{"id":"ASB-A-271845008", "published":"2023-06-01T00:00:00Z", "modified":"2026-05-01T15:24:27.653932157Z", "aliases":["CVE-2023-21139", "A-271845008"], "details":"In bindPlayer of MediaControlPanel.java, there is a possible launch arbitrary activity in SysUI due to Unsafe Intent. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.", "affected":[{"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"13-next:0"}, {"fixed":"13-next:2023-06-01"}]}], "versions":["13-next"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/cb2904c7ff653a87cc98904bcb3bcb9c3b6e06ea"], "severity":"High", "spl":"2023-06-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"254644884694687109360640311617995831397", "length":2059}, "id":"ASB-A-271845008-39f9dd6a", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/cb2904c7ff653a87cc98904bcb3bcb9c3b6e06ea", "target":{"file":"packages/SystemUI/src/com/android/systemui/media/controls/ui/MediaControlPanel.java", "function":"bindPlayer"}}, {"deprecated":false, "digest":{"line_hashes":["32321186622478425026496799812965654746", "197114536167534174216724412977697749190", "55029022760377548866766922750307769264", "285752621455018809560792986311288391383", "123869556378501402335999624476096384971", "40050375078905834760266758753264741740", "139755580631488945207257615634045370019", "171453231171332376786162237006679997530", "273566126816688337839650409248451707822", "219183577639449754228598901883934237633", "247361110281580611028390613820865588334"], "threshold":0.9}, "id":"ASB-A-271845008-43c5ff1b", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/cb2904c7ff653a87cc98904bcb3bcb9c3b6e06ea", "target":{"file":"packages/SystemUI/src/com/android/systemui/media/controls/ui/MediaControlPanel.java"}}]}}, {"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"13:0"}, {"fixed":"13:2023-06-01"}]}], "versions":["13"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/223e9c5839308d8cd2e14242315a0e27a5154258", "https://android.googlesource.com/platform/frameworks/base/+/3ee3b7a20a109063cdc2233a1429f78ad8c5ab79", "https://android.googlesource.com/platform/frameworks/base/+/6c4a347bd225f6427b50978ae02ad6f1af15f538"], "severity":"High", "spl":"2023-06-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"286088843615190968846333630048081541692", "length":1041}, "exact_target_file_match_only":true, "id":"ASB-A-271845008-02634982", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/3ee3b7a20a109063cdc2233a1429f78ad8c5ab79", "target":{"file":"packages/SystemUI/src/com/android/systemui/statusbar/phone/CentralSurfacesImpl.java", "function":"startPendingIntentDismissingKeyguard"}}, {"deprecated":false, "digest":{"function_hash":"178616258967409317397577551229532770967", "length":1303}, "exact_target_file_match_only":true, "id":"ASB-A-271845008-056f5202", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/3ee3b7a20a109063cdc2233a1429f78ad8c5ab79", "target":{"file":"packages/SystemUI/src/com/android/systemui/statusbar/phone/StatusBarNotificationActivityStarter.java", "function":"onNotificationClicked"}}, {"deprecated":false, "digest":{"line_hashes":["50454412654763931134233321317447229068", "30013225977220218034766024897994265391", "293822949742712987548957482238716755057", "242150876751779382888717150321923980653", "40800314990889636612815428278997086650"], "threshold":0.9}, "exact_target_file_match_only":true, "id":"ASB-A-271845008-0c18efce", "match_only_versions":["13"], "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/3ee3b7a20a109063cdc2233a1429f78ad8c5ab79", "target":{"file":"packages/SystemUI/src/com/android/systemui/statusbar/phone/StatusBarRemoteInputCallback.java"}}, {"deprecated":false, "digest":{"line_hashes":["206535368192165133378864555332304687207", "197278158694007071014626855053256538322", "102611065600773785065285762143892405323", "330408950157360963923318400147103041533"], "threshold":0.9}, "id":"ASB-A-271845008-1dd69cf5", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/6c4a347bd225f6427b50978ae02ad6f1af15f538", "target":{"file":"services/core/java/com/android/server/pm/PackageManagerInternalBase.java"}