{"id":"PUB-A-262243574", "published":"2023-06-01T00:00:00Z", "modified":"2026-05-01T15:24:27.653932157Z", "aliases":["CVE-2023-21175", "A-262243574"], "details":"In onCreate of DataUsageSummary.java, there is a possible method for a guest user to enable or disable mobile data due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.", "affected":[{"package":{"name":"platform/packages/apps/Settings", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"13-next:0"}, {"fixed":"13-next:2023-06-01"}]}], "versions":["13-next"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/packages/apps/Settings/+/3abf4d9d5f0662064819979948422db2c2cecec7"], "severity":"Moderate", "spl":"2023-06-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["289775964770338534937929443563253898950", "314595573047544790838692184700851291842", "8133609504256125300793232577262595955", "264141043893279336225063883389833965675", "284142347386925878852953156911388617997", "172312743759585737625155020817470910335", "252393765184578001254333808922527105671", "90099136365689279482792781570319599273", "31902753032025459023805107647427996905", "262418508065456750991423589510372709668", "133774122168042211072767887716410896787", "326309609642970304782940784258528918890", "228836070610663873979443454572671652650", "66473847125902031294695956932660225394"], "threshold":0.9}, "id":"PUB-A-262243574-3121cc16", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/apps/Settings/+/3abf4d9d5f0662064819979948422db2c2cecec7", "target":{"file":"src/com/android/settings/datausage/DataUsageSummary.java"}}, {"deprecated":false, "digest":{"function_hash":"294211287289100097267714547732021295103", "length":811}, "id":"PUB-A-262243574-dbc71201", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/apps/Settings/+/3abf4d9d5f0662064819979948422db2c2cecec7", "target":{"file":"src/com/android/settings/datausage/DataUsageSummary.java", "function":"onCreate"}}]}}, {"package":{"name":"platform/packages/apps/Settings", "ecosystem":"Android"}, "ranges":[{"type":"ECOSYSTEM", "events":[{"introduced":"13:0"}, {"fixed":"13:2023-06-01"}]}], "versions":["13"], "ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/packages/apps/Settings/+/3abf4d9d5f0662064819979948422db2c2cecec7"], "severity":"Moderate", "spl":"2023-06-01", "types":["EoP"], "vanir_signatures":[{"deprecated":false, "digest":{"line_hashes":["289775964770338534937929443563253898950", "314595573047544790838692184700851291842", "8133609504256125300793232577262595955", "264141043893279336225063883389833965675", "284142347386925878852953156911388617997", "172312743759585737625155020817470910335", "252393765184578001254333808922527105671", "90099136365689279482792781570319599273", "31902753032025459023805107647427996905", "262418508065456750991423589510372709668", "133774122168042211072767887716410896787", "326309609642970304782940784258528918890", "228836070610663873979443454572671652650", "66473847125902031294695956932660225394"], "threshold":0.9}, "id":"PUB-A-262243574-2ccea390", "signature_type":"Line", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/apps/Settings/+/3abf4d9d5f0662064819979948422db2c2cecec7", "target":{"file":"src/com/android/settings/datausage/DataUsageSummary.java"}}, {"deprecated":false, "digest":{"function_hash":"294211287289100097267714547732021295103", "length":811}, "id":"PUB-A-262243574-6a378e16", "signature_type":"Function", "signature_version":"v1", "source":"https://android.googlesource.com/platform/packages/apps/Settings/+/3abf4d9d5f0662064819979948422db2c2cecec7", "target":{"file":"src/com/android/settings/datausage/DataUsageSummary.java", "function":"onCreate"}}]}}], "references":[{"type":"ADVISORY", "url":"https://source.android.com/security/bulletin/2023-06-01"}]}