{"id":"ASB-A-271851153", "published":"2023-08-01T00:00:00Z", "modified":"2026-04-30T15:48:46.890647439Z", "aliases":["CVE-2023-21285", "A-271851153"], "details":"In setMetadata of MediaSessionRecord.java, there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.", "affected":[{"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"13-next:0"}, {"fixed":"13-next:2023-08-01"}]}], "versions":["13-next"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/f2142c8067a71560fa40b87c582ceea6228a723d"], "severity":"High", "spl":"2023-08-01", "types":["ID"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"24774534586553790363352923633023261866", "length":912}, "id":"ASB-A-271851153-41b716ff", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/f2142c8067a71560fa40b87c582ceea6228a723d", "target":{"file":"services/core/java/com/android/server/media/MediaSessionRecord.java", "function":"MediaSessionRecord"}}, {"deprecated":false, "digest":{"function_hash":"103400571377888950412772982225656486389", "length":370}, "id":"ASB-A-271851153-81223b9e", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/f2142c8067a71560fa40b87c582ceea6228a723d", "target":{"file":"services/core/java/com/android/server/media/MediaSessionRecord.java", "function":"setMetadata"}}, {"deprecated":false, "digest":{"line_hashes":["118788353495966469486812888890716631542", "336120466067607025170696673139648716509", "202611335804136601657122508802118536014", "129683185035301515800774035555900214112", "11098708689205902816189879992214658246", "157597736016752248213318594156299798699", "43016319493853448835693981958833016269", "87265475123712206017992867129620060462", "299081490920259318877727632521476767922", "148374925796650727385779428249967735818", "135161749878162459816307819017646668546", "154532732720219536769453269150136500079", "117979511076169297790614002545558763775", "219355299421215882374711901942129989414", "149747140338208731689258870269997687890", "121012494729016232451427683655646025637", "298200289347575094262899648904552585682", "123840935212931604818249916784566765206", "218197868472122456637773183101211040579", "32964964762233295251048849187627362767", "107866035148356740797267732243638789530", "209731173057944943251888810847159461812", "92098945887893974759868525330932299186", "318820102731267560103760031003940638896", "286921895757114535884683724862522328123", "49136251089971112837700541298568844406", "77266097254666486217265326897378613230", "54178516831407579181215003101298533127", "250826700866732060799766010746178270041", "114588526983791545081435666232784061095", "223559342123259852649070018992413409748", "321331652130150193311337198580133176502", "130485209652729059822780395589867437868", "261378328701788388906080210867659757169"], "threshold":0.9}, "id":"ASB-A-271851153-cdb2072b", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/f2142c8067a71560fa40b87c582ceea6228a723d", "target":{"file":"services/core/java/com/android/server/media/MediaSessionRecord.java"}}]}}, {"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"11:0"}, {"fixed":"11:2023-08-01"}]}], "versions":["11"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/f95b7fc61d6b3bf49420ded0357bec031f8cbdcf"], "severity":"High", "spl":"2023-08-01", "types":["ID"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"103400571377888950412772982225656486389", "length":370}, "id":"ASB-A-271851153-6d6885e9", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/f95b7fc61d6b3bf49420ded0357bec031f8cbdcf", "target":{"file":"services/core/java/com/android/server/media/MediaSessionRecord.java", "function":"setMetadata"}}, {"deprecated":false, "digest":{"line_hashes":["10842717917028693918364526327914833568", "177549062079642320147194047704110632766", "165800735627563666482531271956335894169", "2345543855376728000792442315142235988", "307971806336565157533277178814836250776", "140258472042821238951209487612915203094", "66966700857032411844739548472985218458", "36795562373272240829255589042793357451", "280601448879455765800877869990222849782", "43016319493853448835693981958833016269", "87265475123712206017992867129620060462", "233653901369151876016999950432223148676", "208242874259301007852642840316255382659", "177837693477925481534174928123200923726", "154532732720219536769453269150136500079", "117979511076169297790614002545558763775", "219355299421215882374711901942129989414", "266371345839887056834218756127440485817", "160671619480096181649276334524367732726", "295995200742263142922043792114423354043", "101949880067556092114352566729365704190", "327969965223649251967220744468632564682", "190854323795271076949561292157405548880", "107866035148356740797267732243638789530", "209731173057944943251888810847159461812", "92098945887893974759868525330932299186", "318820102731267560103760031003940638896", "286921895757114535884683724862522328123", "49136251089971112837700541298568844406", "77266097254666486217265326897378613230", "54178516831407579181215003101298533127", "250826700866732060799766010746178270041", "114588526983791545081435666232784061095", "223559342123259852649070018992413409748", "321331652130150193311337198580133176502", "130485209652729059822780395589867437868", "261378328701788388906080210867659757169"], "threshold":0.9}, "id":"ASB-A-271851153-b7b2ebe7", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/f95b7fc61d6b3bf49420ded0357bec031f8cbdcf", "target":{"file":"services/core/java/com/android/server/media/MediaSessionRecord.java"}}, {"deprecated":false, "digest":{"function_hash":"295242386605319794964797806577052681188", "length":814}, "id":"ASB-A-271851153-cff528e3", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/f95b7fc61d6b3bf49420ded0357bec031f8cbdcf", "target":{"file":"services/core/java/com/android/server/media/MediaSessionRecord.java", "function":"MediaSessionRecord"}}]}}, {"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"12:0"}, {"fixed":"12:2023-08-01"}]}], "versions":["12"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/b8a7fd8e6f41ee54d27c1e7aaa15b4a3f5365a02"], "severity":"High", "spl":"2023-08-01", "types":["ID"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"103400571377888950412772982225656486389", "length":370}, "id":"ASB-A-271851153-1ebd1371", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/b8a7fd8e6f41ee54d27c1e7aaa15b4a3f5365a02", "target":{"file":"services/core/java/com/android/server/media/MediaSessionRecord.java", "function":"setMetadata"}}, {"deprecated":false, "digest":{"line_hashes":["112333010306060271287574479567532271789", "173478072067900714635025148433857750736", "26063781366599612095537924233041212811", "334082644998293043635481032334739318235", "91904220062129178345130522063740847558", "180446745819319139455850870156884677676", "339298769310645967952518957997803972437", "812567179315126058623678304580690652", "44274278879701415859994919349602377465", "177837693477925481534174928123200923726", "154532732720219536769453269150136500079", "117979511076169297790614002545558763775", "219355299421215882374711901942129989414", "149747140338208731689258870269997687890", "121012494729016232451427683655646025637", "298200289347575094262899648904552585682", "123840935212931604818249916784566765206", "218197868472122456637773183101211040579", "32964964762233295251048849187627362767", "107866035148356740797267732243638789530", "209731173057944943251888810847159461812", "92098945887893974759868525330932299186", "318820102731267560103760031003940638896", "286921895757114535884683724862522328123", "49136251089971112837700541298568844406", "77266097254666486217265326897378613230", "54178516831407579181215003101298533127", "250826700866732060799766010746178270041", "114588526983791545081435666232784061095", "223559342123259852649070018992413409748", "321331652130150193311337198580133176502", "130485209652729059822780395589867437868", "261378328701788388906080210867659757169"], "threshold":0.9}, "id":"ASB-A-271851153-4952cbf3", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/b8a7fd8e6f41ee54d27c1e7aaa15b4a3f5365a02", "target":{"file":"services/core/java/com/android/server/media/MediaSessionRecord.java"}}, {"deprecated":false, "digest":{"function_hash":"24774534586553790363352923633023261866", "length":912}, "id":"ASB-A-271851153-766cb50f", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/b8a7fd8e6f41ee54d27c1e7aaa15b4a3f5365a02", "target":{"file":"services/core/java/com/android/server/media/MediaSessionRecord.java", "function":"MediaSessionRecord"}}]}}, {"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"12L:0"}, {"fixed":"12L:2023-08-01"}]}], "versions":["12L"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/b8a7fd8e6f41ee54d27c1e7aaa15b4a3f5365a02"], "severity":"High", "spl":"2023-08-01", "types":["ID"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["112333010306060271287574479567532271789", "173478072067900714635025148433857750736", "26063781366599612095537924233041212811", "334082644998293043635481032334739318235", "91904220062129178345130522063740847558", "180446745819319139455850870156884677676", "339298769310645967952518957997803972437", "812567179315126058623678304580690652", "44274278879701415859994919349602377465", "177837693477925481534174928123200923726", "154532732720219536769453269150136500079", "117979511076169297790614002545558763775", "219355299421215882374711901942129989414", "149747140338208731689258870269997687890", "121012494729016232451427683655646025637", "298200289347575094262899648904552585682", "123840935212931604818249916784566765206", "218197868472122456637773183101211040579", "32964964762233295251048849187627362767", "107866035148356740797267732243638789530", "209731173057944943251888810847159461812", "92098945887893974759868525330932299186", "318820102731267560103760031003940638896", "286921895757114535884683724862522328123", "49136251089971112837700541298568844406", "77266097254666486217265326897378613230", "54178516831407579181215003101298533127", "250826700866732060799766010746178270041", "114588526983791545081435666232784061095", "223559342123259852649070018992413409748", "321331652130150193311337198580133176502", "130485209652729059822780395589867437868", "261378328701788388906080210867659757169"], "threshold":0.9}, "id":"ASB-A-271851153-195364e4", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/b8a7fd8e6f41ee54d27c1e7aaa15b4a3f5365a02", "target":{"file":"services/core/java/com/android/server/media/MediaSessionRecord.java"}}, {"deprecated":false, "digest":{"function_hash":"103400571377888950412772982225656486389", "length":370}, "id":"ASB-A-271851153-52cc8fa3", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/b8a7fd8e6f41ee54d27c1e7aaa15b4a3f5365a02", "target":{"file":"services/core/java/com/android/server/media/MediaSessionRecord.java", "function":"setMetadata"}}, {"deprecated":false, "digest":{"function_hash":"24774534586553790363352923633023261866", "length":912}, "id":"ASB-A-271851153-71192cef", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/b8a7fd8e6f41ee54d27c1e7aaa15b4a3f5365a02", "target":{"file":"services/core/java/com/android/server/media/MediaSessionRecord.java", "function":"MediaSessionRecord"}}]}}, {"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"13:0"}, {"fixed":"13:2023-08-01"}]}], "versions":["13"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/277e7e05866a3da3c5871c071231b2b7c911d81e"], "severity":"High", "spl":"2023-08-01", "types":["ID"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"24774534586553790363352923633023261866", "length":912}, "id":"ASB-A-271851153-22399f30", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/277e7e05866a3da3c5871c071231b2b7c911d81e", "target":{"file":"services/core/java/com/android/server/media/MediaSessionRecord.java", "function":"MediaSessionRecord"}}, {"deprecated":false, "digest":{"function_hash":"103400571377888950412772982225656486389", "length":370}, "id":"ASB-A-271851153-288cfbb8", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/277e7e05866a3da3c5871c071231b2b7c911d81e", "target":{"file":"services/core/java/com/android/server/media/MediaSessionRecord.java", "function":"setMetadata"}}, {"deprecated":false, "digest":{"line_hashes":["206329301091285783496245527079671639037", "196146795103047822062400128438726861772", "26063781366599612095537924233041212811", "129683185035301515800774035555900214112", "91904220062129178345130522063740847558", "180446745819319139455850870156884677676", "339298769310645967952518957997803972437", "271659141126652695160497016653731360265", "44274278879701415859994919349602377465", "177837693477925481534174928123200923726", "154532732720219536769453269150136500079", "117979511076169297790614002545558763775", "219355299421215882374711901942129989414", "149747140338208731689258870269997687890", "121012494729016232451427683655646025637", "298200289347575094262899648904552585682", "123840935212931604818249916784566765206", "218197868472122456637773183101211040579", "32964964762233295251048849187627362767", "107866035148356740797267732243638789530", "209731173057944943251888810847159461812", "92098945887893974759868525330932299186", "318820102731267560103760031003940638896", "286921895757114535884683724862522328123", "49136251089971112837700541298568844406", "77266097254666486217265326897378613230", "54178516831407579181215003101298533127", "250826700866732060799766010746178270041", "114588526983791545081435666232784061095", "223559342123259852649070018992413409748", "321331652130150193311337198580133176502", "130485209652729059822780395589867437868", "261378328701788388906080210867659757169"], "threshold":0.9}, "id":"ASB-A-271851153-41558f1c", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/277e7e05866a3da3c5871c071231b2b7c911d81e", "target":{"file":"services/core/java/com/android/server/media/MediaSessionRecord.java"}}]}}], "references":[{"type":"ADVISORY", "url":"https://source.android.com/security/bulletin/2023-08-01"}, {"type":"FIX", "url":"https://android.googlesource.com/platform/frameworks/base/+/0c3b7ec3377e7fb645ec366be3be96bb1a252ca1"}]}