{"id":"ASB-A-251778420", "published":"2023-03-01T00:00:00Z", "modified":"2026-04-29T15:10:00.007170452Z", "aliases":["CVE-2023-20953", "A-251778420"], "details":"In onPrimaryClipChanged of ClipboardListener.java, there is a possible way to bypass factory reset protection due to incorrect UI being shown prior to setup completion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.", "affected":[{"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"13-next:0"}, {"fixed":"13-next:2023-03-01"}]}], "versions":["13-next"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/828a0f4119dc9fcc4d37b7bebf273e50ad9452f8"], "severity":"High", "spl":"2023-03-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["156089486446672276104939384709799485012", "247489564588645683066041968166888899408", "159333107798570288722831522931981089116", "7779789082296313623919544458835083841"], "threshold":0.9}, "id":"ASB-A-251778420-1ba90f53", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/828a0f4119dc9fcc4d37b7bebf273e50ad9452f8", "target":{"file":"packages/SystemUI/src/com/android/systemui/clipboardoverlay/ClipboardOverlayEvent.java"}}, {"deprecated":false, "digest":{"function_hash":"163616617409505397925772287913492927131", "length":370}, "id":"ASB-A-251778420-e65b21b2", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/828a0f4119dc9fcc4d37b7bebf273e50ad9452f8", "target":{"file":"packages/SystemUI/src/com/android/systemui/clipboardoverlay/ClipboardListener.java", "function":"ClipboardListener"}}, {"deprecated":false, "digest":{"line_hashes":["309581880082468664890615874362150298307", "290713473686484743134435199018660868192", "125086800664531810233244192573394945604", "213397167234201302211258576993310905521", "278022484617456028622226787674637850115", "223822114968220071995820990362281277239", "60254624148788914146812642766198597675", "122477520417919189248448050365781709757", "131612434293971132997415771018155786932", "269608855099054148987306395709298825063", "122452521751584533698827875918308582641", "74404033281583706059496170027092788709", "19406050301543940170011858521462660821", "257953885181127943614555779612410865412", "151674660547208224282796242661472765441", "241456740878156651035435419854837801161", "271939621894415413819538425139888966960", "286854077548159339452735490885179277316", "12032462277226907458175941468009316201", "193313797412553161777221056153129801807", "248560729695152217155726981239557645810", "156321972731938097640597609995111951200", "75738616800887975703766665217168134669", "108942948949134335390799107156065291892", "70759375248159447586080211205304490687", "63117889591247637637495899209034550212", "95057946815911575937226800607872892391", "334913295936487476872037364203414688009", "310139932874319052922534928380921507855", "229863061187885724883184160459852161773"], "threshold":0.9}, "id":"ASB-A-251778420-f7763afd", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/828a0f4119dc9fcc4d37b7bebf273e50ad9452f8", "target":{"file":"packages/SystemUI/src/com/android/systemui/clipboardoverlay/ClipboardListener.java"}}, {"deprecated":false, "digest":{"function_hash":"219351335013367947261065571847453308197", "length":858}, "id":"ASB-A-251778420-fd45b4c8", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/828a0f4119dc9fcc4d37b7bebf273e50ad9452f8", "target":{"file":"packages/SystemUI/src/com/android/systemui/clipboardoverlay/ClipboardListener.java", "function":"onPrimaryClipChanged"}}]}}, {"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"13:0"}, {"fixed":"13:2023-03-01"}]}], "versions":["13"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/d7a278b39b01cc702b662be8b34bce1d57a9c1bc"], "severity":"High", "spl":"2023-03-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["309581880082468664890615874362150298307", "290713473686484743134435199018660868192", "125086800664531810233244192573394945604", "213397167234201302211258576993310905521", "278022484617456028622226787674637850115", "223822114968220071995820990362281277239", "60254624148788914146812642766198597675", "122477520417919189248448050365781709757", "131612434293971132997415771018155786932", "125779980347631476019928671724312763687", "169493190944002751429899487613272271182", "66879199921287805607875445529951955848", "314842808877825538817675070553731191825", "25229828275610777341056241225813543088", "281089925387180210179754115820347940627", "170124664270987702032518632205966714408", "195365186065560602252128432150883688526", "104183916122917838078245832284816992076", "98812802323807388100124691672265923753", "74503409301123797152219791772415137143", "330786941628146078507284131374059267072", "203857675260388581819490843047309835141", "52755846890464675160805277348157355398", "70759375248159447586080211205304490687", "63117889591247637637495899209034550212", "95057946815911575937226800607872892391", "255968344502106778106651872309622454916"], "threshold":0.9}, "id":"ASB-A-251778420-19954fb6", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/d7a278b39b01cc702b662be8b34bce1d57a9c1bc", "target":{"file":"packages/SystemUI/src/com/android/systemui/clipboardoverlay/ClipboardListener.java"}}, {"deprecated":false, "digest":{"function_hash":"183291673990674099932770244616853195957", "length":205}, "id":"ASB-A-251778420-c3f65ed1", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/d7a278b39b01cc702b662be8b34bce1d57a9c1bc", "target":{"file":"packages/SystemUI/src/com/android/systemui/clipboardoverlay/ClipboardListener.java", "function":"ClipboardListener"}}, {"deprecated":false, "digest":{"function_hash":"279707309442175443040838845589895096753", "length":700}, "id":"ASB-A-251778420-ca61cee5", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/d7a278b39b01cc702b662be8b34bce1d57a9c1bc", "target":{"file":"packages/SystemUI/src/com/android/systemui/clipboardoverlay/ClipboardListener.java", "function":"onPrimaryClipChanged"}}, {"deprecated":false, "digest":{"line_hashes":["156089486446672276104939384709799485012", "247489564588645683066041968166888899408", "159333107798570288722831522931981089116", "7779789082296313623919544458835083841"], "threshold":0.9}, "id":"ASB-A-251778420-d886441c", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/d7a278b39b01cc702b662be8b34bce1d57a9c1bc", "target":{"file":"packages/SystemUI/src/com/android/systemui/clipboardoverlay/ClipboardOverlayEvent.java"}}]}}], "references":[{"type":"ADVISORY", "url":"https://source.android.com/security/bulletin/2023-03-01"}, {"type":"FIX", "url":"https://android.googlesource.com/platform/frameworks/base/+/14a958756ff5725093199e68d04d22a85badcc16"}]}