ASB-A-273729476

See a problem?
Import Source
https://storage.googleapis.com/android-osv/ASB-A-273729476.json
JSON Data
https://api.osv.dev/v1/vulns/ASB-A-273729476
Aliases
  • A-273729476
  • CVE-2023-21246
Published
2023-07-01T00:00:00Z
Modified
2024-08-07T19:29:45.251395Z
Summary
ADP Grant - Persisting existing notification access after reboot by posting a conversation notification with a shortcut with a super large id
Details

In ShortcutInfo of ShortcutInfo.java, there is a possible way for an app to retain notification listening access due to an uncaught exception. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

References

Affected packages

Android / platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
13-next:0
Fixed
13-next:2023-07-01

Affected versions

Other

13-next

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "333023602259954182407591694527434178520",
                    "337869878030822104246888389840736793242",
                    "285328395219631508285691000966376699480",
                    "158024499303725243928212550104409253659",
                    "267812003783876871256161605120373542132",
                    "55161413152641082180949585022664699746",
                    "21868203953259126963318603862973725232",
                    "215261582529318591946515271078132459386",
                    "195717514801609644954899280938760837044",
                    "304562569919733430224829126252878764450",
                    "249795983739251649821280849571668231352",
                    "152540884113697225885193684782527005283",
                    "114734990533994706273379491374072210808",
                    "269102602479188924088300564175206336770",
                    "302926344617479420812018111816586246989",
                    "89547591460084033524102375903752921621",
                    "175980200820200018495839744193661650150",
                    "106873435294979273991389082557842142152"
                ]
            },
            "id": "ASB-A-273729476-2e8559f3",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/9f3b191d04144e332daceeec2b4f64d295fdf30c",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "core/java/android/content/pm/ShortcutInfo.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "83187452248718024932908717078656163027",
                    "155037319459122252535095161197261350586",
                    "276194970133774068090153265408598565590"
                ]
            },
            "id": "ASB-A-273729476-6861c515",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/9f3b191d04144e332daceeec2b4f64d295fdf30c",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/tests/servicestests/src/com/android/server/pm/ShortcutManagerTest2.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 1031.0,
                "function_hash": "42574883310073255411351152638730580835"
            },
            "id": "ASB-A-273729476-85e0c977",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/9f3b191d04144e332daceeec2b4f64d295fdf30c",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "core/java/android/content/pm/ShortcutInfo.java",
                "function": "ShortcutInfo"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 1848.0,
                "function_hash": "331897836877221858023072162950012147910"
            },
            "id": "ASB-A-273729476-b01e953b",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/9f3b191d04144e332daceeec2b4f64d295fdf30c",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "core/java/android/content/pm/ShortcutInfo.java",
                "function": "ShortcutInfo"
            },
            "signature_type": "Function"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/9f3b191d04144e332daceeec2b4f64d295fdf30c"
    ],
    "spl": "2023-07-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}

Android / platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
11:0
Fixed
11:2023-07-01

