{"id":"ASB-A-281018094", "published":"2023-08-01T00:00:00Z", "modified":"2026-05-01T15:24:27.653932157Z", "aliases":["CVE-2023-21277", "A-281018094"], "details":"In visitUris of RemoteViews.java, there is a possible way to reveal images across users due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.", "affected":[{"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"13-next:0"}, {"fixed":"13-next:2023-08-01"}]}], "versions":["13-next"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/123df0906b86454542faf236a05e00e802068e56"], "severity":"High", "spl":"2023-08-01", "types":["ID"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["329665021611362043020227002656192683749", "33777507542537233731901269949093178718", "124601394975036829142918177453582828532", "284236484958232671673872160266776287285", "213586894066632749964895258528904068608", "175496572067704317475568725408983891312", "283390899376001510600988390542171144052", "83283854559210764264479836884934600211"], "threshold":0.9}, "id":"ASB-A-281018094-0e07044e", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/123df0906b86454542faf236a05e00e802068e56", "target":{"file":"core/java/android/widget/RemoteViews.java"}}]}}, {"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"12:0"}, {"fixed":"12:2023-08-01"}]}], "versions":["12"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/634a69b7700017eac534f3f58cdcc2572f3cc659"], "severity":"High", "spl":"2023-08-01", "types":["ID"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["329665021611362043020227002656192683749", "33777507542537233731901269949093178718", "124601394975036829142918177453582828532", "284236484958232671673872160266776287285", "213586894066632749964895258528904068608", "175496572067704317475568725408983891312", "283390899376001510600988390542171144052", "83283854559210764264479836884934600211"], "threshold":0.9}, "id":"ASB-A-281018094-84c3610d", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/634a69b7700017eac534f3f58cdcc2572f3cc659", "target":{"file":"core/java/android/widget/RemoteViews.java"}}]}}, {"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"12L:0"}, {"fixed":"12L:2023-08-01"}]}], "versions":["12L"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/634a69b7700017eac534f3f58cdcc2572f3cc659"], "severity":"High", "spl":"2023-08-01", "types":["ID"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["329665021611362043020227002656192683749", "33777507542537233731901269949093178718", "124601394975036829142918177453582828532", "284236484958232671673872160266776287285", "213586894066632749964895258528904068608", "175496572067704317475568725408983891312", "283390899376001510600988390542171144052", "83283854559210764264479836884934600211"], "threshold":0.9}, "id":"ASB-A-281018094-057349d9", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/634a69b7700017eac534f3f58cdcc2572f3cc659", "target":{"file":"core/java/android/widget/RemoteViews.java"}}]}}, {"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"13:0"}, {"fixed":"13:2023-08-01"}]}], "versions":["13"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/634a69b7700017eac534f3f58cdcc2572f3cc659"], "severity":"High", "spl":"2023-08-01", "types":["ID"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["329665021611362043020227002656192683749", "33777507542537233731901269949093178718", "124601394975036829142918177453582828532", "284236484958232671673872160266776287285", "213586894066632749964895258528904068608", "175496572067704317475568725408983891312", "283390899376001510600988390542171144052", "83283854559210764264479836884934600211"], "threshold":0.9}, "id":"ASB-A-281018094-84aee7e0", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/634a69b7700017eac534f3f58cdcc2572f3cc659", "target":{"file":"core/java/android/widget/RemoteViews.java"}}]}}], "references":[{"type":"ADVISORY", "url":"https://source.android.com/security/bulletin/2023-08-01"}, {"type":"FIX", "url":"https://android.googlesource.com/platform/frameworks/base/+/9b58aee2a4528c60b0aa2540bd0f48d2871d2dc7"}]}