{"id":"ASB-A-284297711", "published":"2023-09-01T00:00:00Z", "modified":"2026-04-30T15:48:46.890647439Z", "aliases":["CVE-2023-35675", "A-284297711"], "details":"In loadMediaResumptionControls of MediaResumeListener.kt, there is a possible way to play and listen to media files played by another user on the same device due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.", "affected":[{"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"13-next:0"}, {"fixed":"13-next:2023-09-01"}]}], "versions":["13-next"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/e566a250ad61e269119b475c7ebdae6ca962c4a7"], "severity":"High", "spl":"2023-09-01", "types":["ID"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"37882663302482763284725506942215921346", "length":203}, "id":"ASB-A-284297711-2a539e01", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/e566a250ad61e269119b475c7ebdae6ca962c4a7", "target":{"file":"packages/SystemUI/src/com/android/systemui/media/controls/resume/ResumeMediaBrowser.java", "function":"ResumeMediaBrowser"}}, {"deprecated":false, "digest":{"line_hashes":["256698732200180448596800642338138507062", "173478072067900714635025148433857750736", "128132175207878976811859125837317981366", "235418626425009546242451841945182907175", "223563609857351350082394687946175416987", "112306970489906780575061435114422111737", "243307845533886910097124176904255143866", "248928235820196580858924036931785065626", "294565683655599289866763484396863826191", "293551295564230929392056064455997304433", "91807809175681459259020685724086921163", "175902782160619912477847772047275114126", "233885047923780685929191931446455840336", "50938108172549613114155224947801773465", "219421761348678854865661574418739324031", "109905927878014416683253342942049728844", "82725189981452381615230245810502004996", "75355437531535306749309121730457622524", "137895554531615529462246473314972490801", "315607468538520956893612640482031315572", "112286163188287015773777466172468895922", "86991411814107469071363846903077765576"], "threshold":0.9}, "id":"ASB-A-284297711-b7d2ddb1", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/e566a250ad61e269119b475c7ebdae6ca962c4a7", "target":{"file":"packages/SystemUI/src/com/android/systemui/media/controls/resume/ResumeMediaBrowser.java"}}, {"deprecated":false, "digest":{"line_hashes":["74190183741714291397950167086520701731", "319564735852686264796161375685055763548", "210031620796258729120565630019705353286", "90135634314005142359449435920567101871", "273598153241507979419931766293840613142", "186048688671706252428446301202758023191"], "threshold":0.9}, "id":"ASB-A-284297711-d6cce605", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/e566a250ad61e269119b475c7ebdae6ca962c4a7", "target":{"file":"packages/SystemUI/src/com/android/systemui/media/controls/resume/ResumeMediaBrowserFactory.java"}}, {"deprecated":false, "digest":{"function_hash":"140227383091478789804809558552345472476", "length":124}, "id":"ASB-A-284297711-dd467658", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/e566a250ad61e269119b475c7ebdae6ca962c4a7", "target":{"file":"packages/SystemUI/src/com/android/systemui/media/controls/resume/ResumeMediaBrowserFactory.java", "function":"create"}}]}}, {"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"11:0"}, {"fixed":"11:2023-09-01"}]}], "versions":["11"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/684492a0dfb0c045a07906a2a79d5e785e3b794d"], "severity":"High", "spl":"2023-09-01", "types":["ID"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"29385694862574547600050972513877566026", "length":983}, "id":"ASB-A-284297711-33f4c0ec", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/684492a0dfb0c045a07906a2a79d5e785e3b794d", "target":{"file":"packages/SystemUI/src/com/android/systemui/media/ResumeMediaBrowser.java", "function":"restart"}}, {"deprecated":false, "digest":{"function_hash":"293865426549619313132069368839856428013", "length":120}, "id":"ASB-A-284297711-661e039f", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/684492a0dfb0c045a07906a2a79d5e785e3b794d", "target":{"file":"packages/SystemUI/src/com/android/systemui/media/ResumeMediaBrowser.java", "function":"ResumeMediaBrowser"}}, {"deprecated":false, "digest":{"function_hash":"51170399665814086385843845762301673985", "length":768}, "id":"ASB-A-284297711-af78dc04", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/684492a0dfb0c045a07906a2a79d5e785e3b794d", "target":{"file":"packages/SystemUI/src/com/android/systemui/media/ResumeMediaBrowser.java", "function":"testConnection"}}, {"deprecated":false, "digest":{"line_hashes":["287030533438819041387167423328999967574", "78232782252233067667880679386140675952", "250926710439573474510660528778473659020", "67328214690464877638325464473491274223", "287055508730740409360173691