{"id":"ASB-A-260567867", "published":"2023-04-01T00:00:00Z", "modified":"2026-04-30T15:48:46.890647439Z", "aliases":["CVE-2023-21098", "A-260567867"], "details":"In multiple functions of AccountManagerService.java, there is a possible loading of arbitrary code into the System Settings app due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.", "affected":[{"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"13-next:0"}, {"fixed":"13-next:2023-04-01"}]}], "versions":["13-next"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/e7c9cedab64313054a5f1d6e249a3d7118f0fe6d"], "severity":"High", "spl":"2023-04-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"24063364796261288084818385041544745461", "length":2630}, "id":"ASB-A-260567867-0f0395d8", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/e7c9cedab64313054a5f1d6e249a3d7118f0fe6d", "target":{"file":"services/core/java/com/android/server/accounts/AccountManagerService.java", "function":"onResult"}}, {"deprecated":false, "digest":{"line_hashes":["102621481333874520227160300226568916637", "87791047021780292960520905960333961581", "227810543805131443330981162682500543823", "249209199335521875619203833124111623883", "333632741528280604425310716873061856856", "296970883249405432748384307226135802410", "322653182359092500475659955130112784308", "70126697754156643117209328007530417998", "339481037997816317821671594887686512293", "221003920048527419293013806736736766485", "97919473584709779965486999353676586848", "234298834527873990978626021844002463501", "300167801387346797691020387596466947641", "60697875491319249160746600633389088059", "101255738353673951573916089828613134146", "117460194778136373718489259647932296637", "221339240173144341381788826707641692497", "249209199335521875619203833124111623883", "333632741528280604425310716873061856856"], "threshold":0.9}, "id":"ASB-A-260567867-5018acee", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/e7c9cedab64313054a5f1d6e249a3d7118f0fe6d", "target":{"file":"services/core/java/com/android/server/accounts/AccountManagerService.java"}}, {"deprecated":false, "digest":{"function_hash":"134451419846464950394386447436239146278", "length":1320}, "id":"ASB-A-260567867-699f2b76", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/e7c9cedab64313054a5f1d6e249a3d7118f0fe6d", "target":{"file":"services/core/java/com/android/server/accounts/AccountManagerService.java", "function":"checkKeyIntent"}}, {"deprecated":false, "digest":{"function_hash":"100361811884416474232114843533415316660", "length":347}, "id":"ASB-A-260567867-732e1150", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/e7c9cedab64313054a5f1d6e249a3d7118f0fe6d", "target":{"file":"services/core/java/com/android/server/accounts/AccountManagerService.java", "function":"checkKeyIntentParceledCorrectly"}}, {"deprecated":false, "digest":{"function_hash":"274929591755527814202843495797426672204", "length":2228}, "id":"ASB-A-260567867-8d45e500", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/e7c9cedab64313054a5f1d6e249a3d7118f0fe6d", "target":{"file":"services/core/java/com/android/server/accounts/AccountManagerService.java", "function":"onResult"}}]}}, {"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"11:0"}, {"fixed":"11:2023-04-01"}]}], "versions":["11"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/9f623983a8d4ec48d58b0eda56fa461fc6748981"], "severity":"High", "spl":"2023-04-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"41023448064838139733511489886308780141", "length":2614}, "id":"ASB-A-260567867-44161b57", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/9f623983a8d4ec48d58b0eda56fa461fc6748981", "target":{"file":"services/core/java/com/android/server/accounts/AccountManagerService.java", "function":"onResult"}}, {"deprecated":false, "digest":{"function_hash":"52865478785358617343039264453162914792", "length":1331}, "id":"ASB-A-260567867-6d37caa9", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/9f623983a8d4ec48d58b0eda56fa461fc6748981", "target":{"file":"services/core/java/com/android/server/accounts/AccountManagerService.java", "function":"checkKeyIntent"}}, {"deprecated":false, "digest":{"function_hash":"94708205251876746338000343560764915402", "length":333}, "id":"ASB-A-260567867-8462678d", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/9f623983a8d4ec48d58b0eda56fa461fc6748981", "target":{"file":"services/core/java/com/android/server/accounts/AccountManagerService.java", "function":"checkKeyIntentParceledCorrectly"}}, {"deprecated":false, "digest":{"line_hashes":["102621481333874520227160300226568916637", "17410907499065417407586688844885386759", "137971137004370039771630188077221928616", "171654467451521752340925975754762571437", "200743198349192667103830392242710855312", "243628083512321978905245199028732910147", "143497601475118715788948267903722960923", "34403552962753278911522365955453991311", "212527219679643165604639129087184543552", "278096025294005194601942749711161288359", "210066205031285334355977896094228933501", "254649137641918737601387565419334774469", "60013202798819483283863555381222552713", "101255738353