ASB-A-272020068

See a problem?
Import Source
https://storage.googleapis.com/android-osv/ASB-A-272020068.json
JSON Data
https://api.osv.dev/v1/vulns/ASB-A-272020068
Aliases
  • A-272020068
  • CVE-2023-21289
Published
2023-08-01T00:00:00Z
Modified
2024-08-07T19:29:30.775545Z
Summary
ADP Grant - Detecting photos belonging to other users via SystemUI QuickAccessWalletTile and WalletView
Details

In multiple locations, there is a possible bypass of a multi user security boundary due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

References

Affected packages

Android / platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
13-next:0
Fixed
13-next:2023-08-01

Affected versions

Other

13-next

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "154024289320809624274946460578804696757",
                    "151588659087965012770835819375748979376",
                    "280364402766476244468737029756931468904",
                    "11057617847484421365866785521485864046",
                    "308960376137552327290394868068852179052"
                ]
            },
            "id": "ASB-A-272020068-03f41490",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/ff753ae693065685d85bbda6af2953905fdf434c",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "packages/SystemUI/src/com/android/systemui/qs/tiles/QuickAccessWalletTile.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 673.0,
                "function_hash": "81702766632057871562352111814049922870"
            },
            "id": "ASB-A-272020068-4bb9dbd2",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/ff753ae693065685d85bbda6af2953905fdf434c",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "packages/SystemUI/src/com/android/systemui/qs/tiles/QuickAccessWalletTile.java",
                "function": "onWalletCardsRetrieved"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "184641559218894618212227008777356932071",
                    "258488567682341411313240920445946856462",
                    "288065892403114452316990344918332207873",
                    "86684942475027882702316005456625254702"
                ]
            },
            "id": "ASB-A-272020068-63eb63b2",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/ff753ae693065685d85bbda6af2953905fdf434c",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "packages/SystemUI/src/com/android/systemui/wallet/ui/WalletScreenController.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 235.0,
                "function_hash": "321485103869401293967141542063908118035"
            },
            "id": "ASB-A-272020068-c7ef98a4",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/ff753ae693065685d85bbda6af2953905fdf434c",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "packages/SystemUI/src/com/android/systemui/wallet/ui/WalletScreenController.java",
                "function": "QAWalletCardViewInfo"
            },
            "signature_type": "Function"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/ff753ae693065685d85bbda6af2953905fdf434c"
    ],
    "spl": "2023-08-01",
    "severity": "High",
    "types": [
        "ID"
    ]
}

Android / platform/packages/apps/QuickAccessWallet

Affected ranges

Type
ECOSYSTEM
Events
Introduced
11:0
Fixed
11:2023-08-01

Affected versions

Other

11

Ecosystem specific

{
    "vanir_signatures": [
        {
            "match_only_versions": [
                "11"
            ],
            "digest": {
                "length": 239.0,
                "function_hash": "245266871400380683230443391127046152544"
            },
            "id": "ASB-A-272020068-141d9e90",
            "source": "https://android.googlesource.com/platform/packages/apps/QuickAccessWallet/+/36284852414f25d2977100fc98d1b1db4f7e6482",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/com/android/systemui/plugin/globalactions/wallet/WalletPanelViewController.java",
                "function": "QAWalletCardViewInfo"
            },
            "signature_type": "Function"
        },
        {
            "match_only_versions": [
                "11"
            ],
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "73742276252965827634920533043700763320",
                    "240890450615297895378835783092766574491",
                    "193037111863378980735374553742452417935",
                    "40472249060584533601300591027013008216",
                    "275951776690968169302265799332597296180",
                    "176061753774235849630070741735145956856",
                    "181051966795297764024482497327111189936",
                    "56247703958925250325187635788824166336"
                ]
            },
            "id": "ASB-A-272020068-d70b157c",
            "source": "https://android.googlesource.com/platform/packages/apps/QuickAccessWallet/+/36284852414f25d2977100fc98d1b1db4f7e6482",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "src/com/android/systemui/plugin/globalactions/wallet/WalletPanelViewController.java"
            },
            "signature_type": "Line"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/packages/apps/QuickAccessWallet/+/36284852414f25d2977100fc98d1b1db4f7e6482"
    ],
    "spl": "2023-08-01",
    "severity": "High",
    "types": [
        "ID"
    ]
}

Android / platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
12:0
Fixed
12:2023-08-01

