{"id":"ASB-A-258653813","details":"In onPrepareOptionsMenu of AppInfoDashboardFragment.java, there is a possible way to bypass admin restrictions and uninstall applications for all users due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-258653813","CVE-2023-20955"],"modified":"2026-04-17T15:55:28.020024Z","published":"2023-03-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2023-03-01"},{"type":"FIX","url":"https://android.googlesource.com/platform/packages/apps/Settings/+/f3b323e378ee5d98875711216cbd92f4fa795fc0"}],"affected":[{"package":{"name":"platform/packages/apps/Settings","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"13-next:0"},{"fixed":"13-next:2023-03-01"}]}],"versions":["13-next"],"ecosystem_specific":{"spl":"2023-03-01","types":["EoP"],"fixes":["https://android.googlesource.com/platform/packages/apps/Settings/+/18e77f27aa09c39aa0265ec19f302e6bf3280cfc"],"severity":"High","vanir_signatures":[{"signature_version":"v1","deprecated":false,"target":{"function":"onPrepareOptionsMenu","file":"src/com/android/settings/applications/appinfo/AppInfoDashboardFragment.java"},"signature_type":"Function","id":"ASB-A-258653813-a09b2b7f","digest":{"function_hash":"14830728290335196445060469367171498722","length":756},"source":"https://android.googlesource.com/platform/packages/apps/Settings/+/18e77f27aa09c39aa0265ec19f302e6bf3280cfc"},{"signature_version":"v1","deprecated":false,"target":{"file":"src/com/android/settings/applications/appinfo/AppInfoDashboardFragment.java"},"signature_type":"Line","id":"ASB-A-258653813-edb13754","digest":{"line_hashes":["135048681631507444047838452576672208960","147967870485548236032927660014139311308","41739866459031209175434535783539986956","266353271555346109623841972192053097360"],"threshold":0.9},"source":"https://android.googlesource.com/platform/packages/apps/Settings/+/18e77f27aa09c39aa0265ec19f302e6bf3280cfc"}]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-258653813.json"}},{"package":{"name":"platform/packages/apps/Settings","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"11:0"},{"fixed":"11:2023-03-01"}]}],"versions":["11"],"ecosystem_specific":{"spl":"2023-03-01","types":["EoP"],"fixes":["https://android.googlesource.com/platform/packages/apps/Settings/+/86914bedc84474c152e4536fb3cfa2fb488030b8"],"severity":"High","vanir_signatures":[{"signature_version":"v1","deprecated":false,"target":{"file":"src/com/android/settings/applications/appinfo/AppInfoDashboardFragment.java"},"signature_type":"Line","id":"ASB-A-258653813-5dd33b50","digest":{"line_hashes":["135048681631507444047838452576672208960","200293562576987570844025138663260918437","273338806753463825148908537991003059871","225055565300299958898457760001135011655"],"threshold":0.9},"source":"https://android.googlesource.com/platform/packages/apps/Settings/+/86914bedc84474c152e4536fb3cfa2fb488030b8"},{"signature_version":"v1","deprecated":false,"target":{"function":"onPrepareOptionsMenu","file":"src/com/android/settings/applications/appinfo/AppInfoDashboardFragment.java"},"signature_type":"Function","id":"ASB-A-258653813-71f48967","digest":{"function_hash":"256267160051243197012364446596867530403","length":678},"source":"https://android.googlesource.com/platform/packages/apps/Settings/+/86914bedc84474c152e4536fb3cfa2fb488030b8"}]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-258653813.json"}},{"package":{"name":"platform/packages/apps/Settings","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12:0"},{"fixed":"12:2023-03-01"}]}],"versions":["12"],"ecosystem_specific":{"spl":"2023-03-01","types":["EoP"],"fixes":["https://android.googlesource.com/platform/packages/apps/Settings/+/16500a7ada6b0730bec2787055667c4394fa3468"],"severity":"High","vanir_signatures":[{"signature_version":"v1","deprecated":false,"target":{"function