}, {"deprecated":false, "digest":{"line_hashes":["32321186622478425026496799812965654746", "197114536167534174216724412977697749190", "55029022760377548866766922750307769264", "285752621455018809560792986311288391383", "123869556378501402335999624476096384971", "40050375078905834760266758753264741740", "139755580631488945207257615634045370019", "171453231171332376786162237006679997530", "273566126816688337839650409248451707822", "219183577639449754228598901883934237633", "247361110281580611028390613820865588334"], "threshold":0.9}, "id":"ASB-A-271845008-224c541f", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/223e9c5839308d8cd2e14242315a0e27a5154258", "target":{"file":"packages/SystemUI/src/com/android/systemui/media/MediaControlPanel.java"}}, {"deprecated":false, "digest":{"function_hash":"184541793108889883826723746171360051309", "length":635}, "exact_target_file_match_only":true, "id":"ASB-A-271845008-37edc787", "match_only_versions":["13"], "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/3ee3b7a20a109063cdc2233a1429f78ad8c5ab79", "target":{"file":"packages/SystemUI/src/com/android/systemui/statusbar/phone/StatusBarRemoteInputCallback.java", "function":"handleRemoteViewClick"}}, {"deprecated":false, "digest":{"function_hash":"78745471563276901678845532427090193812", "length":197}, "id":"ASB-A-271845008-502537c9", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/6c4a347bd225f6427b50978ae02ad6f1af15f538", "target":{"file":"services/core/java/com/android/server/pm/PackageManagerInternalBase.java", "function":"queryIntentActivities"}}, {"deprecated":false, "digest":{"function_hash":"174970559769128569528789129778070214766", "length":1021}, "id":"ASB-A-271845008-531242fa", "match_only_versions":["13"], "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/6c4a347bd225f6427b50978ae02ad6f1af15f538", "target":{"file":"services/core/java/com/android/server/am/ActivityManagerService.java", "function":"queryIntentComponentsForIntentSender"}}, {"deprecated":false, "digest":{"line_hashes":["135542876691881457800174126891548670462", "101494581465747771988168920529117761495", "131922853351039576208234686243169401070", "9413301174270534008443788113338114451", "115382658339630236465444767598201868514", "240451254422274110276975739140569497810", "214438263518390320628691608255003429185", "34845624562396525403054196938655793516", "178599353584987838950370902475955887095", "8205114977588376554469430109309893620", "245685455233671269279525686641618557432", "262184241501960405093244552451478728060", "62955635762453522672927935346905470104", "262318357714189165330933641641657186838", "241973081496200180792888983685832963467", "47395095852786439646745444343823516853", "8794521445931323481114660403684841272", "108121731112564968108325370293693694843", "174115300151019868265826333063888095008", "182471343304056705691555222777593887353", "215387031388644380581660308928954296454", "89125285953424595303937648151201236370", "100152070943127767372669874702743098404"], "threshold":0.9}, "id":"ASB-A-271845008-88d7613c", "match_only_versions":["13"], "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/6c4a347bd225f6427b50978ae02ad6f1af15f538", "target":{"file":"services/core/java/com/android/server/am/ActivityManagerService.java"}}, {"deprecated":false, "digest":{"line_hashes":["219103171606208111390459282156658106579", "42751191032676820378334489928836626626", "212879122132098680344943225565944546688"], "threshold":0.9}, "id":"ASB-A-271845008-8b4150f5", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/6c4a347bd225f6427b50978ae02ad6f1af15f538", "target":{"file":"services/core/java/com/android/server/pm/ComputerEngine.java"}}, {"deprecated":false, "digest":{"function_hash":"64086447659528062863062671250108132", "length":1728}, "id":"ASB-A-271845008-9195db4e", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/223e9c5839308d8cd2e14242315a0e27a5154258", "target":{"file":"packages/SystemUI/src/com/android/systemui/media/MediaControlPanel.java", "function":"bindPlayer"}}, {"deprecated":false, "digest":{"line_hashes":["227111203126462132839911405617