673951573916089828613134146", "50186522400419522845497711063170164678", "267026741779168971949661977336207845381", "171654467451521752340925975754762571437", "200743198349192667103830392242710855312"], "threshold":0.9}, "id":"ASB-A-260567867-85083a16", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/9f623983a8d4ec48d58b0eda56fa461fc6748981", "target":{"file":"services/core/java/com/android/server/accounts/AccountManagerService.java"}}, {"deprecated":false, "digest":{"function_hash":"267799739317786220573746323388235990046", "length":2212}, "id":"ASB-A-260567867-a7b9bb0b", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/9f623983a8d4ec48d58b0eda56fa461fc6748981", "target":{"file":"services/core/java/com/android/server/accounts/AccountManagerService.java", "function":"onResult"}}]}}, {"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"12:0"}, {"fixed":"12:2023-04-01"}]}], "versions":["12"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/9f623983a8d4ec48d58b0eda56fa461fc6748981"], "severity":"High", "spl":"2023-04-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"52865478785358617343039264453162914792", "length":1331}, "id":"ASB-A-260567867-27a42bd3", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/9f623983a8d4ec48d58b0eda56fa461fc6748981", "target":{"file":"services/core/java/com/android/server/accounts/AccountManagerService.java", "function":"checkKeyIntent"}}, {"deprecated":false, "digest":{"line_hashes":["102621481333874520227160300226568916637", "17410907499065417407586688844885386759", "137971137004370039771630188077221928616", "171654467451521752340925975754762571437", "200743198349192667103830392242710855312", "243628083512321978905245199028732910147", "143497601475118715788948267903722960923", "34403552962753278911522365955453991311", "212527219679643165604639129087184543552", "278096025294005194601942749711161288359", "210066205031285334355977896094228933501", "254649137641918737601387565419334774469", "60013202798819483283863555381222552713", "101255738353673951573916089828613134146", "50186522400419522845497711063170164678", "267026741779168971949661977336207845381", "171654467451521752340925975754762571437", "200743198349192667103830392242710855312"], "threshold":0.9}, "id":"ASB-A-260567867-40603fb1", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/9f623983a8d4ec48d58b0eda56fa461fc6748981", "target":{"file":"services/core/java/com/android/server/accounts/AccountManagerService.java"}}, {"deprecated":false, "digest":{"function_hash":"94708205251876746338000343560764915402", "length":333}, "id":"ASB-A-260567867-450f3afb", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/9f623983a8d4ec48d58b0eda56fa461fc6748981", "target":{"file":"services/core/java/com/android/server/accounts/AccountManagerService.java", "function":"checkKeyIntentParceledCorrectly"}}, {"deprecated":false, "digest":{"function_hash":"41023448064838139733511489886308780141", "length":2614}, "id":"ASB-A-260567867-53e9a05e", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/9f623983a8d4ec48d58b0eda56fa461fc6748981", "target":{"file":"services/core/java/com/android/server/accounts/AccountManagerService.java", "function":"onResult"}}, {"deprecated":false, "digest":{"function_hash":"267799739317786220573746323388235990046", "length":2212}, "id":"ASB-A-260567867-c75e5dd8", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/9f623983a8d4ec48d58b0eda56fa461fc6748981", "target":{"file":"services/core/java/com/android/server/accounts/AccountManagerService.java", "function":"onResult"}}]}}, {"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"12L:0"}, {"fixed":"12L:2023-04-01"}]}], "versions":["12L"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/9f623983a8d4ec48d58b0eda56fa461fc6748981"], "severity":"High", "spl":"2023-04-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"267799739317786220573746323388235990046", "length":2212}, "id":"ASB-A-260567867-147a6479", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/9f623983a8d4ec48d58b0eda56fa461fc6748981", "target":{"file":"services/core/java/com/android/server/accounts/AccountManagerService.java", "function":"onResult"}}, {"deprecated":false, "digest":{"function_hash":"52865478785358617343039264453162914792", "length":1331}, "id":"ASB-A-260567867-6cbd2519", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/9f623983a8d4ec48d58b0eda56fa461fc6748981", "target":{"file":"services/core/java/com/android/server/accounts/AccountManagerService.java", "function":"checkKeyIntent"}}, {"deprecated":false, "digest":{"function_hash":"94708205251876746338000343560764915402", "length":333}, "id":"ASB-A-260567867-814bca32", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/9f623983a8d4ec48d58b0eda56fa461fc6748981", "target":{"file":"services/core/java/com/android/server/accounts/AccountManagerService.java", "function":"checkKeyIntentParceledCorrectly"}}, {"deprecated":false, "digest":{"line_hashes":["102621481333874520227160300226568916637", "17410907499065417407586688844885386759", "137971137004370039771630188077221928616", "171654467451521752340925975754762571437", "200743198349