{"id":"ASB-A-263358101", "published":"2023-05-01T00:00:00Z", "modified":"2026-04-30T15:48:46.890647439Z", "aliases":["CVE-2023-21117", "A-263358101"], "details":"In registerReceiverWithFeature of ActivityManagerService.java, there is a possible way for isolated processes to register a broadcast receiver due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.", "affected":[{"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"13-next:0"}, {"fixed":"13-next:2023-05-01"}]}], "versions":["13-next"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/43b8a91b0584dd1c6a136702e68e1f0cd519cb51"], "severity":"High", "spl":"2023-05-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"152932676432980376312038644622776302193", "length":6173}, "id":"ASB-A-263358101-b98b346f", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/43b8a91b0584dd1c6a136702e68e1f0cd519cb51", "target":{"file":"services/core/java/com/android/server/am/ActivityManagerService.java", "function":"registerReceiverWithFeature"}}, {"deprecated":false, "digest":{"line_hashes":["214473966615738178518306172651600075848", "144445493020248977507263260612794207235", "123846932426842070665861656378649937707", "248061898277295565704131184295158899185", "250881491421487870269010148820150436192", "261597286108408192172661765512123600610", "12383996178456683922944852262336941246", "126682358563243152092669369697831739500", "289569127497408046308750434801925785998"], "threshold":0.9}, "id":"ASB-A-263358101-f4189bc6", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/43b8a91b0584dd1c6a136702e68e1f0cd519cb51", "target":{"file":"services/core/java/com/android/server/am/ActivityManagerService.java"}}]}}, {"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"13:0"}, {"fixed":"13:2023-05-01"}]}], "versions":["13"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/ca49ddc03fc161e11e4ea99a3e70ef766715410f"], "severity":"High", "spl":"2023-05-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"63084740659856142944913298477939814480", "length":6202}, "id":"ASB-A-263358101-2025e6bd", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/ca49ddc03fc161e11e4ea99a3e70ef766715410f", "target":{"file":"services/core/java/com/android/server/am/ActivityManagerService.java", "function":"registerReceiverWithFeature"}}, {"deprecated":false, "digest":{"line_hashes":["214473966615738178518306172651600075848", "144445493020248977507263260612794207235", "123846932426842070665861656378649937707", "248061898277295565704131184295158899185", "250881491421487870269010148820150436192", "261597286108408192172661765512123600610", "12383996178456683922944852262336941246", "126682358563243152092669369697831739500", "289569127497408046308750434801925785998"], "threshold":0.9}, "id":"ASB-A-263358101-af28caf6", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/ca49ddc03fc161e11e4ea99a3e70ef766715410f", "target":{"file":"services/core/java/com/android/server/am/ActivityManagerService.java"}}]}}], "references":[{"type":"ADVISORY", "url":"https://source.android.com/security/bulletin/2023-05-01"}, {"type":"FIX", "url":"https://android.googlesource.com/platform/frameworks/base/+/8542596db53b1acfb0bf461c93900ff78b34edad"}]}