Affected versions

Other

11

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 775.0,
                "function_hash": "209588116901681660311483726007507824926"
            },
            "id": "ASB-A-273729476-2d045025",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/f31df6234091b5b1de258a01dd4b2d8e5415ee2e",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "core/java/android/content/pm/ShortcutInfo.java",
                "function": "ShortcutInfo"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "178066479606260456397807105225735555126",
                    "5813050396736649723089278352748758078",
                    "106633034549640160275859246969274522407",
                    "210062582440393634920515023014158765431",
                    "83187452248718024932908717078656163027",
                    "155037319459122252535095161197261350586",
                    "276194970133774068090153265408598565590"
                ]
            },
            "id": "ASB-A-273729476-550045c5",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/f31df6234091b5b1de258a01dd4b2d8e5415ee2e",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/tests/servicestests/src/com/android/server/pm/ShortcutManagerTest2.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "267812003783876871256161605120373542132",
                    "55161413152641082180949585022664699746",
                    "21868203953259126963318603862973725232",
                    "37758467216667853439331968675072048171",
                    "195717514801609644954899280938760837044",
                    "304562569919733430224829126252878764450",
                    "249795983739251649821280849571668231352",
                    "152540884113697225885193684782527005283",
                    "114734990533994706273379491374072210808",
                    "269102602479188924088300564175206336770",
                    "302926344617479420812018111816586246989",
                    "89547591460084033524102375903752921621",
                    "305949819878249683593158030973979810914",
                    "58053691233098887120730646608229540836"
                ]
            },
            "id": "ASB-A-273729476-6a8531b1",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/f31df6234091b5b1de258a01dd4b2d8e5415ee2e",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "core/java/android/content/pm/ShortcutInfo.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 1436.0,
                "function_hash": "328645577999406322436556905913303246299"
            },
            "id": "ASB-A-273729476-7a392115",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/f31df6234091b5b1de258a01dd4b2d8e5415ee2e",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "core/java/android/content/pm/ShortcutInfo.java",
                "function": "ShortcutInfo"
            },
            "signature_type": "Function"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/f31df6234091b5b1de258a01dd4b2d8e5415ee2e"
    ],
    "spl": "2023-07-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}

Android / platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
12:0
Fixed
12:2023-07-01

Affected versions

Other

12

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 918.0,
                "function_hash": "92455432831317346802672959460846265974"
            },
            "id": "ASB-A-273729476-246650be",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/ab0c8ac5b47509a71f27c4e5e9ce104d51bab0a8",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "core/java/android/content/pm/ShortcutInfo.java",
                "function": "ShortcutInfo"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 1483.0,
                "function_hash": "33557153684161352340379549504679014313"
            },
            "id": "ASB-A-273729476-3b8e8e14",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/ab0c8ac5b47509a71f27c4e5e9ce104d51bab0a8",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "core/java/android/content/pm/ShortcutInfo.java",
                "function": "ShortcutInfo"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "178066479606260456397807105225735555126",
                    "5813050396736649723089278352748758078",
                    "106633034549640160275859246969274522407",
                    "210062582440393634920515023014158765431",
                    "83187452248718024932908717078656163027",
                    "155037319459122252535095161197261350586",
                    "276194970133774068090153265408598565590"
                ]
            },
            "id": "ASB-A-273729476-7aa1b55e",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/ab0c8ac5b47509a71f27c4e5e9ce104d51bab0a8",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/tests/servicestests/src/com/android/server/pm/ShortcutManagerTest2.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "267812003783876871256161605120373542132",
                    "55161413152641082180949585022664699746",
                    "21868203953259126963318603862973725232",
                    "296758649462212877677741594198979435025",
                    "195717514801609644954899280938760837044",
                    "304562569919733430224829126252878764450",
                    "249795983739251649821280849571668231352",
                    "152540884113697225885193684782527005283",
                    "114734990533994706273379491374072210808",
                    "269102602479188924088300564175206336770",
                    "302926344617479420812018111816586246989",
                    "89547591460084033524102375903752921621",
                    "305949819878249683593158030973979810914",
                    "58053691233098887120730646608229540836"
                ]
            },
            "id": "ASB-A-273729476-dcb743df",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/ab0c8ac5b47509a71f27c4e5e9ce104d51bab0a8",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "core/java/android/content/pm/ShortcutInfo.java"
            },
            "signature_type": "Line"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/ab0c8ac5b47509a71f27c4e5e9ce104d51bab0a8"
    ],
    "spl": "2023-07-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}

Android / platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
12L:0
Fixed
12L:2023-07-01