692621574", "299731065251190970605764112717447872684", "181064642354844931985489510036490731993", "83614579089263366459761726885417309166"], "threshold":0.9}, "exact_target_file_match_only":true, "id":"ASB-A-271845008-93038577", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/3ee3b7a20a109063cdc2233a1429f78ad8c5ab79", "target":{"file":"packages/SystemUI/src/com/android/systemui/statusbar/phone/CentralSurfacesImpl.java"}}, {"deprecated":false, "digest":{"line_hashes":["46199225223002498813501284967081537155", "184384096706449390226371002128345091409", "142758306640343396013190116045428603001", "261710390796188921390051419611002869500"], "threshold":0.9}, "id":"ASB-A-271845008-a7821dcb", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/6c4a347bd225f6427b50978ae02ad6f1af15f538", "target":{"file":"services/core/java/com/android/server/pm/Computer.java"}}, {"deprecated":false, "digest":{"line_hashes":["279452420605944529287858660104943227928", "297817759332956460786286352756478452973", "283718113760667542417593542265634207274", "297142545432450160884900722838657984254", "171166836102926374318215215279548522872", "44929399260439157859268675000730310207", "36657217421929944235347609769914142476", "297899968368295158094566844842418354821", "47104960082448654964506702767101529405", "112438216916822437734175830135656700409", "104763288006786384546874089997686914683", "6786696123406831254262800566828319140", "209987263421852108559154336121566171762", "220942021495262776868147244381106568562", "266341740573206455300379416695739530969", "89116456000894999502422585451747833580", "279005987229065417342160784455435867539", "63516849009322620667611818542424714483", "67754155622386422899887103761490160876", "175840438916755706840317225996919333203", "209538324099419047165411068880982334196", "93927960070191315016039441139628115968", "31907771833404063579795170068209517135", "101997094792374482962736997198288031261", "15854559075848294332399399505026274927", "76429923685655151830610341265204503946", "214179078821018585551078105206271108550", "254582942163694371096891418714042637901", "252224366672296261498230455905136005603"], "threshold":0.9}, "exact_target_file_match_only":true, "id":"ASB-A-271845008-aae65a75", "match_only_versions":["13"], "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/3ee3b7a20a109063cdc2233a1429f78ad8c5ab79", "target":{"file":"packages/SystemUI/src/com/android/systemui/ActivityIntentHelper.java"}}, {"deprecated":false, "digest":{"function_hash":"258082371803861302409038893350652173138", "length":522}, "exact_target_file_match_only":true, "id":"ASB-A-271845008-f8039713", "match_only_versions":["13"], "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/3ee3b7a20a109063cdc2233a1429f78ad8c5ab79", "target":{"file":"packages/SystemUI/src/com/android/systemui/ActivityIntentHelper.java", "function":"getTargetActivityInfo"}}, {"deprecated":false, "digest":{"line_hashes":["154158448839737934387782205624416406452", "189343675409681482264294634432802115312", "159589826654596615965487049535684055662", "290480052243468584272391351789721865298", "251378210182350005787949925835752974625", "48070887955904611512823487357584091551", "292249950543453124863373236695554660520", "120792672116670357853305694201266022212", "27545028907470929425206290872797400585"], "threshold":0.9}, "exact_target_file_match_only":true, "id":"ASB-A-271845008-ff2b786e", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/3ee3b7a20a109063cdc2233a1429f78ad8c5ab79", "target":{"file":"packages/SystemUI/src/com/android/systemui/statusbar/phone/StatusBarNotificationActivityStarter.java"}}]}}], "references":[{"type":"ADVISORY", "url":"https://source.android.com/security/bulletin/2023-06-01"}, {"type":"FIX", "url":"https://android.googlesource.com/platform/frameworks/base/+/b8e6044520761f537473d0a04a651118236d2c52"}, {"type":"FIX", "url":"https://android.googlesource.com/platform/frameworks/base/+/0f857518e3dd6490508a88ceac39309e77cb231b"}, {"type":"FIX", "url":"https://android.googlesource.com/platform/frameworks/base/+/d9bdeafe811e24d2bee3b2025b77d02ac6b8cbd9"}]}