{"id":"ASB-A-283006437", "published":"2023-08-01T00:00:00Z", "modified":"2026-04-29T15:10:00.007170452Z", "aliases":["CVE-2023-21270", "A-283006437"], "details":"In restorePermissionState of PermissionManagerServiceImpl.java, there is a possible way for an app to keep permissions that should be revoked due to incorrect permission flags cleared during an update. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.", "affected":[{"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"13-next:0"}, {"fixed":"13-next:2023-08-01"}]}], "versions":["13-next"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/75d59e2c837fe80573d005d614b5605f049d670b"], "severity":"High", "spl":"2023-08-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"142246288412129094408514203199238561948", "length":8812}, "id":"ASB-A-283006437-b41927e2", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/75d59e2c837fe80573d005d614b5605f049d670b", "target":{"file":"services/core/java/com/android/server/pm/permission/PermissionManagerServiceImpl.java", "function":"restorePermissionState"}}, {"deprecated":false, "digest":{"line_hashes":["241855179621913930701588804709780155522", "275479356698363652495977846336318607251", "255741566803734956684115847599940359502", "329511216806155411583397618051815937323", "230890054020277999966381857942827090781", "30743053879712092806019355833439531329", "164061260477018033836468278206461597782", "186425670345635799098268351722874335822", "276325974263410010527862255220314547069", "218520723691657242980782739382052017414", "155526587664885433202374294265209902170", "204856196167746811870896199949595693266", "295885706405182841829403271221225263171", "145729099851963986731834857453604949671", "292148157103032482322089350809150613971", "167382233552830894443080007920035353773", "314429486213177128614653224747932411797", "276325974263410010527862255220314547069", "118032391002288377293566182663078948299", "314595102839975675297811354990239556759", "120323400186829302355158193795315749404", "163986750517143368853988482277776772815", "197201103724724939510754681281531348217", "194974524402462089005617861962819942918", "92828404067021723650658033648695093647", "166946909467751980189952350180328577663", "15866680198536122678978656592794424777", "176595566564772642823644730206600131131", "178686642698283105794922610506754798137", "234428186770411006908902272106075667589", "75963442116464278584509164306047510920", "74776902845116693701746993520768117870", "12555057430024890003862183139881997738", "107490859850623254815892131356663147820", "194923508558333860654626642113920483145", "25435482031621032640164583620808387257", "286001486748147234981313512722507028679", "20353192589936882140155114595647809471", "249850546937422752978060123149387108317", "259493669906692371733530881195881315277", "331702832483086198673641645128446701892", "112187493214145262221793608858508324924", "73191787758393067461880425633411347621", "67881705992814538402892150868489171754"], "threshold":0.9}, "id":"ASB-A-283006437-df1c9da6", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/75d59e2c837fe80573d005d614b5605f049d670b", "target":{"file":"services/core/java/com/android/server/pm/permission/PermissionManagerServiceImpl.java"}}]}}, {"package":{"name":"platform/packages/apps/Launcher3", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"13-next:0"}, {"fixed":"13-next:2023-08-01"}]}], "versions":["13-next"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/packages/apps/Launcher3/+/6f7a11861f9158061e90d0645c4d891f29cdfc59"], "severity":"High", "spl":"2023-08-01", "types":["EoP"]}}, {"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"12:0"}, {"fixed":"12:2023-08-01"}]}], "versions":["12"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/0e1ebd84e27f5d4fa8bc6577705293251bcbac4f"], "severity":"High", "spl":"2023-08-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"245572871958414356327954138591672841843", "length":8212}, "id":"ASB-A-283006437-1ee35752", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/0e1ebd84e27f5d4fa8bc6577705293251bcbac4f", "target":{"file":"services/core/java/com/android/server/pm/permission/PermissionManagerService.java", "function":"restorePermissionState"}}, {"deprecated":false, "digest":{"line_hashes":["241855179621913930701588804709780155522", "275479356698363652495977846336318607251", "255741566803734956684115847599940359502", "329511216806155411583397618051815937323", "230890054020277999966381857942827090781", "30743053879712092806019355833439531329", "164061260477018033836468278206461597782", "186425670345635799098268351722874335822", "276325974263410010527862255220314547069", "218520723691657242980782739382052017414", "155526587664885433202374294265209902170", "204856196167746811870896199949595693266", "295885706405182841829403271221225263171", "145729099851963986731834857453604949671", "292148157103032482322089350809150613971", "167382233552830894443080007920035353773", "314429486213177128614653224747932411797", "276325974263410010527862255220314547069", "118032391002288377293566182663078948299", "314595102839975675297811354990239556759", "163722187449539808166127513629106944859", "146762435681937213432946232827403882886", "37911553657853436485296153724958281419", "108645160186932075327622118651056146738", "92828404067021723650658033648695093647", "166946909467751980189952350180328577663", "15866680198536122678978656592794424777", "176595566564772642823644730206600131131", "178686642698283105794922610506754798137", "234428186770411006908902272106075667589", "75963442116464278584509164306047510920", "74776902845116693701746993520768117870", "12555057430024890003862183139881997738", "107490859850623254815892131356663147820", "194923508558333860654626642113920483145", "25435482031621032640164583620808387257", "286001486748147234981313512722507028679", "20353192589936882140155114595647809471", "249850546937422752978060123149387108317", "160578629446369328838463630213056123111", "55800704381838252904979346999253933746", "250265219113820724228197185886707073118", "19782484586458661874039702862718242670", "25424149211409059614636043450427951459"], "threshold":0.9}, "id":"ASB-A-283006437-444d16b0", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/0e1ebd84e27f5d4fa8bc6577705293251bcbac4f", "target":{"file":"services/core/java/com/android/server/pm/permission/PermissionManagerService.java"}}]}}, {"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"12L:0"}, {"fixed":"12L:2023-08-01"}]}], "versions":["12L"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/0e1ebd84e27f5d4fa8bc6577705293251bcbac4f"], "severity":"High", "spl":"2023-08-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["241855179621913930701588804709780155522", "275479356698363652495977846336318607251", "255741566803734956684115847599940359502", "329511216806155411583397618051815937323", "230890054020277999966381857942827090781", "30743053879712092806019355833439531329", "164061260477018033836468278206461597782", "186425670345635799098268351722874335822", "276325974263410010527862255220314547069", "218520723691657242980782739382052017414", "155526587664885433202374294265209902170", "204856196167746811870896199949595693266", "295885706405182841829403271221225263171", "145729099851963986731834857453604949671", "292148157103032482322089350809150613971", "167382233552830894443080007920035353773", "314429486213177128614653224747932411797", "276325974263410010527862255220314547069", "118032391002288377293566182663078948299", "314595102839975675297811354990239556759", "163722187449539808166127513629106944859", "146762435681937213432946232827403882886", "37911553657853436485296153724958281419", "108645160186932075327622118651056146738", "92828404067021723650658033648695093647", "166946909467751980189952350180328577663", "15866680198536122678978656592794424777", "176595566564772642823644730206600131131", "178686642698283105794922610506754798137", "234428186770411006908902272106075667589", "75963442116464278584509164306047510920", "74776902845116693701746993520768117870", "12555057430024890003862183139881997738", "107490859850623254815892131356663147820", "194923508558333860654626642113920483145", "25435482031621032640164583620808387257", "286001486748147234981313512722507028679", "20353192589936882140155114595647809471", "249850546937422752978060123149387108317", "160578629446369328838463630213056123111", "55800704381838252904979346999253933746", "250265219113820724