ASB-A-274759612

See a problem?
Import Source
https://storage.googleapis.com/android-osv/ASB-A-274759612.json
JSON Data
https://api.osv.dev/v1/vulns/ASB-A-274759612
Aliases
  • A-274759612
  • CVE-2023-21129
Published
2023-06-01T00:00:00Z
Modified
2024-08-07T19:30:05.845928Z
Summary
Starting Activities from background via Bubble Notification's fullscreenIntent even when the bubble notification is suppressed
Details

In getFullScreenIntentDecision of NotificationInterruptStateProviderImpl.java, there is a possible activity launch while the app is in the background due to a BAL bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.

References

Affected packages

Android / platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
13-next:0
Fixed
13-next:2023-06-01

Affected versions

Other

13-next

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 1536.0,
                "function_hash": "65544917434259113952001034947210031747"
            },
            "id": "ASB-A-274759612-498d5d4b",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/7d6152a013c2941dcfc58f53b0f16f59f5f7b177",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "packages/SystemUI/src/com/android/systemui/statusbar/notification/interruption/NotificationInterruptStateProviderImpl.java",
                "function": "getFullScreenIntentDecision"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "41798199021805118422247646454527960554",
                    "88680274204632969662148220593288076171",
                    "296376126253310850540355810432477350321"
                ]
            },
            "id": "ASB-A-274759612-50b80071",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/7d6152a013c2941dcfc58f53b0f16f59f5f7b177",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "packages/SystemUI/src/com/android/systemui/statusbar/notification/interruption/NotificationInterruptStateProvider.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 1008.0,
                "function_hash": "193999231145687377342109744076993553520"
            },
            "id": "ASB-A-274759612-726aa02d",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/7d6152a013c2941dcfc58f53b0f16f59f5f7b177",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "packages/SystemUI/src/com/android/systemui/statusbar/notification/interruption/NotificationInterruptStateProviderImpl.java",
                "function": "logFullScreenIntentDecision"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "247291974756218458065457002577327740700",
                    "126153532290169155951247703833832270112",
                    "325204627789186591080834563439233616921",
                    "87479642292905582079827001279485176644",
                    "77429336287496025662226619193404431208",
                    "86876303209031050898764889572875778696",
                    "325032885300232204102364722099171834572",
                    "108904166103786811473438341015830980887",
                    "289504772439195113573140439620033130559",
                    "257540948324937081754084800989621727542",
                    "201885650129991458274009552369561697812",
                    "106191448766803078244683190453173338294",
                    "139258219652626200403757301363139279363"
                ]
            },
            "id": "ASB-A-274759612-9fbb8afc",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/7d6152a013c2941dcfc58f53b0f16f59f5f7b177",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "packages/SystemUI/src/com/android/systemui/statusbar/notification/interruption/NotificationInterruptStateProviderImpl.java"
            },
            "signature_type": "Line"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/7d6152a013c2941dcfc58f53b0f16f59f5f7b177"
    ],
    "spl": "2023-06-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}

Android / platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
11:0
Fixed
11:2023-06-01

Affected versions

Other

11

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 1684.0,
                "function_hash": "286394845412138834036028669875194869315"
            },
            "id": "ASB-A-274759612-72b5d606",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/c60e264a551df9f880fd73683321b7e821429da7",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "packages/SystemUI/src/com/android/systemui/statusbar/notification/interruption/NotificationInterruptStateProviderImpl.java",
                "function": "shouldLaunchFullScreenIntentWhenAdded"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "174199387206990589120251576554840835594",
                    "57122416322648986154298650842509915280",
                    "330054609502327632612331195037666621745",
                    "129656775351737482769718064272548545405",
                    "123266378606330503341156992142040456098"
                ]
            },
            "id": "ASB-A-274759612-ad738d73",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/c60e264a551df9f880fd73683321b7e821429da7",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "packages/SystemUI/src/com/android/systemui/statusbar/notification/interruption/NotificationInterruptStateProviderImpl.java"
            },
            "signature_type": "Line"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/c60e264a551df9f880fd73683321b7e821429da7"
    ],
    "spl": "2023-06-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}

Android / platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
12:0
Fixed
12:2023-06-01

