{"id":"ASB-A-299930871", "published":"2023-12-01T00:00:00Z", "modified":"2026-04-29T15:10:00.007170452Z", "aliases":["CVE-2023-45777", "A-299930871"], "details":"In checkKeyIntentParceledCorrectly of AccountManagerService.java, there is a possible way to launch arbitrary activities using system privileges due to Parcel Mismatch. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.", "affected":[{"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"14-next:0"}, {"fixed":"14-next:2023-12-01"}]}], "versions":["14-next"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/7a24a283a360e816d2bfb2aa124c4eb2efd1be61", "https://android.googlesource.com/platform/frameworks/base/+/8476b140eed0235df4e8f07d94420a1471191b55"], "severity":"High", "spl":"2023-12-01", "types":["EoP"], "vanir_signatures":[{"deprecated":true, "digest":{"line_hashes":["105742063094871766937010577244347100362", "41831547722346298418863001400473844494", "210507454749626293904794193921105781012", "171630030037310044988416393019877335182"], "threshold":0.9}, "id":"ASB-A-299930871-41663f73", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/8476b140eed0235df4e8f07d94420a1471191b55", "target":{"file":"services/core/java/com/android/server/accounts/AccountManagerService.java"}}, {"deprecated":true, "digest":{"function_hash":"5312624277853522920463986731625181836", "length":724}, "id":"ASB-A-299930871-7bbfd9e5", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/8476b140eed0235df4e8f07d94420a1471191b55", "target":{"file":"services/core/java/com/android/server/accounts/AccountManagerService.java", "function":"checkKeyIntentParceledCorrectly"}}]}}, {"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"13:0"}, {"fixed":"13:2023-12-01"}]}], "versions":["13"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/7a24a283a360e816d2bfb2aa124c4eb2efd1be61", "https://android.googlesource.com/platform/frameworks/base/+/8476b140eed0235df4e8f07d94420a1471191b55"], "severity":"High", "spl":"2023-12-01", "types":["EoP"], "vanir_signatures":[{"deprecated":true, "digest":{"line_hashes":["105742063094871766937010577244347100362", "41831547722346298418863001400473844494", "210507454749626293904794193921105781012", "171630030037310044988416393019877335182"], "threshold":0.9}, "id":"ASB-A-299930871-79cbb13c", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/8476b140eed0235df4e8f07d94420a1471191b55", "target":{"file":"services/core/java/com/android/server/accounts/AccountManagerService.java"}}, {"deprecated":true, "digest":{"function_hash":"5312624277853522920463986731625181836", "length":724}, "id":"ASB-A-299930871-ea7ab32b", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/8476b140eed0235df4e8f07d94420a1471191b55", "target":{"file":"services/core/java/com/android/server/accounts/AccountManagerService.java", "function":"checkKeyIntentParceledCorrectly"}}]}}, {"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"14:0"}, {"fixed":"14:2023-12-01"}]}], "versions":["14"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/7a24a283a360e816d2bfb2aa124c4eb2efd1be61"], "severity":"High", "spl":"2023-12-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["284645906073750632685697538823996009341", "285758355853553288136460222232517894852", "249520830598242276603421062396672184894", "118063220515672952178012219922957877184"], "threshold":0.9}, "id":"ASB-A-299930871-ba1013eb", "match_only_versions":["14"], "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/7a24a283a360e816d2bfb2aa124c4eb2efd1be61", "target":{"file":"services/core/java/com/android/server/accounts/AccountManagerService.java"}}, {"deprecated":false, "digest":{"function_hash":"42442705007644212017595812178236325751", "length":785}, "id":"ASB-A-299930871-c6f16cfe", "match_only_versions":["14"], "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/7a24a283a360e816d2bfb2aa124c4eb2efd1be61", "target":{"file":"services/core/java/com/android/server/accounts/AccountManagerService.java", "function":"checkKeyIntentParceledCorrectly"}}]}}], "references":[{"type":"ADVISORY", "url":"https://source.android.com/security/bulletin/2023-12-01"}, {"type":"FIX", "url":"https://android.googlesource.com/platform/frameworks/base/+/f810d81839af38ee121c446105ca67cb12992fc6"}, {"type":"FIX", "url":"https://android.googlesource.com/platform/frameworks/base/+/f4644b55d36a549710ba35b6fb797ba744807da6"}]}