192667103830392242710855312", "243628083512321978905245199028732910147", "143497601475118715788948267903722960923", "34403552962753278911522365955453991311", "212527219679643165604639129087184543552", "278096025294005194601942749711161288359", "210066205031285334355977896094228933501", "254649137641918737601387565419334774469", "60013202798819483283863555381222552713", "101255738353673951573916089828613134146", "50186522400419522845497711063170164678", "267026741779168971949661977336207845381", "171654467451521752340925975754762571437", "200743198349192667103830392242710855312"], "threshold":0.9}, "id":"ASB-A-260567867-b420f77c", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/9f623983a8d4ec48d58b0eda56fa461fc6748981", "target":{"file":"services/core/java/com/android/server/accounts/AccountManagerService.java"}}, {"deprecated":false, "digest":{"function_hash":"41023448064838139733511489886308780141", "length":2614}, "id":"ASB-A-260567867-b9f8b81f", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/9f623983a8d4ec48d58b0eda56fa461fc6748981", "target":{"file":"services/core/java/com/android/server/accounts/AccountManagerService.java", "function":"onResult"}}]}}, {"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"13:0"}, {"fixed":"13:2023-04-01"}]}], "versions":["13"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/3723f400e2f7f6b72be5d76ae6058e2be579b002"], "severity":"High", "spl":"2023-04-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"187948086070591231297392488894148739647", "length":5624}, "id":"ASB-A-260567867-517e3a33", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/3723f400e2f7f6b72be5d76ae6058e2be579b002", "target":{"file":"services/core/java/com/android/server/accounts/AccountManagerService.java", "function":"getAuthToken"}}, {"deprecated":false, "digest":{"function_hash":"267799739317786220573746323388235990046", "length":2212}, "id":"ASB-A-260567867-8ba17ec0", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/3723f400e2f7f6b72be5d76ae6058e2be579b002", "target":{"file":"services/core/java/com/android/server/accounts/AccountManagerService.java", "function":"onResult"}}, {"deprecated":false, "digest":{"function_hash":"261227585194831626479415770564533148761", "length":1606}, "id":"ASB-A-260567867-b857cd09", "match_only_versions":["13"], "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/3723f400e2f7f6b72be5d76ae6058e2be579b002", "target":{"file":"services/core/java/com/android/server/accounts/AccountManagerService.java", "function":"onResult"}}, {"deprecated":false, "digest":{"function_hash":"41023448064838139733511489886308780141", "length":2614}, "id":"ASB-A-260567867-b906f6fc", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/3723f400e2f7f6b72be5d76ae6058e2be579b002", "target":{"file":"services/core/java/com/android/server/accounts/AccountManagerService.java", "function":"onResult"}}, {"deprecated":false, "digest":{"function_hash":"134451419846464950394386447436239146278", "length":1320}, "id":"ASB-A-260567867-ca1cbc91", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/3723f400e2f7f6b72be5d76ae6058e2be579b002", "target":{"file":"services/core/java/com/android/server/accounts/AccountManagerService.java", "function":"checkKeyIntent"}}, {"deprecated":false, "digest":{"function_hash":"100361811884416474232114843533415316660", "length":347}, "id":"ASB-A-260567867-eb9ea585", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/3723f400e2f7f6b72be5d76ae6058e2be579b002", "target":{"file":"services/core/java/com/android/server/accounts/AccountManagerService.java", "function":"checkKeyIntentParceledCorrectly"}}, {"deprecated":false, "digest":{"line_hashes":["3345597861118770780059298766421267087", "242732919793228362579209848120206281270", "191848758192162543277547550033520109670", "141394416191930872290709805739668594678", "102621481333874520227160300226568916637", "17410907499065417407586688844885386759", "137971137004370039771630188077221928616", "171654467451521752340925975754762571437", "200743198349192667103830392242710855312", "296970883249405432748384307226135802410", "322653182359092500475659955130112784308", "70126697754156643117209328007530417998", "339481037997816317821671594887686512293", "221003920048527419293013806736736766485", "97919473584709779965486999353676586848", "234298834527873990978626021844002463501", "300167801387346797691020387596466947641", "60697875491319249160746600633389088059", "101255738353673951573916089828613134146", "50186522400419522845497711063170164678", "267026741779168971949661977336207845381", "171654467451521752340925975754762571437", "200743198349192667103830392242710855312"], "threshold":0.9}, "id":"ASB-A-260567867-f6e0a46f", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/3723f400e2f7f6b72be5d76ae6058e2be579b002", "target":{"file":"services/core/java/com/android/server/accounts/AccountManagerService.java"}}]}}], "references":[{"type":"ADVISORY", "url":"https://source.android.com/security/bulletin/2023-04-01"}, {"type":"FIX", "url":"https://android.googlesource.com/platform/frameworks/base/+/107e6377328486fca55131ea06ca9d6a3c1585e0"}]}