{"id":"ASB-A-240267890","details":"In clearApplicationUserData of ActivityManagerService.java, there is a possible way to remove system files due to a path traversal error. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-240267890","CVE-2023-20943"],"modified":"2026-04-29T15:10:00.007170Z","published":"2023-02-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2023-02-01"},{"type":"FIX","url":"https://android.googlesource.com/platform/frameworks/base/+/2bcd5a5176d6a0f9514df21cec682ca51d798fe9"}],"affected":[{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"10:0"},{"fixed":"10:2023-02-01"}]}],"versions":["10"],"ecosystem_specific":{"vanir_signatures":[{"signature_type":"Function","target":{"function":"clearApplicationUserData","file":"services/core/java/com/android/server/am/ActivityManagerService.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/8b2e092146c7ab5c2952818dab6dcb6af9c417ce","id":"ASB-A-240267890-4efa69e3","digest":{"function_hash":"218789402610649146534279806213882698053","length":3389},"deprecated":false,"signature_version":"v1"},{"signature_type":"Function","target":{"function":"onRemoveCompleted","file":"services/core/java/com/android/server/am/ActivityManagerService.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/8b2e092146c7ab5c2952818dab6dcb6af9c417ce","id":"ASB-A-240267890-af19b42b","digest":{"function_hash":"165433686559303516868918071578743107540","length":982},"deprecated":false,"signature_version":"v1"},{"signature_type":"Line","target":{"file":"services/core/java/com/android/server/am/ActivityManagerService.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/8b2e092146c7ab5c2952818dab6dcb6af9c417ce","id":"ASB-A-240267890-bd7aa7d0","digest":{"threshold":0.9,"line_hashes":["19023591753442047319068836492748830433","52651044639622897885630658727967251800","142835254940668524955337731002048445257","266462200045313874316840433279366081525","185110150976461916859425623723589893510","314669603338881841686559024183172733431","292921926393356967081892302753148509231","185633619305411967409319888823786493953","57537406593323258355711851392042148121","73544146165314567653419880584141548669","96268068996457097362106123178324082976","1000070865591566840256793781922070385","221836392391740426605061716026066846772","49503635218691360593758188510630321839","234322752101016168354101648054033901257","59341603582000900163595850960933790917","217578007770781325870538949999452319601"]},"deprecated":false,"signature_version":"v1"}],"spl":"2023-02-01","severity":"High","fixes":["https://android.googlesource.com/platform/frameworks/base/+/8b2e092146c7ab5c2952818dab6dcb6af9c417ce"],"types":["EoP"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-240267890.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"11:0"},{"fixed":"11:2023-02-01"}]}],"versions":["11"],"ecosystem_specific":{"vanir_signatures":[{"signature_type":"Function","target":{"function":"onRemoveCompleted","file":"services/core/java/com/android/server/am/ActivityManagerService.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/0587cd294ae958af5ce7dd505fa919b4e3a13a6a","id":"ASB-A-240267890-4689ac68","digest":{"function_hash":"48304918318956533104010138608645094517","length":996},"deprecated":false,"signature_version":"v1"},{"signature_type":"Function","target":{"function":"clearApplicationUserData","file":"services/core/java/com/android/server/am/ActivityManagerService.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/0587cd294ae958af5ce7dd505fa919b4e3a13a6a","id":"ASB-A-240267890-a382a813","digest":{"function_hash":"281721226776271417646888004390578358723","length":3403},"deprecated":false,"signature_version":"v1"},{"signature_type":"Line","target":{"file":"services/core/java/com/android/server/am/ActivityManagerService.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/0587cd294ae958af5ce7dd505fa919b4e3a13a6a","id":"ASB-A-240267890-d31c4108","digest":{"threshold":0.9,"line_hashes":["19023591753442047319068836492748830433","52651044639622897885630658727967251800","142835254940668524955337731002048445257","266462200045313874316840433279366081525","185110150976461916859425623723589893510","314669603338881841686559024183172733431","292921926393356967081892302753148509231","26074335394516852620157714560660330299","131802145606347624638001126702220939140","29393240277710218126833544989533756035","93344404403566538279788203572755720164","25033023018105414771597828547721161450","107022013439612634245051802443808339606","113015113835492962517966053418959053756","162241249838221695089519972534284924145","81185955015349658169332765966774356464","217578007770781325870538949999452319601"]},"deprecated":false,"signature_version":"v1"}],"spl":"2023-02-01","severity":"High","fixes":["https://android.googlesource.com/platform/frameworks/base/+/0587cd294ae958af5ce7dd505fa919b4e3a13a6a"],"types":["EoP"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-240267890.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12:0"},{"fixed":"12:2023-02-01"}]}],"versions":["12"],"ecosystem_specific":{"vanir_signatures":[{"signature_type":"Function","target":{"function":"onRemoveCompleted","file":"services/core/java/com/android/server/am/ActivityManagerService.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/1748c4e3569c960b3cc7af6fe76dc56b7929fc74","id":"ASB-A-240267890-5a262931","digest":{"function_hash":"25704709540683270839982671053682562928","length":1010},"deprecated":false,"signature_version":"v1"},{"signature_type":"Function","target":{"function":"clearApplicationUserData","file":"services/core/java/com/android/server/am/ActivityManagerService.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/1748c4e3569c960b3cc7af6fe76dc56b7929fc74","id":"ASB-A-240267890-dceeb151","digest":{"function_hash":"197022625998803206946365332501314725815","length":3510},"deprecated":false,"signature_version":"v1"},{"signature_type":"Line","target":{"file":"services/core/java/com/android/server/am/ActivityManagerService.