{"id":"ASB-A-243794108","details":"In getPendingIntentLaunchFlags of ActivityOptions.java, there is a possible elevation of privilege due to a confused deputy with no additional execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-243794108","CVE-2023-20918"],"modified":"2026-04-30T15:48:46.890647Z","published":"2023-07-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2023-07-01"},{"type":"FIX","url":"https://android.googlesource.com/platform/frameworks/base/+/16c604aa7c253ce5cf075368a258c0b21386160d"},{"type":"FIX","url":"https://android.googlesource.com/platform/frameworks/base/+/8418e3a017428683d173c0c82b0eb02d5b923a4e"},{"type":"FIX","url":"https://android.googlesource.com/platform/frameworks/base/+/51051de4eb40bb502db448084a83fd6cbfb7d3cf"}],"affected":[{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"13-next:0"},{"fixed":"13-next:2023-07-01"}]}],"versions":["13-next"],"ecosystem_specific":{"vanir_signatures":[{"id":"ASB-A-243794108-2827860e","target":{"file":"core/java/android/app/ActivityOptions.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/c62d2e1021a030f4f0ae5fcfc8fe8e0875fa669f","digest":{"threshold":0.9,"line_hashes":["16830641431705559210486446086715890742","143998394650110215676555192591849467967","325566079398684681412276195277187781401","270707006471848979591977877664679948966","157790339265301276034066860128610520493","219157077729158131834211419022094595646","89118085545473640529270490193888951563","130452289594865308465424102610160001137"]},"deprecated":false,"signature_version":"v1","signature_type":"Line"},{"id":"ASB-A-243794108-b9b71167","target":{"function":"sendInner","file":"services/core/java/com/android/server/am/PendingIntentRecord.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/48acfb0f1d71912e757cadd505901471c1df4d4c","digest":{"length":5161,"function_hash":"74347317448369607769169886222271088978"},"deprecated":false,"signature_version":"v1","signature_type":"Function"},{"id":"ASB-A-243794108-bb7a3e13","target":{"file":"services/core/java/com/android/server/am/PendingIntentRecord.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/48acfb0f1d71912e757cadd505901471c1df4d4c","digest":{"threshold":0.9,"line_hashes":["312639803275511109289718482010218955839","4012613833445150469580569471489681800","315751273564067820636973858556062386937","201229079492434820120352023187159593756","304922323653536617416328131915865339437","320670520838781722716483219607694679574","219150996124357935649781347210418884962","119496144356418631281332465026025587511"]},"deprecated":false,"signature_version":"v1","signature_type":"Line"},{"id":"ASB-A-243794108-f9cc50c3","target":{"function":"getPendingIntentLaunchFlags","file":"core/java/android/app/ActivityOptions.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/c62d2e1021a030f4f0ae5fcfc8fe8e0875fa669f","digest":{"length":57,"function_hash":"266928651522208641946073042560087418896"},"deprecated":false,"signature_version":"v1","signature_type":"Function"}],"types":["EoP"],"severity":"High","fixes":["https://android.googlesource.com/platform/frameworks/base/+/c4d3106e347922610f8c554de3ae238175ed393e","https://android.googlesource.com/platform/frameworks/base/+/48acfb0f1d71912e757cadd505901471c1df4d4c","https://android.googlesource.com/platform/frameworks/base/+/c62d2e1021a030f4f0ae5fcfc8fe8e0875fa669f"],"spl":"2023-07-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-243794108.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"11:0"},{"fixed":"11:2023-07-01"}]}],"versions":["11"],"ecosystem_specific":{"vanir_signatures":[{"id":"ASB-A-243794108-6baf023e","target":{"file":"core/java/android/app/ActivityOptions.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/c62d2e1021a030f4f0ae5fcfc8fe8e0875fa669f","digest":{"threshold":0.9,"line_hashes":["16830641431705559210486446086715890742","143998394650110215676555192591849467967","325566079398684681412276195277187781401","270707006471848979591977877664679948966","157790339265301276034066860128610520493","219157077729158131834211419022094595646","89118085545473640529270490193888951563","130452289594865308465424102610160001137"]},"deprecated":false,"signature_version":"v1","signature_type":"Line"},{"id":"ASB-A-243794108-95746aec","target":{"file":"services/core/java/com/android/server/am/PendingIntentRecord.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/48acfb0f1d71912e757cadd505901471c1df4d4c","digest":{"threshold":0.9,"line_hashes":["312639803275511109289718482010218955839","4012613833445150469580569471489681800","315751273564067820636973858556062386937","201229079492434820120352023187159593756","304922323653536617416328131915865339437","320670520838781722716483219607694679574","219150996124357935649781347210418884962","119496144356418631281332465026025587511"]},"deprecated":false,"signature_version":"v1","signature_type":"Line"},{"id":"ASB-A-243794108-dab166bb","target":{"function":"getPendingIntentLaunchFlags","file":"core/java/android/app/ActivityOptions.