{"id":"ASB-A-261858325", "published":"2023-04-01T00:00:00Z", "modified":"2026-04-29T15:10:00.007170452Z", "aliases":["CVE-2023-21097", "A-261858325"], "details":"In toUriInner of Intent.java, there is a possible way to launch an arbitrary activity due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.", "affected":[{"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"13-next:0"}, {"fixed":"13-next:2023-04-01"}]}], "versions":["13-next"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/e56ca6b94516e4adb9ba5002a2dff0fbcd6bfff2"], "severity":"High", "spl":"2023-04-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["94551627107923130385523135893517785998", "150136354593107910198119465791752131621", "196149630175400252759956693774630289095", "19069004713157416761334761750151917249"], "threshold":0.9}, "id":"ASB-A-261858325-2536fb0d", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/e56ca6b94516e4adb9ba5002a2dff0fbcd6bfff2", "target":{"file":"core/java/android/content/Intent.java"}}, {"deprecated":false, "digest":{"function_hash":"240844664726332416271350520095610606287", "length":2051}, "id":"ASB-A-261858325-429679e2", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/e56ca6b94516e4adb9ba5002a2dff0fbcd6bfff2", "target":{"file":"core/java/android/content/Intent.java", "function":"toUriInner"}}]}}, {"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"11:0"}, {"fixed":"11:2023-04-01"}]}], "versions":["11"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/43437b4ee6424933d4e403f0375ef8c1f07986f4"], "severity":"High", "spl":"2023-04-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"240844664726332416271350520095610606287", "length":2051}, "id":"ASB-A-261858325-40580961", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/43437b4ee6424933d4e403f0375ef8c1f07986f4", "target":{"file":"core/java/android/content/Intent.java", "function":"toUriInner"}}, {"deprecated":false, "digest":{"line_hashes":["94551627107923130385523135893517785998", "150136354593107910198119465791752131621", "196149630175400252759956693774630289095", "19069004713157416761334761750151917249"], "threshold":0.9}, "id":"ASB-A-261858325-525397a1", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/43437b4ee6424933d4e403f0375ef8c1f07986f4", "target":{"file":"core/java/android/content/Intent.java"}}]}}, {"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"12:0"}, {"fixed":"12:2023-04-01"}]}], "versions":["12"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/bfe7e8bab48caff53dbcf2913f724de2e4f5aa81"], "severity":"High", "spl":"2023-04-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["94551627107923130385523135893517785998", "150136354593107910198119465791752131621", "196149630175400252759956693774630289095", "19069004713157416761334761750151917249"], "threshold":0.9}, "id":"ASB-A-261858325-3cdd2e2e", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/bfe7e8bab48caff53dbcf2913f724de2e4f5aa81", "target":{"file":"core/java/android/content/Intent.java"}}, {"deprecated":false, "digest":{"function_hash":"240844664726332416271350520095610606287", "length":2051}, "id":"ASB-A-261858325-b9a8567f", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/bfe7e8bab48caff53dbcf2913f724de2e4f5aa81", "target":{"file":"core/java/android/content/Intent.java", "function":"toUriInner"}}]}}, {"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"12L:0"}, {"fixed":"12L:2023-04-01"}]}], "versions":["12L"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/c0f1b9f614edcc04130d8dc3c28f109e9571fa8a"], "severity":"High", "spl":"2023-04-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"240844664726332416271350520095610606287", "length":2051}, "id":"ASB-A-261858325-2c0cb12b", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/c0f1b9f614edcc04130d8dc3c28f109e9571fa8a", "target":{"file":"core/java/android/content/Intent.java", "function":"toUriInner"}}, {"deprecated":false, "digest":{"line_hashes":["94551627107923130385523135893517785998", "150136354593107910198119465791752131621", "196149630175400252759956693774630289095", "19069004713157416761334761750151917249"], "threshold":0.9}, "id":"ASB-A-261858325-83550bb2", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/c0f1b9f614edcc04130d8dc3c28f109e9571fa8a", "target":{"file":"core/java/android/content/Intent.java"}}]}}, {"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"13:0"}, {"fixed":"13:2023-04-01"}]}], "versions":["13"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/e10ae05752f39c038703f8c2c3827123ea84d31e"], "severity":"High", "spl":"2023-04-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"240844664726332416271350520095610606287", "length":2051}, "id":"ASB-A-261858325-16d68fcd", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/e10ae05752f39c038703f8c2c3827123ea84d31e", "target":{"file":"core/java/android/content/Intent.java", "function":"toUriInner"}}, {"deprecated":false, "digest":{"line_hashes":["94551627107923130385523135893517785998", "150136354593107910198119465791752131621", "196149630175400252759956693774630289095", "19069004713157416761334761750151917249"], "threshold":0.9}, "id":"ASB-A-261858325-a073abf6", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/e10ae05752f39c038703f8c2c3827123ea84d31e", "target":{"file":"core/java/android/content/Intent.java"}}]}}], "references":[{"type":"ADVISORY", "url":"https://source.android.com/security/bulletin/2023-04-01"}, {"type":"FIX", "url":"https://android.googlesource.com/platform/frameworks/base/+/37e9ac249bc712eb240a7224ebe09d24de5fb190"}]}