228197185886707073118", "19782484586458661874039702862718242670", "25424149211409059614636043450427951459"], "threshold":0.9}, "id":"ASB-A-283006437-2df8e8a0", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/0e1ebd84e27f5d4fa8bc6577705293251bcbac4f", "target":{"file":"services/core/java/com/android/server/pm/permission/PermissionManagerService.java"}}, {"deprecated":false, "digest":{"function_hash":"245572871958414356327954138591672841843", "length":8212}, "id":"ASB-A-283006437-a3f25229", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/0e1ebd84e27f5d4fa8bc6577705293251bcbac4f", "target":{"file":"services/core/java/com/android/server/pm/permission/PermissionManagerService.java", "function":"restorePermissionState"}}]}}, {"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"13:0"}, {"fixed":"13:2023-08-01"}]}], "versions":["13"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/4ebd48959ce962b87c3468724ee4d7390714e3f3"], "severity":"High", "spl":"2023-08-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"145104657252555869640414577518760746497", "length":8661}, "id":"ASB-A-283006437-11162f0b", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/4ebd48959ce962b87c3468724ee4d7390714e3f3", "target":{"file":"services/core/java/com/android/server/pm/permission/PermissionManagerServiceImpl.java", "function":"restorePermissionState"}}, {"deprecated":false, "digest":{"line_hashes":["241855179621913930701588804709780155522", "275479356698363652495977846336318607251", "255741566803734956684115847599940359502", "329511216806155411583397618051815937323", "230890054020277999966381857942827090781", "30743053879712092806019355833439531329", "164061260477018033836468278206461597782", "186425670345635799098268351722874335822", "276325974263410010527862255220314547069", "218520723691657242980782739382052017414", "155526587664885433202374294265209902170", "204856196167746811870896199949595693266", "295885706405182841829403271221225263171", "145729099851963986731834857453604949671", "292148157103032482322089350809150613971", "167382233552830894443080007920035353773", "314429486213177128614653224747932411797", "276325974263410010527862255220314547069", "118032391002288377293566182663078948299", "314595102839975675297811354990239556759", "163722187449539808166127513629106944859", "146762435681937213432946232827403882886", "37911553657853436485296153724958281419", "108645160186932075327622118651056146738", "92828404067021723650658033648695093647", "166946909467751980189952350180328577663", "15866680198536122678978656592794424777", "176595566564772642823644730206600131131", "178686642698283105794922610506754798137", "234428186770411006908902272106075667589", "75963442116464278584509164306047510920", "74776902845116693701746993520768117870", "12555057430024890003862183139881997738", "107490859850623254815892131356663147820", "194923508558333860654626642113920483145", "25435482031621032640164583620808387257", "286001486748147234981313512722507028679", "20353192589936882140155114595647809471", "249850546937422752978060123149387108317", "160578629446369328838463630213056123111", "55800704381838252904979346999253933746", "250265219113820724228197185886707073118", "19782484586458661874039702862718242670", "25424149211409059614636043450427951459"], "threshold":0.9}, "id":"ASB-A-283006437-437192db", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/4ebd48959ce962b87c3468724ee4d7390714e3f3", "target":{"file":"services/core/java/com/android/server/pm/permission/PermissionManagerServiceImpl.java"}}]}}, {"package":{"name":"platform/packages/apps/Launcher3", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"13:0"}, {"fixed":"13:2023-08-01"}]}], "versions":["13"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/packages/apps/Launcher3/+/bdf75772ea2bfd60f004a5d326478bd83deda9a0"], "severity":"High", "spl":"2023-08-01", "types":["EoP"]}}], "references":[{"type":"ADVISORY", "url":"https://source.android.com/security/bulletin/2023-08-01"}, {"type":"FIX", "url":"https://android.googlesource.com/platform/frameworks/base/+/e7ccba6da2c3febeb449c172c1d8091f7a35193d"}, {"type":"FIX", "url":"https://android.googlesource.com/platform/frameworks/base/+/e7ccba6da2c3febeb449c172c1d8091f7a35193d"}]}