{"id":"ASB-A-257443065","details":"In updateSettingsInternalLI of InstallPackageHelper.java, there is a possible way to sideload an app in the work profile due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-257443065","CVE-2023-21257"],"modified":"2026-04-28T15:17:37.552933Z","published":"2023-07-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2023-07-01"},{"type":"FIX","url":"https://android.googlesource.com/platform/frameworks/base/+/1aec7feaf07e6d4568ca75d18158445dbeac10f6"}],"affected":[{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"13-next:0"},{"fixed":"13-next:2023-07-01"}]}],"versions":["13-next"],"ecosystem_specific":{"vanir_signatures":[{"signature_type":"Function","digest":{"length":5262,"function_hash":"59248572480963060094752201320419215239"},"target":{"function":"updateSettingsInternalLI","file":"services/core/java/com/android/server/pm/InstallPackageHelper.java"},"id":"ASB-A-257443065-310a8784","deprecated":false,"signature_version":"v1","source":"https://android.googlesource.com/platform/frameworks/base/+/febe3918020a94b2af48ade98eb6a49cdd4a3bdf"},{"signature_type":"Line","digest":{"line_hashes":["153467675175800175962888267713453816060","215537321862713657399570465190911351763","14756191442787275991622645710270436802","170982238663646153455825644688940397641","150142571880650494651637258185062747944","15635671695272049313199357078984455922","137425685871481753609245383687888395581"],"threshold":0.9},"target":{"file":"services/core/java/com/android/server/pm/InstallPackageHelper.java"},"id":"ASB-A-257443065-65ea6b42","deprecated":false,"signature_version":"v1","source":"https://android.googlesource.com/platform/frameworks/base/+/febe3918020a94b2af48ade98eb6a49cdd4a3bdf"}],"types":["EoP"],"spl":"2023-07-01","fixes":["https://android.googlesource.com/platform/frameworks/base/+/febe3918020a94b2af48ade98eb6a49cdd4a3bdf"],"severity":"High"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-257443065.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"13:0"},{"fixed":"13:2023-07-01"}]}],"versions":["13"],"ecosystem_specific":{"vanir_signatures":[{"signature_type":"Function","digest":{"length":5068,"function_hash":"4222137068855988299654110975963124951"},"target":{"function":"updateSettingsInternalLI","file":"services/core/java/com/android/server/pm/InstallPackageHelper.java"},"id":"ASB-A-257443065-070cf729","deprecated":false,"signature_version":"v1","source":"https://android.googlesource.com/platform/frameworks/base/+/28e133dff148cf8f43c551073000a459a1573985"},{"signature_type":"Line","digest":{"line_hashes":["151981888837245236717676532140197522632","6716612515192305523447968849324276043","228158732552534766263143569986709366128","234907804752039537257925342169604273720","249064722261673849036953928188340551639","212681092029670554093991325374612992516"],"threshold":0.9},"target":{"file":"services/core/java/com/android/server/pm/InstallPackageHelper.java"},"id":"ASB-A-257443065-b2d33c00","deprecated":false,"signature_version":"v1","source":"https://android.googlesource.com/platform/frameworks/base/+/28e133dff148cf8f43c551073000a459a1573985"}],"types":["EoP"],"spl":"2023-07-01","fixes":["https://android.googlesource.com/platform/frameworks/base/+/28e133dff148cf8f43c551073000a459a1573985"],"severity":"High"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-257443065.json"}}],"schema_version":"1.7.5"}