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/c62d2e1021a030f4f0ae5fcfc8fe8e0875fa669f","digest":{"length":57,"function_hash":"266928651522208641946073042560087418896"},"deprecated":false,"signature_version":"v1","signature_type":"Function"},{"id":"ASB-A-243794108-db11e0c3","target":{"function":"sendInner","file":"services/core/java/com/android/server/am/PendingIntentRecord.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/48acfb0f1d71912e757cadd505901471c1df4d4c","digest":{"length":5161,"function_hash":"74347317448369607769169886222271088978"},"deprecated":false,"signature_version":"v1","signature_type":"Function"}],"types":["EoP"],"severity":"High","fixes":["https://android.googlesource.com/platform/frameworks/base/+/c4d3106e347922610f8c554de3ae238175ed393e","https://android.googlesource.com/platform/frameworks/base/+/48acfb0f1d71912e757cadd505901471c1df4d4c","https://android.googlesource.com/platform/frameworks/base/+/c62d2e1021a030f4f0ae5fcfc8fe8e0875fa669f"],"spl":"2023-07-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-243794108.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12:0"},{"fixed":"12:2023-07-01"}]}],"versions":["12"],"ecosystem_specific":{"vanir_signatures":[{"id":"ASB-A-243794108-15e8f5c9","target":{"function":"getPendingIntentLaunchFlags","file":"core/java/android/app/ActivityOptions.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/c62d2e1021a030f4f0ae5fcfc8fe8e0875fa669f","digest":{"length":57,"function_hash":"266928651522208641946073042560087418896"},"deprecated":false,"signature_version":"v1","signature_type":"Function"},{"id":"ASB-A-243794108-3287d704","target":{"file":"core/java/android/app/ActivityOptions.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/c62d2e1021a030f4f0ae5fcfc8fe8e0875fa669f","digest":{"threshold":0.9,"line_hashes":["16830641431705559210486446086715890742","143998394650110215676555192591849467967","325566079398684681412276195277187781401","270707006471848979591977877664679948966","157790339265301276034066860128610520493","219157077729158131834211419022094595646","89118085545473640529270490193888951563","130452289594865308465424102610160001137"]},"deprecated":false,"signature_version":"v1","signature_type":"Line"},{"id":"ASB-A-243794108-3688bb9c","target":{"file":"services/core/java/com/android/server/am/PendingIntentRecord.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/48acfb0f1d71912e757cadd505901471c1df4d4c","digest":{"threshold":0.9,"line_hashes":["312639803275511109289718482010218955839","4012613833445150469580569471489681800","315751273564067820636973858556062386937","201229079492434820120352023187159593756","304922323653536617416328131915865339437","320670520838781722716483219607694679574","219150996124357935649781347210418884962","119496144356418631281332465026025587511"]},"deprecated":false,"signature_version":"v1","signature_type":"Line"},{"id":"ASB-A-243794108-a9eb72bf","target":{"function":"sendInner","file":"services/core/java/com/android/server/am/PendingIntentRecord.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/48acfb0f1d71912e757cadd505901471c1df4d4c","digest":{"length":5161,"function_hash":"74347317448369607769169886222271088978"},"deprecated":false,"signature_version":"v1","signature_type":"Function"}],"types":["EoP"],"severity":"High","fixes":["https://android.googlesource.com/platform/frameworks/base/+/c4d3106e347922610f8c554de3ae238175ed393e","https://android.googlesource.com/platform/frameworks/base/+/48acfb0f1d71912e757cadd505901471c1df4d4c","https://android.googlesource.com/platform/frameworks/base/+/c62d2e1021a030f4f0ae5fcfc8fe8e0875fa669f"],"spl":"2023-07-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-243794108.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12L:0"},{"fixed":"12L:2023-07-01"}]}],"versions":["12L"],"ecosystem_specific":{"vanir_signatures":[{"id":"ASB-A-243794108-a8693e1b","target":{"function":"getPendingIntentLaunchFlags","file":"core/java/android/app/ActivityOptions.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/c62d2e1021a030f4f0ae5fcfc8fe8e0875fa669f","digest":{"length":57,"function_hash":"266928651522208641946073042560087418896"},"deprecated":false,"signature_version":"v1","signature_type":"Function"},{"id":"ASB-A-243794108-c880d3ea","target":{"function":"sendInner","file":"services/core/java/com/android/server/am/PendingIntentRecord.