{"id":"ASB-A-236688380","details":"In openContentUri of ActivityManagerService.java, there is a possible way for a third party app to obtain restricted files due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-236688380","CVE-2023-21292"],"modified":"2026-04-30T15:48:46.890647Z","published":"2023-08-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2023-08-01"},{"type":"FIX","url":"https://android.googlesource.com/platform/frameworks/base/+/d10b27e539f7bc91c2360d429b9d05f05274670d"}],"affected":[{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"13-next:0"},{"fixed":"13-next:2023-08-01"}]}],"versions":["13-next"],"ecosystem_specific":{"spl":"2023-08-01","severity":"High","vanir_signatures":[{"signature_version":"v1","deprecated":false,"digest":{"line_hashes":["76418437503843318751712929797726966832","104461767719788887198305234904354834666","307093372440300968388906288205344654663","74648286233082116099434873134283267488","231509935057853678055794183017655088368","318751159969414295248398361656968429783","160045532938658758152973521651384166021"],"threshold":0.9},"source":"https://android.googlesource.com/platform/frameworks/base/+/d0ba7467c2cb2815f94f6651cbb1c2f405e8e9c7","id":"ASB-A-236688380-58878422","signature_type":"Line","target":{"file":"services/core/java/com/android/server/am/ActivityManagerService.java"}},{"signature_version":"v1","deprecated":false,"digest":{"function_hash":"220772423699431654211541877719471381869","length":1058},"source":"https://android.googlesource.com/platform/frameworks/base/+/d0ba7467c2cb2815f94f6651cbb1c2f405e8e9c7","id":"ASB-A-236688380-700d79f7","signature_type":"Function","target":{"file":"services/core/java/com/android/server/am/ActivityManagerService.java","function":"openContentUri"}}],"fixes":["https://android.googlesource.com/platform/frameworks/base/+/d0ba7467c2cb2815f94f6651cbb1c2f405e8e9c7"],"types":["ID"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-236688380.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"11:0"},{"fixed":"11:2023-08-01"}]}],"versions":["11"],"ecosystem_specific":{"spl":"2023-08-01","severity":"High","vanir_signatures":[{"signature_version":"v1","deprecated":false,"digest":{"function_hash":"300503575560096374095912022202879730915","length":771},"source":"https://android.googlesource.com/platform/frameworks/base/+/821f4c0d8ba06be32ce9b46c7a7c09d1cacd7b0e","id":"ASB-A-236688380-31ff41fe","signature_type":"Function","target":{"file":"services/core/java/com/android/server/am/ActivityManagerService.java","function":"openContentUri"}},{"signature_version":"v1","deprecated":false,"digest":{"line_hashes":["54489602600371010507851492393320731290","19323430983617464850335137178930817923","199465384889791402120069155492011905371","285185005004972158414540612015972559952","268985775466555093472360532934596837431","156483589098292077749574923502377919699","149310568858782995224182899670134920275","284917652690697113923382746681702202126","260766011621050655901536527213038797366","162043088812911960279494268335711460863","110735508088132247902798353610175741079","161882186210292600616324309258391721292","31555940055240700540321685302141991864","220050745872187941170392438223632559488","48497639899924161433689637237455673613","249803298484445488554213071084375542604","211485654808508735874089992706263939994"],"threshold":0.9},"source":"https://android.googlesource.com/platform/frameworks/base/+/821f4c0d8ba06be32ce9b46c7a7c09d1cacd7b0e","id":"ASB-A-236688380-94525761","signature_type":"Line","target":{"file":"services/core/java/com/android/server/am/ActivityManagerService.java"}}],"fixes":["https://android.googlesource.com/platform/frameworks/base/+/821f4c0d8ba06be32ce9b46c7a7c09d1cacd7b0e"],"types":["ID"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-236688380.