{"id":"PUB-A-246542917", "published":"2023-06-01T00:00:00Z", "modified":"2026-04-30T15:48:46.890647439Z", "aliases":["CVE-2023-21187", "A-246542917"], "details":"In onCreate of UsbAccessoryUriActivity.java, there is a possible way to escape the Setup Wizard due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.", "affected":[{"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"13-next:0"}, {"fixed":"13-next:2023-06-01"}]}], "versions":["13-next"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/168662319429aa3ba16742439a8f02da2e07b0c6"], "severity":"Moderate", "spl":"2023-06-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["239487596569913257256789971046801982305", "157863405048789649203519074377370654005", "64486575106066182416122459636838835426", "115973020535609400821268272251040977803", "36494061490479298340585942036533499433", "304206301656214372985175649909903305269", "261714860255620743397976767951740614797", "223233839627489651530141544022799941803", "172170284231136267552630545613693180554", "281143166377382409460288712474034776448", "18706295847698019748182134826688791576", "178605713698937034068633266678119705762", "243472584883236262499680914991463965914"], "threshold":0.9}, "id":"PUB-A-246542917-1ff5fb66", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/168662319429aa3ba16742439a8f02da2e07b0c6", "target":{"file":"packages/SystemUI/src/com/android/systemui/usb/UsbAccessoryUriActivity.java"}}, {"deprecated":false, "digest":{"function_hash":"265292813354158046860462585634524894732", "length":1174}, "id":"PUB-A-246542917-2d5e9981", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/168662319429aa3ba16742439a8f02da2e07b0c6", "target":{"file":"packages/SystemUI/src/com/android/systemui/usb/UsbAccessoryUriActivity.java", "function":"onCreate"}}, {"deprecated":false, "digest":{"line_hashes":["241561769809779353104357559803944746372", "198206283175030578925560351825334423279", "143896384614232544677158841796841288339", "40215649798809789819180199193846098830", "267995326452312996068618056653150590873", "326612124666837065524513062857716630564", "53250778376441268140114150154958477503"], "threshold":0.9}, "id":"PUB-A-246542917-dd6d9108", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/168662319429aa3ba16742439a8f02da2e07b0c6", "target":{"file":"packages/SystemUI/src/com/android/systemui/dagger/DefaultActivityBinder.java"}}]}}, {"package":{"name":"platform/frameworks/base", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"13:0"}, {"fixed":"13:2023-06-01"}]}], "versions":["13"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/168662319429aa3ba16742439a8f02da2e07b0c6"], "severity":"Moderate", "spl":"2023-06-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"function_hash":"265292813354158046860462585634524894732", "length":1174}, "id":"PUB-A-246542917-3ac09008", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/168662319429aa3ba16742439a8f02da2e07b0c6", "target":{"file":"packages/SystemUI/src/com/android/systemui/usb/UsbAccessoryUriActivity.java", "function":"onCreate"}}, {"deprecated":false, "digest":{"line_hashes":["239487596569913257256789971046801982305", "157863405048789649203519074377370654005", "64486575106066182416122459636838835426", "115973020535609400821268272251040977803", "36494061490479298340585942036533499433", "304206301656214372985175649909903305269", "261714860255620743397976767951740614797", "223233839627489651530141544022799941803", "172170284231136267552630545613693180554", "281143166377382409460288712474034776448", "18706295847698019748182134826688791576", "178605713698937034068633266678119705762", "243472584883236262499680914991463965914"], "threshold":0.9}, "id":"PUB-A-246542917-c9e5c05e", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/168662319429aa3ba16742439a8f02da2e07b0c6", "target":{"file":"packages/SystemUI/src/com/android/systemui/usb/UsbAccessoryUriActivity.java"}}, {"deprecated":false, "digest":{"line_hashes":["241561769809779353104357559803944746372", "198206283175030578925560351825334423279", "143896384614232544677158841796841288339", "40215649798809789819180199193846098830", "267995326452312996068618056653150590873", "326612124666837065524513062857716630564", "53250778376441268140114150154958477503"], "threshold":0.9}, "id":"PUB-A-246542917-f3947798", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/frameworks/base/+/168662319429aa3ba16742439a8f02da2e07b0c6", "target":{"file":"packages/SystemUI/src/com/android/systemui/dagger/DefaultActivityBinder.java"}}]}}], "references":[{"type":"ADVISORY", "url":"https://source.android.com/security/bulletin/2023-06-01"}]}