Affected versions

Other

12L

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 918.0,
                "function_hash": "92455432831317346802672959460846265974"
            },
            "id": "ASB-A-273729476-232c83c3",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/fee62a33da3e9a15d4ab5e4c8f730b50eae67cbe",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "core/java/android/content/pm/ShortcutInfo.java",
                "function": "ShortcutInfo"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 1483.0,
                "function_hash": "33557153684161352340379549504679014313"
            },
            "id": "ASB-A-273729476-404c97ce",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/fee62a33da3e9a15d4ab5e4c8f730b50eae67cbe",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "core/java/android/content/pm/ShortcutInfo.java",
                "function": "ShortcutInfo"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "267812003783876871256161605120373542132",
                    "55161413152641082180949585022664699746",
                    "21868203953259126963318603862973725232",
                    "296758649462212877677741594198979435025",
                    "195717514801609644954899280938760837044",
                    "304562569919733430224829126252878764450",
                    "249795983739251649821280849571668231352",
                    "152540884113697225885193684782527005283",
                    "114734990533994706273379491374072210808",
                    "269102602479188924088300564175206336770",
                    "302926344617479420812018111816586246989",
                    "89547591460084033524102375903752921621",
                    "305949819878249683593158030973979810914",
                    "58053691233098887120730646608229540836"
                ]
            },
            "id": "ASB-A-273729476-72c26654",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/fee62a33da3e9a15d4ab5e4c8f730b50eae67cbe",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "core/java/android/content/pm/ShortcutInfo.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "178066479606260456397807105225735555126",
                    "5813050396736649723089278352748758078",
                    "106633034549640160275859246969274522407",
                    "210062582440393634920515023014158765431",
                    "83187452248718024932908717078656163027",
                    "155037319459122252535095161197261350586",
                    "276194970133774068090153265408598565590"
                ]
            },
            "id": "ASB-A-273729476-73244623",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/fee62a33da3e9a15d4ab5e4c8f730b50eae67cbe",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/tests/servicestests/src/com/android/server/pm/ShortcutManagerTest2.java"
            },
            "signature_type": "Line"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/fee62a33da3e9a15d4ab5e4c8f730b50eae67cbe"
    ],
    "spl": "2023-07-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}

Android / platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
13:0
Fixed
13:2023-07-01

Affected versions

Other

13

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "83187452248718024932908717078656163027",
                    "155037319459122252535095161197261350586",
                    "276194970133774068090153265408598565590"
                ]
            },
            "id": "ASB-A-273729476-475871f5",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/d31fe58376000d1337a1c57bdac2c018b670b2ec",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "services/tests/servicestests/src/com/android/server/pm/ShortcutManagerTest2.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 1848.0,
                "function_hash": "331897836877221858023072162950012147910"
            },
            "id": "ASB-A-273729476-de470b4a",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/d31fe58376000d1337a1c57bdac2c018b670b2ec",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "core/java/android/content/pm/ShortcutInfo.java",
                "function": "ShortcutInfo"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "length": 1031.0,
                "function_hash": "42574883310073255411351152638730580835"
            },
            "id": "ASB-A-273729476-ecf6ec3d",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/d31fe58376000d1337a1c57bdac2c018b670b2ec",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "core/java/android/content/pm/ShortcutInfo.java",
                "function": "ShortcutInfo"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "267812003783876871256161605120373542132",
                    "55161413152641082180949585022664699746",
                    "21868203953259126963318603862973725232",
                    "215261582529318591946515271078132459386",
                    "195717514801609644954899280938760837044",
                    "304562569919733430224829126252878764450",
                    "249795983739251649821280849571668231352",
                    "152540884113697225885193684782527005283",
                    "114734990533994706273379491374072210808",
                    "269102602479188924088300564175206336770",
                    "302926344617479420812018111816586246989",
                    "89547591460084033524102375903752921621",
                    "175980200820200018495839744193661650150",
                    "106873435294979273991389082557842142152"
                ]
            },
            "id": "ASB-A-273729476-f77c4190",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/d31fe58376000d1337a1c57bdac2c018b670b2ec",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "core/java/android/content/pm/ShortcutInfo.java"
            },
            "signature_type": "Line"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/d31fe58376000d1337a1c57bdac2c018b670b2ec"
    ],
    "spl": "2023-07-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}