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12:0"},{"fixed":"12:2023-08-01"}]}],"versions":["12"],"ecosystem_specific":{"spl":"2023-08-01","severity":"High","vanir_signatures":[{"signature_version":"v1","deprecated":false,"digest":{"line_hashes":["76418437503843318751712929797726966832","104461767719788887198305234904354834666","307093372440300968388906288205344654663","74648286233082116099434873134283267488","231509935057853678055794183017655088368","318751159969414295248398361656968429783","160045532938658758152973521651384166021"],"threshold":0.9},"source":"https://android.googlesource.com/platform/frameworks/base/+/e37820e47c383aecf9d1173a0676c27e6a59ce4f","id":"ASB-A-236688380-1075d7bc","signature_type":"Line","target":{"file":"services/core/java/com/android/server/am/ActivityManagerService.java"}},{"signature_version":"v1","deprecated":false,"digest":{"function_hash":"220772423699431654211541877719471381869","length":1058},"source":"https://android.googlesource.com/platform/frameworks/base/+/e37820e47c383aecf9d1173a0676c27e6a59ce4f","id":"ASB-A-236688380-51107268","signature_type":"Function","target":{"file":"services/core/java/com/android/server/am/ActivityManagerService.java","function":"openContentUri"}}],"fixes":["https://android.googlesource.com/platform/frameworks/base/+/e37820e47c383aecf9d1173a0676c27e6a59ce4f"],"types":["ID"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-236688380.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12L:0"},{"fixed":"12L:2023-08-01"}]}],"versions":["12L"],"ecosystem_specific":{"spl":"2023-08-01","severity":"High","vanir_signatures":[{"signature_version":"v1","deprecated":false,"digest":{"function_hash":"220772423699431654211541877719471381869","length":1058},"source":"https://android.googlesource.com/platform/frameworks/base/+/e37820e47c383aecf9d1173a0676c27e6a59ce4f","id":"ASB-A-236688380-00b8a233","signature_type":"Function","target":{"file":"services/core/java/com/android/server/am/ActivityManagerService.java","function":"openContentUri"}},{"signature_version":"v1","deprecated":false,"digest":{"line_hashes":["76418437503843318751712929797726966832","104461767719788887198305234904354834666","307093372440300968388906288205344654663","74648286233082116099434873134283267488","231509935057853678055794183017655088368","318751159969414295248398361656968429783","160045532938658758152973521651384166021"],"threshold":0.9},"source":"https://android.googlesource.com/platform/frameworks/base/+/e37820e47c383aecf9d1173a0676c27e6a59ce4f","id":"ASB-A-236688380-a6d13864","signature_type":"Line","target":{"file":"services/core/java/com/android/server/am/ActivityManagerService.java"}}],"fixes":["https://android.googlesource.com/platform/frameworks/base/+/e37820e47c383aecf9d1173a0676c27e6a59ce4f"],"types":["ID"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-236688380.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"13:0"},{"fixed":"13:2023-08-01"}]}],"versions":["13"],"ecosystem_specific":{"spl":"2023-08-01","severity":"High","vanir_signatures":[{"signature_version":"v1","deprecated":false,"digest":{"function_hash":"220772423699431654211541877719471381869","length":1058},"source":"https://android.googlesource.com/platform/frameworks/base/+/e37820e47c383aecf9d1173a0676c27e6a59ce4f","id":"ASB-A-236688380-77172315","signature_type":"Function","target":{"file":"services/core/java/com/android/server/am/ActivityManagerService.java","function":"openContentUri"}},{"signature_version":"v1","deprecated":false,"digest":{"line_hashes":["76418437503843318751712929797726966832","104461767719788887198305234904354834666","307093372440300968388906288205344654663","74648286233082116099434873134283267488","231509935057853678055794183017655088368","318751159969414295248398361656968429783","160045532938658758152973521651384166021"],"threshold":0.9},"source":"https://android.googlesource.com/platform/frameworks/base/+/e37820e47c383aecf9d1173a0676c27e6a59ce4f","id":"ASB-A-236688380-793c72c2","signature_type":"Line","target":{"file":"services/core/java/com/android/server/am/ActivityManagerService.java"}}],"fixes":["https://android.googlesource.com/platform/frameworks/base/+/e37820e47c383aecf9d1173a0676c27e6a59ce4f"],"types":["ID"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-236688380.json"}}],"schema_version":"1.7.5"}