{"id":"ASB-A-240267890", "published":"2023-02-01T00:00:00Z", "modified":"2026-04-30T15:48:46.890647439Z", "aliases":["CVE-2023-20943", "A-240267890"], "details":"In clearApplicationUserData of ActivityManagerService.java, there is a possible way to remove system files due to a path traversal error. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.", "affected":[{"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"10:0"}, {"fixed":"10:2023-02-01"}]}], "versions":["10"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/8b2e092146c7ab5c2952818dab6dcb6af9c417ce"], "severity":"High", "spl":"2023-02-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"218789402610649146534279806213882698053", "length":3389}, "id":"ASB-A-240267890-4efa69e3", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/8b2e092146c7ab5c2952818dab6dcb6af9c417ce", "target":{"file":"services/core/java/com/android/server/am/ActivityManagerService.java", "function":"clearApplicationUserData"}}, {"deprecated":false, "digest":{"function_hash":"165433686559303516868918071578743107540", "length":982}, "id":"ASB-A-240267890-af19b42b", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/8b2e092146c7ab5c2952818dab6dcb6af9c417ce", "target":{"file":"services/core/java/com/android/server/am/ActivityManagerService.java", "function":"onRemoveCompleted"}}, {"deprecated":false, "digest":{"line_hashes":["19023591753442047319068836492748830433", "52651044639622897885630658727967251800", "142835254940668524955337731002048445257", "266462200045313874316840433279366081525", "185110150976461916859425623723589893510", "314669603338881841686559024183172733431", "292921926393356967081892302753148509231", "185633619305411967409319888823786493953", "57537406593323258355711851392042148121", "73544146165314567653419880584141548669", "96268068996457097362106123178324082976", "1000070865591566840256793781922070385", "221836392391740426605061716026066846772", "49503635218691360593758188510630321839", "234322752101016168354101648054033901257", "59341603582000900163595850960933790917", "217578007770781325870538949999452319601"], "threshold":0.9}, "id":"ASB-A-240267890-bd7aa7d0", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/8b2e092146c7ab5c2952818dab6dcb6af9c417ce", "target":{"file":"services/core/java/com/android/server/am/ActivityManagerService.java"}}]}}, {"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"11:0"}, {"fixed":"11:2023-02-01"}]}], "versions":["11"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/0587cd294ae958af5ce7dd505fa919b4e3a13a6a"], "severity":"High", "spl":"2023-02-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"48304918318956533104010138608645094517", "length":996}, "id":"ASB-A-240267890-4689ac68", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/0587cd294ae958af5ce7dd505fa919b4e3a13a6a", "target":{"file":"services/core/java/com/android/server/am/ActivityManagerService.java", "function":"onRemoveCompleted"}}, {"deprecated":false, "digest":{"function_hash":"281721226776271417646888004390578358723", "length":3403}, "id":"ASB-A-240267890-a382a813", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/0587cd294ae958af5ce7dd505fa919b4e3a13a6a", "target":{"file":"services/core/java/com/android/server/am/ActivityManagerService.java", "function":"clearApplicationUserData"}}, {"deprecated":false, "digest":{"line_hashes":["19023591753442047319068836492748830433", "52651044639622897885630658727967251800", "142835254940668524955337731002048445257", "266462200045313874316840433279366081525", "185110150976461916859425623723589893510", "314669603338881841686559024183172733431", "292921926393356967081892302753148509231", "26074335394516852620157714560660330299", "131802145606347624638001126702220939140", "29393240277710218126833544989533756035", "93344404403566538279788203572755720164", "25033023018105414771597828547721161450", "107022013439612634245051802443808339606", "113015113835492962517966053418959053756", "162241249838221695089519972534284924145", "81185955015349658169332765966774356464", "217578007770781325870538949999452319601"], "threshold":0.9}, "id":"ASB-A-240267890-d31c4108", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/0587cd294ae958af5ce7dd505fa919b4e3a13a6a", "target":{"file":"services/core/java/com/android/server/am/ActivityManagerService.java"}}]}}, {"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"12:0"}, {"fixed":"12:2023-02-01"}]}], "versions":["12"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/1748c4e3569c960b3cc7af6fe76dc56b7929fc74"], "severity":"High", "spl":"2023-02-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"25704709540683270839982671053682562928", "length":1010}, "id":"ASB-A-240267890-5a262931", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/1748c4e3569c960b3cc7af6fe76dc56b7929fc74", "target":{"file":"services/core/java/com/android/server/am/ActivityManagerService.java", "function":"onRemoveCompleted"}}, {"deprecated":false, "digest":{"function_hash":"197022625998803206946365332501314725815", "length":3510}, "id":"ASB-A-240267890-dceeb151", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/1748c4e3569c960b3cc7af6fe76dc56b7929fc74", "target":{"file":"services/core/java/com/android/server/am/ActivityManagerService.java", "function":"clearApplicationUserData"