{"id":"ASB-A-276729064", "published":"2023-10-01T00:00:00Z", "modified":"2026-05-01T15:24:27.653932157Z", "aliases":["CVE-2023-21244", "A-276729064"], "details":"In visitUris of Notification.java, there is a possible bypass of user profile boundaries due to a missing permission check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.", "affected":[{"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"14-next:0"}, {"fixed":"14-next:2023-10-01"}]}], "versions":["14-next"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/43b1711332763788c7abf05c3baa931296c45bbb"], "severity":"High", "spl":"2023-10-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"206080643568669631124953396971239018720", "length":2344}, "id":"ASB-A-276729064-628798b5", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/43b1711332763788c7abf05c3baa931296c45bbb", "target":{"file":"core/java/android/app/Notification.java", "function":"visitUris"}}, {"deprecated":false, "digest":{"line_hashes":["293871498699140096628809383344655540256", "230570210740888002440340466972946828022", "39809601059937207692447550842248064792", "247274710125108089918752834510465687719"], "threshold":0.9}, "id":"ASB-A-276729064-822599ed", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/43b1711332763788c7abf05c3baa931296c45bbb", "target":{"file":"core/java/android/app/Notification.java"}}]}}, {"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"11:0"}, {"fixed":"11:2023-10-01"}]}], "versions":["11"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/63f8ce3efd9a564ae83f1de38791a6d67c5a8ddb", "https://android.googlesource.com/platform/frameworks/base/+/f9d8830e3264c66d0f39b1d45eadd4039695a112", "https://android.googlesource.com/platform/frameworks/base/+/88e597d2b31d054ab5286b3a666accb08a8db5d5"], "severity":"High", "spl":"2023-10-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"45946678691237749534323708555600184252", "length":2160}, "id":"ASB-A-276729064-290b3ace", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/88e597d2b31d054ab5286b3a666accb08a8db5d5", "target":{"file":"core/java/android/app/Notification.java", "function":"visitUris"}}, {"deprecated":false, "digest":{"function_hash":"88690414053046570452154742374956197705", "length":2445}, "id":"ASB-A-276729064-4513277a", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/f9d8830e3264c66d0f39b1d45eadd4039695a112", "target":{"file":"core/java/android/app/Notification.java", "function":"visitUris"}}, {"deprecated":false, "digest":{"line_hashes":["220635192558347618428557710966537549630", "253334370248267018892539242638085805436", "176838862555710248654229688049677396583", "336609230544111782529988548778564228079"], "threshold":0.9}, "id":"ASB-A-276729064-4f1dbb1c", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/63f8ce3efd9a564ae83f1de38791a6d67c5a8ddb", "target":{"file":"core/java/android/app/Notification.java"}}, {"deprecated":false, "digest":{"function_hash":"293252752328763131305245326835911220509", "length":1962}, "id":"ASB-A-276729064-667ac546", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/63f8ce3efd9a564ae83f1de38791a6d67c5a8ddb", "target":{"file":"core/java/android/app/Notification.java", "function":"visitUris"}}, {"deprecated":false, "digest":{"line_hashes":["220635192558347618428557710966537549630", "253334370248267018892539242638085805436", "176838862555710248654229688049677396583", "336609230544111782529988548778564228079"], "threshold":0.9}, "id":"ASB-A-276729064-683002b8", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/88e597d2b31d054ab5286b3a666accb08a8db5d5", "target":{"file":"core/java/android/app/Notification.java"}}, {"deprecated":false, "digest":{"line_hashes":["284329220841021444102925843668787196027", "334607245087039204157752518052222270092", "192320463376510956991726854410949333725", "12001060641025117291543897072481618492", "280321219625922107598767162843685911426", "91752997814129602926830114776134072092", "282535532950185268076359292992678730011", "92878655030594803546377182083274181073", "138889379725379236404616749524878705537", "69832214355760839001124167003115298049", "108587633537507210242609878158511307392", "238482942521325421166953426418539953961", "336609230544111782529988548778564228079"], "threshold":0.9}, "id":"ASB-A-276729064-a2b0774c", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/f9d8830e3264c66d0f39b1d45eadd4039695a112", "target":{"file":"core/java/android/app/Notification.java"}}]}}, {"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"12:0"}, {"fixed":"12:2023-10-01"}]}], "versions":["12"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/43b1711332763788c7abf05c3baa931296c45bbb", "https://android.googlesource.com/platform/frameworks/base/+/28428b737903c9b82d7ce3682336d15d8ad00762", "https://android.googlesource.com/platform/frameworks/base/+/88e597d2b31d054ab5286b3a666accb08a8db5d5"], "severity":"High", "spl":"2023-10-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"206080643568669631124953396971239018720", "length":2344}, "id":"ASB-A-276729064-03b5ca52", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/43b1711332763788c7abf05c3baa931296c45bbb", "target":{"file":"core/java/android/app/Notification.java", "function":"visitUris"}}, {"deprecated":false, "digest":{"line_hashes":["293871498699140096628809383344655540256", "230570210740888002440340466972946828022", "39809601059937207692447550842248064792", "247274710125108089918752834510465687719"], "threshold":0.9}, "id":"ASB-A-276729064-4242f22a", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/43b1711332763788c7abf05c3baa931296c45bbb", "target":{"file":"core/java/android/app/Notification.java"}}, {"deprecated":false, "digest":{"function_hash":"45946678691237749534323708555600184252", "length":2160}, "id":"ASB-A-276729064-63f6e12f", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/88e597d2b31d054ab5286b3a666accb08a8db5d5", "target":{"file":"core/java/android/app/Notification.java", "function":"visitUris"}}, {"deprecated":false, "digest":{"line_hashes":["30674339052424001950516864286665931655", "334607245087039204157752518052222270092", "192320463376510956991726854410949333725", "12001060641025117291543897072481618492", "280321219625922107598767162843685911426", "91752997814129602926830114776134072092", "282535532950185268076359292992678730011", "92878655030594803546377182083274181073", "138889379725379236404616749524878705537", "69832214355760839001124167003115298049", "108587633537507210242609878158511307392", "209214712958229127365277677898883133842", "247274710125108089918752834510465687719"], "threshold":0.9}, "id":"ASB-A-276729064-71d63a4a", "match_only_versions":["12"], "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/28428b737903c9b82d7ce3682336d15d8ad00762", "target":{"file":"core/java/android/app/Notification.java"}}, {"deprecated":false, "digest":{"line_hashes":["220635192558347618428557710966537549630", "253334370248267018892539242638085805436", "176838862555710248654229688049677396583", "336609230544111782529988548778564228079"], "threshold":0.9}, "id":"ASB-A-276729064-81b5eefb", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/88e597d2b31d054ab5286b3a666accb08a8db5d5", "target":{"file":"core/java/android/app/Notification.java"}}, {"deprecated":false, "digest":{"function_hash":"328630913936997539884917677266248587884", "length":2768}, "id":"ASB-A-276729064-c5aa945a", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/28428b737903c9b82d7ce3682336d15d8ad00762", "target":{"file":"core/java/android/app/Notification.java", "function":"visitUris"}}]}}, {"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"12L:0"}, {"fixed":"12L:2023-10-01"}]}], "versions":["12L"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/43b1711332763788c7abf05c3baa931296c45bbb", "https://android.googlesource.com/platform/frameworks/base/+/bdc9b977e376fb3b6047530a179d00fd77f2aec1", "https://android.googlesource.com/platform/frameworks/base/+/88e597d2b31d054ab5286b3a666accb08a8db5d5"], "severity":"High", "spl":"2023-10-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["220635192558347618428557710966537549630", "253334370248267018892539242638085805436", "176838862555710248654229688049677396583", "336609230544111782529988548778564228079"], "threshold":0.9}, "id":"ASB-A-276729064-05cf81c8", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/88e597d2b31d054ab5286b3a666accb08a8db5d5", "target":{"file":"core/java/android/app/Notification.java"}}, {"deprecated":false, "digest":{"line_hashes":["293871498699140096628809383344655540256", "230570210740888002440340466972946828022", "39809601059937207692447550842248064792", "247274710125108089918752834510465687719"], "threshold":0.9}, "id":"ASB-A-276729064-52ddc4f9", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/43b1711332763788c7abf05c3baa931296c45bbb", "target":{"file":"core/java/android/app/Notification.java"}}, {"deprecated":false, "digest":{"function_hash":"328630913936997539884917677266248587884", "length":2768}, "id":"ASB-A-276729064-88f0fc61", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/bdc9b977e376fb3b6047530a179d00fd77f2aec1", "target":{"file":"core/java/android/app/Notification.java", "function":"visitUris"}}, {"deprecated":false, "digest":{"function_hash":"45946678691237749534323708555600184252", "length":2160}, "id":"ASB-A-276729064-b260ca8e", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/88e597d2b31d054ab5286b3a666accb08a8db5d5", "target":{"file":"core/java/android/app/Notification.java", "function":"visitUris"}}, {"deprecated":false, "digest":{"function_hash":"206080643568669631124953396971239018720", "length":2344}, "id":"ASB-A-276729064-bfd28233", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/43b1711332763788c7abf05c3baa931296c45bbb", "target":{"file":"core/java/android/app/Notification.java", "function":"visitUris"}}, {"deprecated":false, "digest":{"line_hashes":["30674339052424001950516864286665931655", "334607245087039204157752518052222270092", "192320463376510956991726854410949333725", "12001060641025117291543897072481618492", "280321219625922107598767162843685911426", "91752997814129602926830114776134072092", "282535532950185268076359292992678730011", "92878655030594803546377182083274181073", "138889379725379236404616749524878705537", "69832214355760839001124167003115298049", "108587633537507210242609878158511307392", "209214712958229127365277677898883133842", "247274710125108089918752834510465687719"], "threshold":0.9}, "id":"ASB-A-276729064-d5100e7e", "match_only_versions":["12L"], "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/bdc9b977e376fb3b6047530a179d00fd77f2aec1", "target":{"file":"core/java/android/app/Notification.java"}}]}}, {"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"13:0"}, {"fixed":"13:2023-10-01"}]}], "versions":["13"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/43b1711332763788c7abf05c3baa931296c45bbb", "https://android.googlesource.com/platform/frameworks/base/+/f69ded9ec319f753d1464586ee28248b84a2bacd", "https://android.googlesource.com/platform/frameworks/base/+/4e19431a60300c6ea6c7f7dd64299916e4eb09bc"], "severity":"High", "spl":"2023-10-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["250638055627944970047384174701610575040", "230570210740888002440340466972946828022", "39809601059937207692447550842248064792", "247274710125108089918752834510465687719"], "threshold":0.9}, "id":"ASB-A-276729064-1efbcc25", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/4e19431a60300c6ea6c7f7dd64299916e4eb09bc", "target":{"file":"core/java/android/app/Notification.java"}}, {"deprecated":false, "digest":{"line_hashes":["293871498699140096628809383344655540256", "230570210740888002440340466972946828022", "39809601059937207692447550842248064792", "247274710125108089918752834510465687719"], "threshold":0.9}, "id":"ASB-A-276729064-270eb8a4", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/43b1711332763788c7abf05c3baa931296c45bbb", "target":{"file":"core/java/android/app/Notification.java"}}, {"deprecated":false, "digest":{"function_hash":"26819728346843679430745099701471672379", "length":2816}, "id":"ASB-A-276729064-517b3a06", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/f69ded9ec319f753d1464586ee28248b84a2bacd", "target":{"file":"core/java/android/app/Notification.java", "function":"visitUris"}}, {"deprecated":false, "digest":{"line_hashes":["30674339052424001950516864286665931655", "334607245087039204157752518052222270092", "192320463376510956991726854410949333725", "12001060641025117291543897072481618492", "280321219625922107598767162843685911426", "91752997814129602926830114776134072092", "282535532950185268076359292992678730011", "92878655030594803546377182083274181073", "138889379725379236404616749524878705537", "69832214355760839001124167003115298049", "108587633537507210242609878158511307392", "209214712958229127365277677898883133842", "247274710125108089918752834510465687719"], "threshold":0.9}, "id":"ASB-A-276729064-9ad50160", "match_only_versions":["13"], "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/f69ded9ec319f753d1464586ee28248b84a2bacd", "target":{"file":"core/java/android/app/Notification.java"}}, {"deprecated":false, "digest":{"function_hash":"206080643568669631124953396971239018720", "length":2344}, "id":"ASB-A-276729064-be677faf", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/43b1711332763788c7abf05c3baa931296c45bbb", "target":{"file":"core/java/android/app/Notification.java", "function":"visitUris"}}, {"deprecated":false, "digest":{"function_hash":"101329898979370720004053874639125298630", "length":2531}, "id":"ASB-A-276729064-e6092937", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/4e19431a60300c6ea6c7f7dd64299916e4eb09bc", "target":{"file":"core/java/android/app/Notification.java", "function":"visitUris"}}]}}], "references":[{"type":"ADVISORY", "url":"https://source.android.com/security/bulletin/2023-10-01"}, {"type":"FIX", "url":"https://android.googlesource.com/platform/frameworks/base/+/3a448067ac9ebdf669951e90678c2daa592a81d3"}, {"type":"FIX", "url":"https://android.googlesource.com/platform/frameworks/base/+/20aedba4998373addc2befcc455a118585559fef"}, {"type":"FIX", "url":"https://android.googlesource.com/platform/frameworks/base/+/5a3d0c131175d923cf35c7beb3ee77a9e6485dad"}]}