{"id":"ASB-A-270049379", "published":"2023-08-01T00:00:00Z", "modified":"2026-04-30T15:48:46.890647439Z", "aliases":["CVE-2023-21280", "A-270049379"], "details":"In setMediaButtonBroadcastReceiver of MediaSessionRecord.java, there is a possible permanent DoS due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.", "affected":[{"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"13-next:0"}, {"fixed":"13-next:2023-08-01"}]}], "versions":["13-next"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/c573c83a2aa36ca022302f675d705518dd723a3c"], "severity":"High", "spl":"2023-08-01", "types":["DoS"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["182110983856181510129217674702988413493", "322593735838003964997890217811901607217", "211834520396439693117491115934872614584", "178162158746897668926489404584312476125", "26063781366599612095537924233041212811", "334082644998293043635481032334739318235", "236345528487390275878220842261957413937", "123274731320680558117208233198720714529", "117790082109853598982266859391488403628", "36275357001704057301361924289824477362", "2197435627853248736705352859181528711", "139972757214791040289723781303860245465", "322076418254438078789224535831581253922", "2345543855376728000792442315142235988", "287102711803760445921392954903838168464", "275947674007324668373361275075843201454", "53914481670964070342629675062259607123", "309957513170072067093477760308286327593", "271659141126652695160497016653731360265", "44274278879701415859994919349602377465", "177837693477925481534174928123200923726", "318442857410077174712454032491247650369", "11163825275961824935311186104336029326", "118719695618142894318002188853355723442", "216698286285820199523426823288555281039", "92264131064804908625140062117277526643", "322100503366092088573202033875636126133", "233432588900782482327470867547569671442", "238228503547517309759672262739237812140", "39429240874014650544371897720248906735", "182922793275990794652449262369855734782", "74392468451144285206918752771220927544", "201852289215691432360497015765237663399"], "threshold":0.9}, "id":"ASB-A-270049379-2f6d3a50", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/c573c83a2aa36ca022302f675d705518dd723a3c", "target":{"file":"services/core/java/com/android/server/media/MediaSessionRecord.java"}}, {"deprecated":false, "digest":{"function_hash":"327845866746813437448995695459432698965", "length":720}, "id":"ASB-A-270049379-381ef389", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/c573c83a2aa36ca022302f675d705518dd723a3c", "target":{"file":"services/core/java/com/android/server/media/MediaSessionRecord.java", "function":"setMediaButtonBroadcastReceiver"}}]}}, {"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"12:0"}, {"fixed":"12:2023-08-01"}]}], "versions":["12"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/ba546a306217389a8ff9e5e948612651fd496081"], "severity":"High", "spl":"2023-08-01", "types":["DoS"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"327845866746813437448995695459432698965", "length":720}, "id":"ASB-A-270049379-11fb30cc", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/ba546a306217389a8ff9e5e948612651fd496081", "target":{"file":"services/core/java/com/android/server/media/MediaSessionRecord.java", "function":"setMediaButtonBroadcastReceiver"}}, {"deprecated":false, "digest":{"line_hashes":["112333010306060271287574479567532271789", "173478072067900714635025148433857750736", "26063781366599612095537924233041212811", "334082644998293043635481032334739318235", "236345528487390275878220842261957413937", "123274731320680558117208233198720714529", "117790082109853598982266859391488403628", "2345543855376728000792442315142235988", "287102711803760445921392954903838168464", "275947674007324668373361275075843201454", "53914481670964070342629675062259607123", "318442857410077174712454032491247650369", "11163825275961824935311186104336029326", "118719695618142894318002188853355723442", "216698286285820199523426823288555281039", "92264131064804908625140062117277526643", "322100503366092088573202033875636126133", "233432588900782482327470867547569671442", "39429240874014650544371897720248906735", "182922793275990794652449262369855734782", "74392468451144285206918752771220