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/1748c4e3569c960b3cc7af6fe76dc56b7929fc74","id":"ASB-A-240267890-fe15deb0","digest":{"threshold":0.9,"line_hashes":["19023591753442047319068836492748830433","52651044639622897885630658727967251800","142835254940668524955337731002048445257","266462200045313874316840433279366081525","185110150976461916859425623723589893510","314669603338881841686559024183172733431","292921926393356967081892302753148509231","26074335394516852620157714560660330299","131802145606347624638001126702220939140","5193485262852018112013593148456881020","205835234934375033032846118326177404503","50955005989019553957825154716998917532","44723180485155276700501233611679072449","296766035507375254846626169660850206327","289627521686869940425266439884906353258","77846570521540527583456841352965119288","69007524958661669647209266690471934903"]},"deprecated":false,"signature_version":"v1"}],"spl":"2023-02-01","severity":"High","fixes":["https://android.googlesource.com/platform/frameworks/base/+/1748c4e3569c960b3cc7af6fe76dc56b7929fc74"],"types":["EoP"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-240267890.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12L:0"},{"fixed":"12L:2023-02-01"}]}],"versions":["12L"],"ecosystem_specific":{"vanir_signatures":[{"signature_type":"Function","target":{"function":"clearApplicationUserData","file":"services/core/java/com/android/server/am/ActivityManagerService.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/9baf03004b9152ac5a3018154465854ba4b4aa8e","id":"ASB-A-240267890-85c0f00a","digest":{"function_hash":"197022625998803206946365332501314725815","length":3510},"deprecated":false,"signature_version":"v1"},{"signature_type":"Function","target":{"function":"onRemoveCompleted","file":"services/core/java/com/android/server/am/ActivityManagerService.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/9baf03004b9152ac5a3018154465854ba4b4aa8e","id":"ASB-A-240267890-d5102df1","digest":{"function_hash":"25704709540683270839982671053682562928","length":1010},"deprecated":false,"signature_version":"v1"},{"signature_type":"Line","target":{"file":"services/core/java/com/android/server/am/ActivityManagerService.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/9baf03004b9152ac5a3018154465854ba4b4aa8e","id":"ASB-A-240267890-daa2de92","digest":{"threshold":0.9,"line_hashes":["19023591753442047319068836492748830433","52651044639622897885630658727967251800","142835254940668524955337731002048445257","266462200045313874316840433279366081525","185110150976461916859425623723589893510","314669603338881841686559024183172733431","292921926393356967081892302753148509231","26074335394516852620157714560660330299","131802145606347624638001126702220939140","5193485262852018112013593148456881020","205835234934375033032846118326177404503","50955005989019553957825154716998917532","44723180485155276700501233611679072449","296766035507375254846626169660850206327","289627521686869940425266439884906353258","77846570521540527583456841352965119288","69007524958661669647209266690471934903"]},"deprecated":false,"signature_version":"v1"}],"spl":"2023-02-01","severity":"High","fixes":["https://android.googlesource.com/platform/frameworks/base/+/9baf03004b9152ac5a3018154465854ba4b4aa8e"],"types":["EoP"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-240267890.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"13:0"},{"fixed":"13:2023-02-01"}]}],"versions":["13"],"ecosystem_specific":{"vanir_signatures":[{"signature_type":"Function","target":{"function":"onRemoveCompleted","file":"services/core/java/com/android/server/am/ActivityManagerService.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/94b10bba20f8d96964c80a8157fd8e02286eff68","id":"ASB-A-240267890-18bde628","digest":{"function_hash":"306266303474995512994204301567941670120","length":1099},"deprecated":false,"signature_version":"v1"},{"signature_type":"Line","target":{"file":"services/core/java/com/android/server/am/ActivityManagerService.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/94b10bba20f8d96964c80a8157fd8e02286eff68","id":"ASB-A-240267890-38b21dad","digest":{"threshold":0.9,"line_hashes":["19023591753442047319068836492748830433","52651044639622897885630658727967251800","142835254940668524955337731002048445257","266462200045313874316840433279366081525","185110150976461916859425623723589893510","243354013767680916156176542676350888809","282141756453166813397134019577865741769","242360205959223563793524277019121002165","272704362624956598487888867396206099590","116358791319072628048265242690146315044","131802145606347624638001126702220939140","260689335989539307525992592168793184068","30221961543927210908696824065619077193","41966273680758090319055084234524876018","216043695530903462632178712485053959841","291529813944039398967917160182739371228","259729072714311958273811571778911528203","305602406385059455886982921729876113658","94473953833050829154906721596955409962"]},"deprecated":false,"signature_version":"v1"},{"signature_type":"Function","target":{"function":"clearApplicationUserData","file":"services/core/java/com/android/server/am/ActivityManagerService.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/94b10bba20f8d96964c80a8157fd8e02286eff68","id":"ASB-A-240267890-e3dc8a86","digest":{"function_hash":"274978653062025418454947224085038003010","length":3824},"deprecated":false,"signature_version":"v1"}],"spl":"2023-02-01","severity":"High","fixes":["https://android.googlesource.com/platform/frameworks/base/+/94b10bba20f8d96964c80a8157fd8e02286eff68"],"types":["EoP"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-240267890.json"}}],"schema_version":"1.7.5"}