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/48acfb0f1d71912e757cadd505901471c1df4d4c","digest":{"length":5161,"function_hash":"74347317448369607769169886222271088978"},"deprecated":false,"signature_version":"v1","signature_type":"Function"},{"id":"ASB-A-243794108-e04db50a","target":{"file":"services/core/java/com/android/server/am/PendingIntentRecord.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/48acfb0f1d71912e757cadd505901471c1df4d4c","digest":{"threshold":0.9,"line_hashes":["312639803275511109289718482010218955839","4012613833445150469580569471489681800","315751273564067820636973858556062386937","201229079492434820120352023187159593756","304922323653536617416328131915865339437","320670520838781722716483219607694679574","219150996124357935649781347210418884962","119496144356418631281332465026025587511"]},"deprecated":false,"signature_version":"v1","signature_type":"Line"},{"id":"ASB-A-243794108-eb418506","target":{"file":"core/java/android/app/ActivityOptions.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/c62d2e1021a030f4f0ae5fcfc8fe8e0875fa669f","digest":{"threshold":0.9,"line_hashes":["16830641431705559210486446086715890742","143998394650110215676555192591849467967","325566079398684681412276195277187781401","270707006471848979591977877664679948966","157790339265301276034066860128610520493","219157077729158131834211419022094595646","89118085545473640529270490193888951563","130452289594865308465424102610160001137"]},"deprecated":false,"signature_version":"v1","signature_type":"Line"}],"types":["EoP"],"severity":"High","fixes":["https://android.googlesource.com/platform/frameworks/base/+/c4d3106e347922610f8c554de3ae238175ed393e","https://android.googlesource.com/platform/frameworks/base/+/48acfb0f1d71912e757cadd505901471c1df4d4c","https://android.googlesource.com/platform/frameworks/base/+/c62d2e1021a030f4f0ae5fcfc8fe8e0875fa669f"],"spl":"2023-07-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-243794108.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"13:0"},{"fixed":"13:2023-07-01"}]}],"versions":["13"],"ecosystem_specific":{"vanir_signatures":[{"id":"ASB-A-243794108-59c9d537","target":{"file":"core/java/android/app/ActivityOptions.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/c62d2e1021a030f4f0ae5fcfc8fe8e0875fa669f","digest":{"threshold":0.9,"line_hashes":["16830641431705559210486446086715890742","143998394650110215676555192591849467967","325566079398684681412276195277187781401","270707006471848979591977877664679948966","157790339265301276034066860128610520493","219157077729158131834211419022094595646","89118085545473640529270490193888951563","130452289594865308465424102610160001137"]},"deprecated":false,"signature_version":"v1","signature_type":"Line"},{"id":"ASB-A-243794108-a0ce7ab6","target":{"function":"sendInner","file":"services/core/java/com/android/server/am/PendingIntentRecord.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/48acfb0f1d71912e757cadd505901471c1df4d4c","digest":{"length":5161,"function_hash":"74347317448369607769169886222271088978"},"deprecated":false,"signature_version":"v1","signature_type":"Function"},{"id":"ASB-A-243794108-ab33c3f9","target":{"file":"services/core/java/com/android/server/am/PendingIntentRecord.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/48acfb0f1d71912e757cadd505901471c1df4d4c","digest":{"threshold":0.9,"line_hashes":["312639803275511109289718482010218955839","4012613833445150469580569471489681800","315751273564067820636973858556062386937","201229079492434820120352023187159593756","304922323653536617416328131915865339437","320670520838781722716483219607694679574","219150996124357935649781347210418884962","119496144356418631281332465026025587511"]},"deprecated":false,"signature_version":"v1","signature_type":"Line"},{"id":"ASB-A-243794108-f9457d10","target":{"function":"getPendingIntentLaunchFlags","file":"core/java/android/app/ActivityOptions.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/c62d2e1021a030f4f0ae5fcfc8fe8e0875fa669f","digest":{"length":57,"function_hash":"266928651522208641946073042560087418896"},"deprecated":false,"signature_version":"v1","signature_type":"Function"}],"types":["EoP"],"severity":"High","fixes":["https://android.googlesource.com/platform/frameworks/base/+/c4d3106e347922610f8c554de3ae238175ed393e","https://android.googlesource.com/platform/frameworks/base/+/48acfb0f1d71912e757cadd505901471c1df4d4c","https://android.googlesource.com/platform/frameworks/base/+/c62d2e1021a030f4f0ae5fcfc8fe8e0875fa669f"],"spl":"2023-07-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-243794108.json"}}],"schema_version":"1.7.5"}