927544", "201852289215691432360497015765237663399"], "threshold":0.9}, "id":"ASB-A-270049379-901e2c8c", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/ba546a306217389a8ff9e5e948612651fd496081", "target":{"file":"services/core/java/com/android/server/media/MediaSessionRecord.java"}}]}}, {"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"12L:0"}, {"fixed":"12L:2023-08-01"}]}], "versions":["12L"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/ba546a306217389a8ff9e5e948612651fd496081"], "severity":"High", "spl":"2023-08-01", "types":["DoS"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["112333010306060271287574479567532271789", "173478072067900714635025148433857750736", "26063781366599612095537924233041212811", "334082644998293043635481032334739318235", "236345528487390275878220842261957413937", "123274731320680558117208233198720714529", "117790082109853598982266859391488403628", "2345543855376728000792442315142235988", "287102711803760445921392954903838168464", "275947674007324668373361275075843201454", "53914481670964070342629675062259607123", "318442857410077174712454032491247650369", "11163825275961824935311186104336029326", "118719695618142894318002188853355723442", "216698286285820199523426823288555281039", "92264131064804908625140062117277526643", "322100503366092088573202033875636126133", "233432588900782482327470867547569671442", "39429240874014650544371897720248906735", "182922793275990794652449262369855734782", "74392468451144285206918752771220927544", "201852289215691432360497015765237663399"], "threshold":0.9}, "id":"ASB-A-270049379-4691e76d", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/ba546a306217389a8ff9e5e948612651fd496081", "target":{"file":"services/core/java/com/android/server/media/MediaSessionRecord.java"}}, {"deprecated":false, "digest":{"function_hash":"327845866746813437448995695459432698965", "length":720}, "id":"ASB-A-270049379-b3326fc6", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/ba546a306217389a8ff9e5e948612651fd496081", "target":{"file":"services/core/java/com/android/server/media/MediaSessionRecord.java", "function":"setMediaButtonBroadcastReceiver"}}]}}, {"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"13:0"}, {"fixed":"13:2023-08-01"}]}], "versions":["13"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/ba546a306217389a8ff9e5e948612651fd496081"], "severity":"High", "spl":"2023-08-01", "types":["DoS"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"327845866746813437448995695459432698965", "length":720}, "id":"ASB-A-270049379-16c9a032", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/ba546a306217389a8ff9e5e948612651fd496081", "target":{"file":"services/core/java/com/android/server/media/MediaSessionRecord.java", "function":"setMediaButtonBroadcastReceiver"}}, {"deprecated":false, "digest":{"line_hashes":["112333010306060271287574479567532271789", "173478072067900714635025148433857750736", "26063781366599612095537924233041212811", "334082644998293043635481032334739318235", "236345528487390275878220842261957413937", "123274731320680558117208233198720714529", "117790082109853598982266859391488403628", "2345543855376728000792442315142235988", "287102711803760445921392954903838168464", "275947674007324668373361275075843201454", "53914481670964070342629675062259607123", "318442857410077174712454032491247650369", "11163825275961824935311186104336029326", "118719695618142894318002188853355723442", "216698286285820199523426823288555281039", "92264131064804908625140062117277526643", "322100503366092088573202033875636126133", "233432588900782482327470867547569671442", "39429240874014650544371897720248906735", "182922793275990794652449262369855734782", "74392468451144285206918752771220927544", "201852289215691432360497015765237663399"], "threshold":0.9}, "id":"ASB-A-270049379-dcc7c7ad", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/ba546a306217389a8ff9e5e948612651fd496081", "target":{"file":"services/core/java/com/android/server/media/MediaSessionRecord.java"}}]}}], "references":[{"type":"ADVISORY", "url":"https://source.android.com/security/bulletin/2023-08-01"}, {"type":"FIX", "url":"https://android.googlesource.com/platform/frameworks/base/+/06e772e05514af4aa427641784c5eec39a892ed3"}]}