}}, {"deprecated":false, "digest":{"line_hashes":["19023591753442047319068836492748830433", "52651044639622897885630658727967251800", "142835254940668524955337731002048445257", "266462200045313874316840433279366081525", "185110150976461916859425623723589893510", "314669603338881841686559024183172733431", "292921926393356967081892302753148509231", "26074335394516852620157714560660330299", "131802145606347624638001126702220939140", "5193485262852018112013593148456881020", "205835234934375033032846118326177404503", "50955005989019553957825154716998917532", "44723180485155276700501233611679072449", "296766035507375254846626169660850206327", "289627521686869940425266439884906353258", "77846570521540527583456841352965119288", "69007524958661669647209266690471934903"], "threshold":0.9}, "id":"ASB-A-240267890-fe15deb0", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/1748c4e3569c960b3cc7af6fe76dc56b7929fc74", "target":{"file":"services/core/java/com/android/server/am/ActivityManagerService.java"}}]}}, {"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"12L:0"}, {"fixed":"12L:2023-02-01"}]}], "versions":["12L"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/9baf03004b9152ac5a3018154465854ba4b4aa8e"], "severity":"High", "spl":"2023-02-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"197022625998803206946365332501314725815", "length":3510}, "id":"ASB-A-240267890-85c0f00a", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/9baf03004b9152ac5a3018154465854ba4b4aa8e", "target":{"file":"services/core/java/com/android/server/am/ActivityManagerService.java", "function":"clearApplicationUserData"}}, {"deprecated":false, "digest":{"function_hash":"25704709540683270839982671053682562928", "length":1010}, "id":"ASB-A-240267890-d5102df1", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/9baf03004b9152ac5a3018154465854ba4b4aa8e", "target":{"file":"services/core/java/com/android/server/am/ActivityManagerService.java", "function":"onRemoveCompleted"}}, {"deprecated":false, "digest":{"line_hashes":["19023591753442047319068836492748830433", "52651044639622897885630658727967251800", "142835254940668524955337731002048445257", "266462200045313874316840433279366081525", "185110150976461916859425623723589893510", "314669603338881841686559024183172733431", "292921926393356967081892302753148509231", "26074335394516852620157714560660330299", "131802145606347624638001126702220939140", "5193485262852018112013593148456881020", "205835234934375033032846118326177404503", "50955005989019553957825154716998917532", "44723180485155276700501233611679072449", "296766035507375254846626169660850206327", "289627521686869940425266439884906353258", "77846570521540527583456841352965119288", "69007524958661669647209266690471934903"], "threshold":0.9}, "id":"ASB-A-240267890-daa2de92", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/9baf03004b9152ac5a3018154465854ba4b4aa8e", "target":{"file":"services/core/java/com/android/server/am/ActivityManagerService.java"}}]}}, {"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"13:0"}, {"fixed":"13:2023-02-01"}]}], "versions":["13"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/94b10bba20f8d96964c80a8157fd8e02286eff68"], "severity":"High", "spl":"2023-02-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"306266303474995512994204301567941670120", "length":1099}, "id":"ASB-A-240267890-18bde628", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/94b10bba20f8d96964c80a8157fd8e02286eff68", "target":{"file":"services/core/java/com/android/server/am/ActivityManagerService.java", "function":"onRemoveCompleted"}}, {"deprecated":false, "digest":{"line_hashes":["19023591753442047319068836492748830433", "52651044639622897885630658727967251800", "142835254940668524955337731002048445257", "266462200045313874316840433279366081525", "185110150976461916859425623723589893510", "243354013767680916156176542676350888809", "282141756453166813397134019577865741769", "242360205959223563793524277019121002165", "272704362624956598487888867396206099590", "116358791319072628048265242690146315044", "131802145606347624638001126702220939140", "260689335989539307525992592168793184068", "30221961543927210908696824065619077193", "41966273680758090319055084234524876018", "216043695530903462632178712485053959841", "291529813944039398967917160182739371228", "259729072714311958273811571778911528203", "305602406385059455886982921729876113658", "94473953833050829154906721596955409962"], "threshold":0.9}, "id":"ASB-A-240267890-38b21dad", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/94b10bba20f8d96964c80a8157fd8e02286eff68", "target":{"file":"services/core/java/com/android/server/am/ActivityManagerService.java"}}, {"deprecated":false, "digest":{"function_hash":"274978653062025418454947224085038003010", "length":3824}, "id":"ASB-A-240267890-e3dc8a86", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/94b10bba20f8d96964c80a8157fd8e02286eff68", "target":{"file":"services/core/java/com/android/server/am/ActivityManagerService.java", "function":"clearApplicationUserData"}}]}}], "references":[{"type":"ADVISORY", "url":"https://source.android.com/security/bulletin/2023-02-01"}, {"type":"FIX", "url":"https://android.googlesource.com/platform/frameworks/base/+/2bcd5a5176d6a0f9514df21cec682ca51d798fe9"}]}