Affected versions

Other

12

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 673.0,
                "function_hash": "81702766632057871562352111814049922870"
            },
            "id": "ASB-A-272020068-57912457",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/ff753ae693065685d85bbda6af2953905fdf434c",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "packages/SystemUI/src/com/android/systemui/qs/tiles/QuickAccessWalletTile.java",
                "function": "onWalletCardsRetrieved"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "154024289320809624274946460578804696757",
                    "151588659087965012770835819375748979376",
                    "280364402766476244468737029756931468904",
                    "11057617847484421365866785521485864046",
                    "308960376137552327290394868068852179052"
                ]
            },
            "id": "ASB-A-272020068-8bd98fb8",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/ff753ae693065685d85bbda6af2953905fdf434c",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "packages/SystemUI/src/com/android/systemui/qs/tiles/QuickAccessWalletTile.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "184641559218894618212227008777356932071",
                    "258488567682341411313240920445946856462",
                    "288065892403114452316990344918332207873",
                    "86684942475027882702316005456625254702"
                ]
            },
            "id": "ASB-A-272020068-bd6f8cd6",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/ff753ae693065685d85bbda6af2953905fdf434c",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "packages/SystemUI/src/com/android/systemui/wallet/ui/WalletScreenController.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 235.0,
                "function_hash": "321485103869401293967141542063908118035"
            },
            "id": "ASB-A-272020068-dbe5c40b",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/ff753ae693065685d85bbda6af2953905fdf434c",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "packages/SystemUI/src/com/android/systemui/wallet/ui/WalletScreenController.java",
                "function": "QAWalletCardViewInfo"
            },
            "signature_type": "Function"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/ff753ae693065685d85bbda6af2953905fdf434c"
    ],
    "spl": "2023-08-01",
    "severity": "High",
    "types": [
        "ID"
    ]
}

Android / platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
12L:0
Fixed
12L:2023-08-01

Affected versions

Other

12L

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "184641559218894618212227008777356932071",
                    "258488567682341411313240920445946856462",
                    "288065892403114452316990344918332207873",
                    "86684942475027882702316005456625254702"
                ]
            },
            "id": "ASB-A-272020068-07a8563b",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/ff753ae693065685d85bbda6af2953905fdf434c",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "packages/SystemUI/src/com/android/systemui/wallet/ui/WalletScreenController.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 673.0,
                "function_hash": "81702766632057871562352111814049922870"
            },
            "id": "ASB-A-272020068-0bb643a7",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/ff753ae693065685d85bbda6af2953905fdf434c",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "packages/SystemUI/src/com/android/systemui/qs/tiles/QuickAccessWalletTile.java",
                "function": "onWalletCardsRetrieved"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "154024289320809624274946460578804696757",
                    "151588659087965012770835819375748979376",
                    "280364402766476244468737029756931468904",
                    "11057617847484421365866785521485864046",
                    "308960376137552327290394868068852179052"
                ]
            },
            "id": "ASB-A-272020068-bb06105e",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/ff753ae693065685d85bbda6af2953905fdf434c",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "packages/SystemUI/src/com/android/systemui/qs/tiles/QuickAccessWalletTile.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 235.0,
                "function_hash": "321485103869401293967141542063908118035"
            },
            "id": "ASB-A-272020068-d039ff23",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/ff753ae693065685d85bbda6af2953905fdf434c",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "packages/SystemUI/src/com/android/systemui/wallet/ui/WalletScreenController.java",
                "function": "QAWalletCardViewInfo"
            },
            "signature_type": "Function"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/ff753ae693065685d85bbda6af2953905fdf434c"
    ],
    "spl": "2023-08-01",
    "severity": "High",
    "types": [
        "ID"
    ]
}

Android / platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
13:0
Fixed
13:2023-08-01

Affected versions

Other

13

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 673.0,
                "function_hash": "81702766632057871562352111814049922870"
            },
            "id": "ASB-A-272020068-9feddd9a",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/ff753ae693065685d85bbda6af2953905fdf434c",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "packages/SystemUI/src/com/android/systemui/qs/tiles/QuickAccessWalletTile.java",
                "function": "onWalletCardsRetrieved"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "154024289320809624274946460578804696757",
                    "151588659087965012770835819375748979376",
                    "280364402766476244468737029756931468904",
                    "11057617847484421365866785521485864046",
                    "308960376137552327290394868068852179052"
                ]
            },
            "id": "ASB-A-272020068-c8554155",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/ff753ae693065685d85bbda6af2953905fdf434c",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "packages/SystemUI/src/com/android/systemui/qs/tiles/QuickAccessWalletTile.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 235.0,
                "function_hash": "321485103869401293967141542063908118035"
            },
            "id": "ASB-A-272020068-ef3b032e",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/ff753ae693065685d85bbda6af2953905fdf434c",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "packages/SystemUI/src/com/android/systemui/wallet/ui/WalletScreenController.java",
                "function": "QAWalletCardViewInfo"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "184641559218894618212227008777356932071",
                    "258488567682341411313240920445946856462",
                    "288065892403114452316990344918332207873",
                    "86684942475027882702316005456625254702"
                ]
            },
            "id": "ASB-A-272020068-eff5af57",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/ff753ae693065685d85bbda6af2953905fdf434c",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "packages/SystemUI/src/com/android/systemui/wallet/ui/WalletScreenController.java"
            },
            "signature_type": "Line"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/ff753ae693065685d85bbda6af2953905fdf434c"
    ],
    "spl": "2023-08-01",
    "severity": "High",
    "types": [
        "ID"
    ]
}