af15f538",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/core/java/com/android/server/pm/Computer.java"
            },
            "signature_type": "Line"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/223e9c5839308d8cd2e14242315a0e27a5154258",
        "https://android.googlesource.com/platform/frameworks/base/+/3ee3b7a20a109063cdc2233a1429f78ad8c5ab79",
        "https://android.googlesource.com/platform/frameworks/base/+/6c4a347bd225f6427b50978ae02ad6f1af15f538"
    ],
    "spl": "2023-06-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}