{"id":"ASB-A-253043502","details":"In onCreate of ManagePermissionsActivity.java, there is a possible way to bypass factory reset protections due to a missing permission check. This could lead to local escalation of privilege with physical access to a device that's been factory reset with no additional execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-253043502","CVE-2023-21133"],"modified":"2026-05-25T16:46:24.913870386Z","published":"2023-08-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2023-08-01"},{"type":"FIX","url":"https://android.googlesource.com/platform/packages/modules/Permission/+/0679e4f35055729be7276536fe45fe8ec18a0453"}],"affected":[{"package":{"name":"platform/packages/modules/Permission","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"13-next:0"},{"fixed":"13-next:2023-08-01"}]}],"versions":["13-next"],"ecosystem_specific":{"vanir_signatures":[{"target":{"file":"PermissionController/src/com/android/permissioncontroller/permission/ui/ManagePermissionsActivity.java","function":"onCreate"},"id":"ASB-A-253043502-74ba7f93","digest":{"function_hash":"19550475777279499778566048034414586681","length":9798},"signature_type":"Function","source":"https://android.googlesource.com/platform/packages/modules/Permission/+/df252474fd06e6c32bdfc139cc4ae6652ff634b8","signature_version":"v1","deprecated":false},{"target":{"file":"PermissionController/src/com/android/permissioncontroller/permission/ui/ManagePermissionsActivity.java"},"source":"https://android.googlesource.com/platform/packages/modules/Permission/+/df252474fd06e6c32bdfc139cc4ae6652ff634b8","id":"ASB-A-253043502-a8347857","signature_type":"Line","digest":{"line_hashes":["248349732906043956064980509565774782156","283656740424355907390535518213267350112","143758378226874456382843457310206284939","68253136204695582412165319054757246568","122172952947234953401504464214546525630","195303676814766850257551404529581926429","318667993667043690101703295441056620895"],"threshold":0.9},"signature_version":"v1","deprecated":false}],"spl":"2023-08-01","fixes":["https://android.googlesource.com/platform/packages/modules/Permission/+/df252474fd06e6c32bdfc139cc4ae6652ff634b8"],"types":["EoP"],"severity":"High"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-253043502.json"}},{"package":{"name":"platform/packages/modules/Permission","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12:0"},{"fixed":"12:2023-08-01"}]}],"versions":["12"],"ecosystem_specific":{"spl":"2023-08-01","severity":"High","fixes":["https://android.googlesource.com/platform/packages/modules/Permission/+/5e297ab51388db5375093f7dc21d37bd59de827c"],"types":["EoP"],"vanir_signatures":[{"target":{"file":"PermissionController/src/com/android/permissioncontroller/permission/ui/ManagePermissionsActivity.java","function":"onCreate"},"id":"ASB-A-253043502-1233a94f","digest":{"function_hash":"158329375275023421078547036698727559324","length":7160},"signature_type":"Function","source":"https://android.googlesource.com/platform/packages/modules/Permission/+/5e297ab51388db5375093f7dc21d37bd59de827c","signature_version":"v1","deprecated":false},{"target":{"file":"PermissionController/src/com/android/permissioncontroller/permission/ui/ManagePermissionsActivity.java"},"source":"https://android.googlesource.com/platform/packages/modules/Permission/+/5e297ab51388db5375093f7dc21d37bd59de827c","id":"ASB-A-253043502-ebfa433f","signature_type":"Line","digest":{"line_hashes":["102272497511510792636288077474635019966","73830320043416912536756213596268634802","334814977310204735028133236293272434200","214950123086942979686128144202008858930","122172952947234953401504464214546525630","195303676814766850257551404529581926429","318667993667043690101703295441056620895"],"threshold":0.9},"signature_version":"v1","deprecated":false}]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-253043502.json"}},{"package":{"name":"platform/packages/modules/Permission","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12L:0"},{"fixed":"12L:2023-08-01"}]}],"versions":["12L"],"ecosystem_specific":{"severity":"High","vanir_signatures":[{"target":{"file":"PermissionController/src/com/android/permissioncontroller/permission/ui/ManagePermissionsActivity.java","function":"onCreate"},"source":"https://android.googlesource.com/platform/packages/modules/Permission/+/8ba7136f816cd1b0182dc4c3a5cd70d023cad48e","id":"ASB-A-253043502-86970ca0","signature_type":"Function","digest":{"function_hash":"34104573745813964544688129800069138067","length":7185},"signature_version":"v1","deprecated":false},{"source":"https://android.googlesource.com/platform/packages/modules/Permission/+/8ba7136f816cd1b0182dc4c3a5cd70d023cad48e","digest":{"line_hashes":["102272497511510792636288077474635019966","73830320043416912536756213596268634802","334814977310204735028133236293272434200","214950123086942979686128144202008858930","122172952947234953401504464214546525630","195303676814766850257551404529581926429","318667993667043690101703295441056620895"],"threshold":0.9},"id":"ASB-A-253043502-b1cc1558","signature_type":"Line","target":{"file":"PermissionController/src/com/android/permissioncontroller/permission/ui/ManagePermissionsActivity.java"},"signature_version":"v1","deprecated":false}],"fixes":["https://android.googlesource.com/platform/packages/modules/Permission/+/8ba7136f816cd1b0182dc4c3a5cd70d023cad48e"],"types":["EoP"],"spl":"2023-08-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-253043502.json"}},{"package":{"name":"platform/packages/modules/Permission","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"13:0"},{"fixed":"13:2023-08-01"}]}],"versions":["13"],"ecosystem_specific":{"severity":"High","vanir_signatures":[{"id":"ASB-A-253043502-ac2b2350","digest":{"line_hashes":["248349732906043956064980509565774782156","188298556496395972709875190714230932667","232483192585281304532110593037372097532","31072592749161546704343042741305513274","122172952947234953401504464214546525630","195303676814766850257551404529581926429","318667993667043690101703295441056620895"],"threshold":0.9},"target":{"file":"PermissionController/src/com/android/permissioncontroller/permission/ui/ManagePermissionsActivity.java"},"signature_type":"Line","source":"https://android.googlesource.com/platform/packages/modules/Permission/+/8a6f1f59d6cb5367f0c88980a75ddc227dba956a","signature_version":"v1","deprecated":false},{"target":{"file":"PermissionController/src/com/android/permissioncontroller/permission/ui/ManagePermissionsActivity.java","function":"onCreate"},"id":"ASB-A-253043502-c9bb99ef","digest":{"function_hash":"42122007481256104765885868242226930324","length":8670},"signature_type":"Function","source":"https://android.googlesource.com/platform/packages/modules/Permission/+/8a6f1f59d6cb5367f0c88980a75ddc227dba956a","signature_version":"v1","deprecated":false}],"fixes":["https://android.googlesource.com/platform/packages/modules/Permission/+/8a6f1f59d6cb5367f0c88980a75ddc227dba956a"],"types":["EoP"],"spl":"2023-08-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-253043502.json"}}],"schema_version":"1.7.5"}