{"id":"ASB-A-271576718", "published":"2023-08-01T00:00:00Z", "modified":"2026-05-01T15:24:27.653932157Z", "aliases":["CVE-2023-21269", "A-271576718"], "details":"In startActivityInner of ActivityStarter.java, there is a possible way to launch an activity into PiP mode from the background due to BAL bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.", "affected":[{"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"13-next:0"}, {"fixed":"13-next:2023-08-01"}]}], "versions":["13-next"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/7492cc27309a2f4a4ae5ff79a99096be1431a782"], "severity":"High", "spl":"2023-08-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["134947529502951831668270656580359601373", "277226130643309214419475919620173111237", "198798168878448932504341959297564024104", "237545856553853460085321395962383201414"], "threshold":0.9}, "id":"ASB-A-271576718-95f86224", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/7492cc27309a2f4a4ae5ff79a99096be1431a782", "target":{"file":"services/core/java/com/android/server/wm/ActivityStarter.java"}}, {"deprecated":false, "digest":{"function_hash":"37306378361630926012919246178624735986", "length":5300}, "id":"ASB-A-271576718-b2254e09", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/7492cc27309a2f4a4ae5ff79a99096be1431a782", "target":{"file":"services/core/java/com/android/server/wm/ActivityStarter.java", "function":"startActivityInner"}}]}}, {"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"13:0"}, {"fixed":"13:2023-08-01"}]}], "versions":["13"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/1848b559059e021d1a923513ca2a936c6212a7ac"], "severity":"High", "spl":"2023-08-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["134947529502951831668270656580359601373", "277226130643309214419475919620173111237", "198798168878448932504341959297564024104", "237545856553853460085321395962383201414"], "threshold":0.9}, "id":"ASB-A-271576718-368fda98", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/1848b559059e021d1a923513ca2a936c6212a7ac", "target":{"file":"services/core/java/com/android/server/wm/ActivityStarter.java"}}, {"deprecated":false, "digest":{"function_hash":"141367226848251006641507464669532675536", "length":4293}, "id":"ASB-A-271576718-c9a96ec4", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/1848b559059e021d1a923513ca2a936c6212a7ac", "target":{"file":"services/core/java/com/android/server/wm/ActivityStarter.java", "function":"startActivityInner"}}]}}], "references":[{"type":"ADVISORY", "url":"https://source.android.com/security/bulletin/2023-08-01"}, {"type":"FIX", "url":"https://android.googlesource.com/platform/frameworks/base/+/70ec64dc5a2a816d6aa324190a726a85fd749b30"}]}