{"id":"ASB-A-277741109", "published":"2023-08-01T00:00:00Z", "modified":"2026-05-01T15:24:27.653932157Z", "aliases":["CVE-2023-21279", "A-277741109"], "details":"In visitUris of RemoteViews.java, there is a possible cross-user media read due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.", "affected":[{"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"13-next:0"}, {"fixed":"13-next:2023-08-01"}]}], "versions":["13-next"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/1327550f2e6a36b33473ad82ae52377de644833b"], "severity":"High", "spl":"2023-08-01", "types":["ID"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"332780869755485867808535814879376698615", "length":316}, "id":"ASB-A-277741109-445cf1e3", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/1327550f2e6a36b33473ad82ae52377de644833b", "target":{"file":"core/java/android/widget/RemoteViews.java", "function":"visitUris"}}, {"deprecated":false, "digest":{"line_hashes":["18893358093154404341348852068354358806", "275218925872896456245916266479716530481", "10039153857474388100689592245698426073", "248275908032692090292148866998833167361"], "threshold":0.9}, "id":"ASB-A-277741109-c9fed530", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/1327550f2e6a36b33473ad82ae52377de644833b", "target":{"file":"core/java/android/widget/RemoteViews.java"}}]}}, {"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"12:0"}, {"fixed":"12:2023-08-01"}]}], "versions":["12"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/ae0d45137b0f8ea49a085bbce4d39f901685c4a5"], "severity":"High", "spl":"2023-08-01", "types":["ID"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["18893358093154404341348852068354358806", "275218925872896456245916266479716530481", "10039153857474388100689592245698426073", "248275908032692090292148866998833167361"], "threshold":0.9}, "id":"ASB-A-277741109-14ac3a57", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/ae0d45137b0f8ea49a085bbce4d39f901685c4a5", "target":{"file":"core/java/android/widget/RemoteViews.java"}}, {"deprecated":false, "digest":{"function_hash":"332780869755485867808535814879376698615", "length":316}, "id":"ASB-A-277741109-a73d40cd", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/ae0d45137b0f8ea49a085bbce4d39f901685c4a5", "target":{"file":"core/java/android/widget/RemoteViews.java", "function":"visitUris"}}]}}, {"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"12L:0"}, {"fixed":"12L:2023-08-01"}]}], "versions":["12L"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/ae0d45137b0f8ea49a085bbce4d39f901685c4a5"], "severity":"High", "spl":"2023-08-01", "types":["ID"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"332780869755485867808535814879376698615", "length":316}, "id":"ASB-A-277741109-143df73a", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/ae0d45137b0f8ea49a085bbce4d39f901685c4a5", "target":{"file":"core/java/android/widget/RemoteViews.java", "function":"visitUris"}}, {"deprecated":false, "digest":{"line_hashes":["18893358093154404341348852068354358806", "275218925872896456245916266479716530481", "10039153857474388100689592245698426073", "248275908032692090292148866998833167361"], "threshold":0.9}, "id":"ASB-A-277741109-17521968", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/ae0d45137b0f8ea49a085bbce4d39f901685c4a5", "target":{"file":"core/java/android/widget/RemoteViews.java"}}]}}, {"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"13:0"}, {"fixed":"13:2023-08-01"}]}], "versions":["13"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/902f020bc81e5b584d5cb0276568b888a728fc4a"], "severity":"High", "spl":"2023-08-01", "types":["ID"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"332780869755485867808535814879376698615", "length":316}, "id":"ASB-A-277741109-bf2806a7", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/902f020bc81e5b584d5cb0276568b888a728fc4a", "target":{"file":"core/java/android/widget/RemoteViews.java", "function":"visitUris"}}, {"deprecated":false, "digest":{"line_hashes":["18893358093154404341348852068354358806", "275218925872896456245916266479716530481", "10039153857474388100689592245698426073", "248275908032692090292148866998833167361"], "threshold":0.9}, "id":"ASB-A-277741109-bf4ebeeb", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/902f020bc81e5b584d5cb0276568b888a728fc4a", "target":{"file":"core/java/android/widget/RemoteViews.java"}}]}}], "references":[{"type":"ADVISORY", "url":"https://source.android.com/security/bulletin/2023-08-01"}, {"type":"FIX", "url":"https://android.googlesource.com/platform/frameworks/base/+/155b14600fb13553a47b4e45fe0acd163da07453"}]}