":"onPrepareOptionsMenu","file":"src/com/android/settings/applications/appinfo/AppInfoDashboardFragment.java"},"signature_type":"Function","id":"ASB-A-258653813-7369288a","digest":{"function_hash":"256267160051243197012364446596867530403","length":678},"source":"https://android.googlesource.com/platform/packages/apps/Settings/+/16500a7ada6b0730bec2787055667c4394fa3468"},{"signature_version":"v1","deprecated":false,"target":{"file":"src/com/android/settings/applications/appinfo/AppInfoDashboardFragment.java"},"signature_type":"Line","id":"ASB-A-258653813-7f5b1329","digest":{"line_hashes":["135048681631507444047838452576672208960","200293562576987570844025138663260918437","273338806753463825148908537991003059871","225055565300299958898457760001135011655"],"threshold":0.9},"source":"https://android.googlesource.com/platform/packages/apps/Settings/+/16500a7ada6b0730bec2787055667c4394fa3468"}]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-258653813.json"}},{"package":{"name":"platform/packages/apps/Settings","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12L:0"},{"fixed":"12L:2023-03-01"}]}],"versions":["12L"],"ecosystem_specific":{"spl":"2023-03-01","types":["EoP"],"fixes":["https://android.googlesource.com/platform/packages/apps/Settings/+/9191ec13e25e28fa9d6afbbb0573557c7b891520"],"severity":"High","vanir_signatures":[{"signature_version":"v1","deprecated":false,"target":{"file":"src/com/android/settings/applications/appinfo/AppInfoDashboardFragment.java"},"signature_type":"Line","id":"ASB-A-258653813-aa08fd9b","digest":{"line_hashes":["135048681631507444047838452576672208960","200293562576987570844025138663260918437","273338806753463825148908537991003059871","225055565300299958898457760001135011655"],"threshold":0.9},"source":"https://android.googlesource.com/platform/packages/apps/Settings/+/9191ec13e25e28fa9d6afbbb0573557c7b891520"},{"signature_version":"v1","deprecated":false,"target":{"function":"onPrepareOptionsMenu","file":"src/com/android/settings/applications/appinfo/AppInfoDashboardFragment.java"},"signature_type":"Function","id":"ASB-A-258653813-ce52d479","digest":{"function_hash":"256267160051243197012364446596867530403","length":678},"source":"https://android.googlesource.com/platform/packages/apps/Settings/+/9191ec13e25e28fa9d6afbbb0573557c7b891520"}]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-258653813.json"}},{"package":{"name":"platform/packages/apps/Settings","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"13:0"},{"fixed":"13:2023-03-01"}]}],"versions":["13"],"ecosystem_specific":{"spl":"2023-03-01","types":["EoP"],"fixes":["https://android.googlesource.com/platform/packages/apps/Settings/+/22e4eebafe1bb646618fa4b64e5038a9dc00ac14"],"severity":"High","vanir_signatures":[{"signature_version":"v1","deprecated":false,"target":{"function":"onPrepareOptionsMenu","file":"src/com/android/settings/applications/appinfo/AppInfoDashboardFragment.java"},"signature_type":"Function","id":"ASB-A-258653813-6a9cfb1f","digest":{"function_hash":"14830728290335196445060469367171498722","length":756},"source":"https://android.googlesource.com/platform/packages/apps/Settings/+/22e4eebafe1bb646618fa4b64e5038a9dc00ac14"},{"signature_version":"v1","deprecated":false,"target":{"file":"src/com/android/settings/applications/appinfo/AppInfoDashboardFragment.java"},"signature_type":"Line","id":"ASB-A-258653813-a15041a2","digest":{"line_hashes":["135048681631507444047838452576672208960","147967870485548236032927660014139311308","41739866459031209175434535783539986956","266353271555346109623841972192053097360"],"threshold":0.9},"source":"https://android.googlesource.com/platform/packages/apps/Settings/+/22e4eebafe1bb646618fa4b64e5038a9dc00ac14"}]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-258653813.json"}}],"schema_version":"1.7.5"}