Affected versions

Other

12

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "174199387206990589120251576554840835594",
                    "57122416322648986154298650842509915280",
                    "330054609502327632612331195037666621745",
                    "129656775351737482769718064272548545405",
                    "123266378606330503341156992142040456098"
                ]
            },
            "id": "ASB-A-274759612-a1e6f03f",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/1bc1be92ce0d8bd8abd9efa13e85ac0d33556a3b",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "packages/SystemUI/src/com/android/systemui/statusbar/notification/interruption/NotificationInterruptStateProviderImpl.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 1684.0,
                "function_hash": "286394845412138834036028669875194869315"
            },
            "id": "ASB-A-274759612-dd63e256",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/1bc1be92ce0d8bd8abd9efa13e85ac0d33556a3b",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "packages/SystemUI/src/com/android/systemui/statusbar/notification/interruption/NotificationInterruptStateProviderImpl.java",
                "function": "shouldLaunchFullScreenIntentWhenAdded"
            },
            "signature_type": "Function"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/1bc1be92ce0d8bd8abd9efa13e85ac0d33556a3b"
    ],
    "spl": "2023-06-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}

Android / platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
12L:0
Fixed
12L:2023-06-01

Affected versions

Other

12L

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "length": 1684.0,
                "function_hash": "286394845412138834036028669875194869315"
            },
            "id": "ASB-A-274759612-726df368",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/50c9d488021c0eb9663527caa06aad8b2e7c722c",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "packages/SystemUI/src/com/android/systemui/statusbar/notification/interruption/NotificationInterruptStateProviderImpl.java",
                "function": "shouldLaunchFullScreenIntentWhenAdded"
            },
            "signature_type": "Function"
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "174199387206990589120251576554840835594",
                    "57122416322648986154298650842509915280",
                    "330054609502327632612331195037666621745",
                    "129656775351737482769718064272548545405",
                    "123266378606330503341156992142040456098"
                ]
            },
            "id": "ASB-A-274759612-dc010c5f",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/50c9d488021c0eb9663527caa06aad8b2e7c722c",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "packages/SystemUI/src/com/android/systemui/statusbar/notification/interruption/NotificationInterruptStateProviderImpl.java"
            },
            "signature_type": "Line"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/50c9d488021c0eb9663527caa06aad8b2e7c722c"
    ],
    "spl": "2023-06-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}

Android / platform/frameworks/base

Affected ranges

Type
ECOSYSTEM
Events
Introduced
13:0
Fixed
13:2023-06-01

Affected versions

Other

13

Ecosystem specific

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "174199387206990589120251576554840835594",
                    "57122416322648986154298650842509915280",
                    "291434209727768900991004090959767345673",
                    "77211922118499331366931169379514631802",
                    "275309448129093892626561762699673128410"
                ]
            },
            "id": "ASB-A-274759612-39e28393",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/e65f0c9643b52e2656ac2da21dfd0fb7395de04c",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "packages/SystemUI/src/com/android/systemui/statusbar/notification/interruption/NotificationInterruptStateProviderImpl.java"
            },
            "signature_type": "Line"
        },
        {
            "digest": {
                "length": 1231.0,
                "function_hash": "251625850190279166080796893304347799501"
            },
            "id": "ASB-A-274759612-481cc72f",
            "source": "https://android.googlesource.com/platform/frameworks/base/+/e65f0c9643b52e2656ac2da21dfd0fb7395de04c",
            "deprecated": false,
            "signature_version": "v1",
            "target": {
                "file": "packages/SystemUI/src/com/android/systemui/statusbar/notification/interruption/NotificationInterruptStateProviderImpl.java",
                "function": "shouldLaunchFullScreenIntentWhenAdded"
            },
            "signature_type": "Function"
        }
    ],
    "fixes": [
        "https://android.googlesource.com/platform/frameworks/base/+/ce645d80ba53587e1f9d1aa656e9ddc3dbfb21b0",
        "https://android.googlesource.com/platform/frameworks/base/+/e65f0c9643b52e2656ac2da21dfd0fb7395de04c"
    ],
    "spl": "2023-06-01",
    "severity": "High",
    "types": [
        "EoP"
    ]
}