{"id":"ASB-A-235823542", "published":"2023-04-01T00:00:00Z", "modified":"2026-05-01T15:24:27.653932157Z", "aliases":["CVE-2023-21088", "A-235823542"], "details":"In deliverOnFlushComplete of LocationProviderManager.java, there is a possible way to bypass background activity launch restrictions due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.", "affected":[{"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"13-next:0"}, {"fixed":"13-next:2023-04-01"}]}], "versions":["13-next"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/0a172367c32858a314f95895908d717bd74ace21"], "severity":"High", "spl":"2023-04-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["326163088799272800982484615924156242297", "265673845877076413619296124225614798221", "54134849502702392557355762057910973959", "99407063306781831102421226536097530733"], "threshold":0.9}, "id":"ASB-A-235823542-64c09d67", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/0a172367c32858a314f95895908d717bd74ace21", "target":{"file":"services/core/java/com/android/server/location/provider/LocationProviderManager.java"}}, {"deprecated":false, "digest":{"function_hash":"21113831002185242309230079022666853382", "length":284}, "id":"ASB-A-235823542-cdf66d83", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/0a172367c32858a314f95895908d717bd74ace21", "target":{"file":"services/core/java/com/android/server/location/provider/LocationProviderManager.java", "function":"deliverOnFlushComplete"}}]}}, {"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"12:0"}, {"fixed":"12:2023-04-01"}]}], "versions":["12"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/750af79d5ccb282bb79ef40932858fbae801a48b"], "severity":"High", "spl":"2023-04-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"21113831002185242309230079022666853382", "length":284}, "id":"ASB-A-235823542-5e66ad4b", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/750af79d5ccb282bb79ef40932858fbae801a48b", "target":{"file":"services/core/java/com/android/server/location/provider/LocationProviderManager.java", "function":"deliverOnFlushComplete"}}, {"deprecated":false, "digest":{"line_hashes":["326163088799272800982484615924156242297", "265673845877076413619296124225614798221", "54134849502702392557355762057910973959", "99407063306781831102421226536097530733"], "threshold":0.9}, "id":"ASB-A-235823542-abd02f79", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/750af79d5ccb282bb79ef40932858fbae801a48b", "target":{"file":"services/core/java/com/android/server/location/provider/LocationProviderManager.java"}}]}}, {"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"12L:0"}, {"fixed":"12L:2023-04-01"}]}], "versions":["12L"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/11a9a5a08e6068fcc20bb3195cb179da0b6fc8c4"], "severity":"High", "spl":"2023-04-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"21113831002185242309230079022666853382", "length":284}, "id":"ASB-A-235823542-8b51a8a0", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/11a9a5a08e6068fcc20bb3195cb179da0b6fc8c4", "target":{"file":"services/core/java/com/android/server/location/provider/LocationProviderManager.java", "function":"deliverOnFlushComplete"}}, {"deprecated":false, "digest":{"line_hashes":["326163088799272800982484615924156242297", "265673845877076413619296124225614798221", "54134849502702392557355762057910973959", "99407063306781831102421226536097530733"], "threshold":0.9}, "id":"ASB-A-235823542-fd575d18", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/11a9a5a08e6068fcc20bb3195cb179da0b6fc8c4", "target":{"file":"services/core/java/com/android/server/location/provider/LocationProviderManager.java"}}]}}, {"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"13:0"}, {"fixed":"13:2023-04-01"}]}], "versions":["13"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/80bc46c48cb693ede724fac070a87df30d813efc"], "severity":"High", "spl":"2023-04-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["326163088799272800982484615924156242297", "265673845877076413619296124225614798221", "54134849502702392557355762057910973959", "99407063306781831102421226536097530733"], "threshold":0.9}, "id":"ASB-A-235823542-901a5864", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/80bc46c48cb693ede724fac070a87df30d813efc", "target":{"file":"services/core/java/com/android/server/location/provider/LocationProviderManager.java"}}, {"deprecated":false, "digest":{"function_hash":"21113831002185242309230079022666853382", "length":284}, "id":"ASB-A-235823542-b5af91fb", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/80bc46c48cb693ede724fac070a87df30d813efc", "target":{"file":"services/core/java/com/android/server/location/provider/LocationProviderManager.java", "function":"deliverOnFlushComplete"}}]}}], "references":[{"type":"ADVISORY", "url":"https://source.android.com/security/bulletin/2023-04-01"}, {"type":"FIX", "url":"https://android.googlesource.com/platform/frameworks/base/+/0924de4965f93f5a880754bcc2819a890fd45f0e"}]}