742233623942", "290483283791187679020131224254580882285", "47814498792607150863169242772104610586", "10788387026005956450405097418097778037", "320388037318313918128970228000802645086", "270157687848194690490678062626830423620", "247229145450543295959935988870531410577", "71082245305607638489594570704786413265", "56719174071725399987867809861051750075", "298625411974996713097054821607119672330", "109118376601616308958675787972139580078", "251384122877151472583845927787978379945", "326502756759965590317256913416472908111", "16028128164482265808200398347354429081", "35441356439122300657205877818690877204", "77945548384072491771858689494252723758", "137087195366446967207076213393558611663", "153573118062896934495416084212234756270", "185640351460855748770980437907393883696", "56719174071725399987867809861051750075", "220007226353372622393382808504949386180", "168081392440814853866688353388762397634"], "threshold":0.9}, "id":"ASB-A-284297711-d55efb39", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/684492a0dfb0c045a07906a2a79d5e785e3b794d", "target":{"file":"packages/SystemUI/src/com/android/systemui/media/ResumeMediaBrowser.java"}}, {"deprecated":false, "digest":{"function_hash":"177049598678070331206978122513249364227", "length":323}, "id":"ASB-A-284297711-dcb96a8d", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/684492a0dfb0c045a07906a2a79d5e785e3b794d", "target":{"file":"packages/SystemUI/src/com/android/systemui/media/ResumeMediaBrowser.java", "function":"findRecentMedia"}}]}}, {"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"12:0"}, {"fixed":"12:2023-09-01"}]}], "versions":["12"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/8dccce4f519c91354d5bc6850137269fec715e5d"], "severity":"High", "spl":"2023-09-01", "types":["ID"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"319519944587063183454467925054721260451", "length":171}, "id":"ASB-A-284297711-3bc7c967", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/8dccce4f519c91354d5bc6850137269fec715e5d", "target":{"file":"packages/SystemUI/src/com/android/systemui/media/ResumeMediaBrowser.java", "function":"ResumeMediaBrowser"}}, {"deprecated":false, "digest":{"function_hash":"260007071415382191442987505989115384414", "length":114}, "id":"ASB-A-284297711-9e3bec34", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/8dccce4f519c91354d5bc6850137269fec715e5d", "target":{"file":"packages/SystemUI/src/com/android/systemui/media/ResumeMediaBrowserFactory.java", "function":"create"}}, {"deprecated":false, "digest":{"line_hashes":["177413246295837644229543471153399910161", "198892382706512718135766243721168009681", "287978370417402088313826271059565607679", "67970998296617639246313174471183490671", "211921315134986188517912255949071513009", "303200545754177152504454901503843598079"], "threshold":0.9}, "id":"ASB-A-284297711-b03b3fa9", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/8dccce4f519c91354d5bc6850137269fec715e5d", "target":{"file":"packages/SystemUI/src/com/android/systemui/media/ResumeMediaBrowserFactory.java"}}, {"deprecated":false, "digest":{"line_hashes":["236597294355180211148526946610450541221", "173478072067900714635025148433857750736", "87670171726247297385608132658194888871", "231652402986554576254330999165081196361", "188366375188586170492362820642962119858", "287884031218880188247178465241063515813", "77568406747413685341257547738161383214", "295739817201265772752677669202115758663", "155655330679262933175425479176490797514", "305710564557343378788485079534798933792", "219421761348678854865661574418739324031", "9726876982987343470655342532389614451", "261877600252890020276854016986763351533", "252766741830948990972662741610430603584", "315607468538520956893612640482031315572", "175088565425181146692356497894359746711", "153573118062896934495416084212234756270"], "threshold":0.9}, "id":"ASB-A-284297711-f5b633ce", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/8dccce4f519c91354d5bc6850137269fec715e5d", "target":{"file":"packages/SystemUI/src/com/android/systemui/media/ResumeMediaBrowser.java"}}]}}, {"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"12L:0"}, {"fixed":"12L:2023-09-01"}]}], "versions":["12L"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/b7e77454e8889395b6f998c40e1ce12f994caca5"], "severity":"High", "spl":"2023-09-01", "types":["ID"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["177413246295837644229543471153399910161", "198892382706512718135766243721168009681", "287978370417402088313826271059565607679", "67970998296617639246313174471183490671", "211921315134986188517912255949071513009", "303200545754177152504454901503843598079"], "threshold":0.9}, "id":"ASB-A-284297711-41ae12d4", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/b7e77454e8889395b6f998c40e1ce12f994caca5", "target":{"file":"packages/SystemUI/src/com/android/systemui/media/ResumeMediaBrowserFactory.java"}}, {"deprecated":false, "digest":{"line_hashes":["236597294355180211148526946610450541221", "173478072067900714635025148433857750736", "87670171726247297385608132658194888871", "231652402986554576254330999165081196361", "188366375188586170492362820642962119858", "287884031218880188247178465241063515813", "77568406747413685341257547738161383214", "295739817201265772752677669202115758663", "155655330679262933175425479176490797514", "305710564557343378788485079534798933792", "219421761348678854865661574418739324031", "9726876982987343470655342532389614451", "261877600252890020276854016986763351533", "252766741830948990972662741610430603584", "315607468538520956893612640482031315572", "175088565425181146692356497894359746711", "153573118062896934495416084212234756270"], "threshold":0.9}, "id":"ASB-A-284297711-6ae30c22", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/b7e77454e8889395b6f998c40e1ce12f994caca5", "target":{"file":"packages/SystemUI/src/com/android/systemui/media/ResumeMediaBrowser.java"}}, {"deprecated":false, "digest":{"function_hash":"319519944587063183454467925054721260451", "length":171}, "id":"ASB-A-284297711-6c4fa8c6", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/b7e77454e8889395b6f998c40e1ce12f994caca5", "target":{"file":"packages/SystemUI/src/com/android/systemui/media/ResumeMediaBrowser.java", "function":"ResumeMediaBrowser"}}, {"deprecated":false, "digest":{"function_hash":"260007071415382191442987505989115384414", "length":114}, "id":"ASB-A-284297711-e0bb4536", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/b7e77454e8889395b6f998c40e1ce12f994caca5", "target":{"file":"packages/SystemUI/src/com/android/systemui/media/ResumeMediaBrowserFactory.java", "function":"create"}}]}}, {"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"13:0"}, {"fixed":"13:2023-09-01"}]}], "versions":["13"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/d61741288b4d7614e4677428aac6418f6f1d79f0"], "severity":"High", "spl":"2023-09-01", "types":["ID"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["236597294355180211148526946610450541221", "173478072067900714635025148433857750736", "128132175207878976811859125837317981366", "235418626425009546242451841945182907175", "223563609857351350082394687946175416987", "112306970489906780575061435114422111737", "243307845533886910097124176904255143866", "248928235820196580858924036931785065626", "294565683655599289866763484396863826191", "293551295564230929392056064455997304433", "91807809175681459259020685724086921163", "175902782160619912477847772047275114126", "233885047923780685929191931446455840336", "50938108172549613114155224947801773465", "219421761348678854865661574418739324031", "109905927878014416683253342942049728844", "82725189981452381615230245810502004996", "75355437531535306749309121730457622524", "306964280349707144796711647675239965508", "315607468538520956893612640482031315572", "112286163188287015773777466172468895922", "86991411814107469071363846903077765576"], "threshold":0.9}, "id":"ASB-A-284297711-26d60d27", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/d61741288b4d7614e4677428aac6418f6f1d79f0", "target":{"file":"packages/SystemUI/src/com/android/systemui/media/ResumeMediaBrowser.java"}}, {"deprecated":false, "digest":{"function_hash":"37882663302482763284725506942215921346", "length":203}, "id":"ASB-A-284297711-5f373ae1", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/d61741288b4d7614e4677428aac6418f6f1d79f0", "target":{"file":"packages/SystemUI/src/com/android/systemui/media/ResumeMediaBrowser.java", "function":"ResumeMediaBrowser"}}, {"deprecated":false, "digest":{"function_hash":"140227383091478789804809558552345472476", "length":124}, "id":"ASB-A-284297711-6f52d67a", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/d61741288b4d7614e4677428aac6418f6f1d79f0", "target":{"file":"packages/SystemUI/src/com/android/systemui/media/ResumeMediaBrowserFactory.java", "function":"create"}}, {"deprecated":false, "digest":{"line_hashes":["177413246295837644229543471153399910161", "319564735852686264796161375685055763548", "210031620796258729120565630019705353286", "90135634314005142359449435920567101871", "273598153241507979419931766293840613142", "186048688671706252428446301202758023191"], "threshold":0.9}, "id":"ASB-A-284297711-7526590e", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/d61741288b4d7614e4677428aac6418f6f1d79f0", "target":{"file":"packages/SystemUI/src/com/android/systemui/media/ResumeMediaBrowserFactory.java"}}]}}], "references":[{"type":"ADVISORY", "url":"https://source.android.com/security/bulletin/2023-09-01"}, {"type":"FIX", "url":"https://android.googlesource.com/platform/frameworks/base/+/c1cf4b9746c9641190730172522324ccd5b8c914"}]}