{"id":"ASB-A-251778420","details":"In onPrimaryClipChanged of ClipboardListener.java, there is a possible way to bypass factory reset protection due to incorrect UI being shown prior to setup completion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.","aliases":["A-251778420","CVE-2023-20953"],"modified":"2026-05-27T15:53:17.428190120Z","published":"2023-03-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2023-03-01"},{"type":"FIX","url":"https://android.googlesource.com/platform/frameworks/base/+/14a958756ff5725093199e68d04d22a85badcc16"}],"affected":[{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"13-next:0"},{"fixed":"13-next:2023-03-01"}]}],"versions":["13-next"],"ecosystem_specific":{"types":["EoP"],"spl":"2023-03-01","fixes":["https://android.googlesource.com/platform/frameworks/base/+/828a0f4119dc9fcc4d37b7bebf273e50ad9452f8"],"vanir_signatures":[{"target":{"file":"packages/SystemUI/src/com/android/systemui/clipboardoverlay/ClipboardOverlayEvent.java"},"digest":{"line_hashes":["156089486446672276104939384709799485012","247489564588645683066041968166888899408","159333107798570288722831522931981089116","7779789082296313623919544458835083841"],"threshold":0.9},"deprecated":false,"signature_type":"Line","signature_version":"v1","id":"ASB-A-251778420-1ba90f53","source":"https://android.googlesource.com/platform/frameworks/base/+/828a0f4119dc9fcc4d37b7bebf273e50ad9452f8"},{"deprecated":false,"digest":{"length":370,"function_hash":"163616617409505397925772287913492927131"},"target":{"function":"ClipboardListener","file":"packages/SystemUI/src/com/android/systemui/clipboardoverlay/ClipboardListener.java"},"signature_type":"Function","signature_version":"v1","id":"ASB-A-251778420-e65b21b2","source":"https://android.googlesource.com/platform/frameworks/base/+/828a0f4119dc9fcc4d37b7bebf273e50ad9452f8"},{"deprecated":false,"digest":{"line_hashes":["309581880082468664890615874362150298307","290713473686484743134435199018660868192","125086800664531810233244192573394945604","213397167234201302211258576993310905521","278022484617456028622226787674637850115","223822114968220071995820990362281277239","60254624148788914146812642766198597675","122477520417919189248448050365781709757","131612434293971132997415771018155786932","269608855099054148987306395709298825063","122452521751584533698827875918308582641","74404033281583706059496170027092788709","19406050301543940170011858521462660821","257953885181127943614555779612410865412","151674660547208224282796242661472765441","241456740878156651035435419854837801161","271939621894415413819538425139888966960","286854077548159339452735490885179277316","12032462277226907458175941468009316201","193313797412553161777221056153129801807","248560729695152217155726981239557645810","156321972731938097640597609995111951200","75738616800887975703766665217168134669","108942948949134335390799107156065291892","70759375248159447586080211205304490687","63117889591247637637495899209034550212","95057946815911575937226800607872892391","334913295936487476872037364203414688009","310139932874319052922534928380921507855","229863061187885724883184160459852161773"],"threshold":0.9},"target":{"file":"packages/SystemUI/src/com/android/systemui/clipboardoverlay/ClipboardListener.java"},"signature_type":"Line","signature_version":"v1","id":"ASB-A-251778420-f7763afd","source":"https://android.googlesource.com/platform/frameworks/base/+/828a0f4119dc9fcc4d37b7bebf273e50ad9452f8"},{"deprecated":false,"digest":{"length":858,"function_hash":"219351335013367947261065571847453308197"},"target":{"function":"onPrimaryClipChanged","file":"packages/SystemUI/src/com/android/systemui/clipboardoverlay/ClipboardListener.java"},"signature_type":"Function","signature_version":"v1","id":"ASB-A-251778420-fd45b4c8","source":"https://android.googlesource.com/platform/frameworks/base/+/828a0f4119dc9fcc4d37b7bebf273e50ad9452f8"}],"severity":"High"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-251778420.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"13:0"},{"fixed":"13:2023-03-01"}]}],"versions":["13"],"ecosystem_specific":{"types":["EoP"],"spl":"2023-03-01","fixes":["https://android.googlesource.com/platform/frameworks/base/+/d7a278b39b01cc702b662be8b34bce1d57a9c1bc"],"vanir_signatures":[{"deprecated":false,"digest":{"line_hashes":["309581880082468664890615874362150298307","290713473686484743134435199018660868192","125086800664531810233244192573394945604","213397167234201302211258576993310905521","278022484617456028622226787674637850115","223822114968220071995820990362281277239","60254624148788914146812642766198597675","122477520417919189248448050365781709757","131612434293971132997415771018155786932","125779980347631476019928671724312763687","169493190944002751429899487613272271182","66879199921287805607875445529951955848","314842808877825538817675070553731191825","25229828275610777341056241225813543088","281089925387180210179754115820347940627","170124664270987702032518632205966714408","195365186065560602252128432150883688526","104183916122917838078245832284816992076","98812802323807388100124691672265923753","74503409301123797152219791772415137143","330786941628146078507284131374059267072","203857675260388581819490843047309835141","52755846890464675160805277348157355398","70759375248159447586080211205304490687","63117889591247637637495899209034550212","95057946815911575937226800607872892391","255968344502106778106651872309622454916"],"threshold":0.9},"target":{"file":"packages/SystemUI/src/com/android/systemui/clipboardoverlay/ClipboardListener.java"},"signature_type":"Line","signature_version":"v1","id":"ASB-A-251778420-19954fb6","source":"https://android.googlesource.com/platform/frameworks/base/+/d7a278b39b01cc702b662be8b34bce1d57a9c1bc"},{"target":{"function":"ClipboardListener","file":"packages/SystemUI/src/com/android/systemui/clipboardoverlay/ClipboardListener.java"},"digest":{"length":205,"function_hash":"183291673990674099932770244616853195957"},"deprecated":false,"signature_type":"Function","signature_version":"v1","id":"ASB-A-251778420-c3f65ed1","source":"https://android.googlesource.com/platform/frameworks/base/+/d7a278b39b01cc702b662be8b34bce1d57a9c1bc"},{"deprecated":false,"digest":{"length":700,"function_hash":"279707309442175443040838845589895096753"},"target":{"function":"onPrimaryClipChanged","file":"packages/SystemUI/src/com/android/systemui/clipboardoverlay/ClipboardListener.java"},"signature_type":"Function","signature_version":"v1","id":"ASB-A-251778420-ca61cee5","source":"https://android.googlesource.com/platform/frameworks/base/+/d7a278b39b01cc702b662be8b34bce1d57a9c1bc"},{"deprecated":false,"digest":{"line_hashes":["156089486446672276104939384709799485012","247489564588645683066041968166888899408","159333107798570288722831522931981089116","7779789082296313623919544458835083841"],"threshold":0.9},"target":{"file":"packages/SystemUI/src/com/android/systemui/clipboardoverlay/ClipboardOverlayEvent.java"},"signature_type":"Line","signature_version":"v1","id":"ASB-A-251778420-d886441c","source":"https://android.googlesource.com/platform/frameworks/base/+/d7a278b39b01cc702b662be8b34bce1d57a9c1bc"}],"severity":"High"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-251778420.json"}}],"schema_version":"1.7.5"}