{"id":"ASB-A-259385017","details":"In retrieveAppEntry of NotificationAccessDetails.java, there is a missing permission check. This could lead to local escalation of privilege across user boundaries with no additional execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-259385017","CVE-2023-21107"],"modified":"2026-04-20T15:37:26.169566Z","published":"2023-05-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2023-05-01"},{"type":"FIX","url":"https://android.googlesource.com/platform/packages/apps/Settings/+/179e5ce2a521710992b5ebdb2d88e0c3b3f2c12b"}],"affected":[{"package":{"name":"platform/packages/apps/Settings","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"13-next:0"},{"fixed":"13-next:2023-05-01"}]}],"versions":["13-next"],"ecosystem_specific":{"vanir_signatures":[{"target":{"file":"src/com/android/settings/applications/specialaccess/notificationaccess/NotificationAccessDetails.java","function":"retrieveAppEntry"},"source":"https://android.googlesource.com/platform/packages/apps/Settings/+/99b8b4cd602affa6a8151c37f6a666ea0b7e0631","signature_version":"v1","id":"ASB-A-259385017-b79a05af","digest":{"length":799,"function_hash":"126812758670877602072831679107254504906"},"deprecated":false,"signature_type":"Function"},{"target":{"file":"src/com/android/settings/applications/specialaccess/notificationaccess/NotificationAccessDetails.java"},"source":"https://android.googlesource.com/platform/packages/apps/Settings/+/99b8b4cd602affa6a8151c37f6a666ea0b7e0631","signature_version":"v1","id":"ASB-A-259385017-d5d6a6e1","digest":{"threshold":0.9,"line_hashes":["122801481725524473723710929709275622710","222390034388202181844242922618841512158","283965336966937628894612660817621901131","272405940110754710207879884765393292318","196727238334898885538839268810150074966","315194688582831595259135626079335554853","46706889825726414093546133437972081899","38679744851214130239580683317555628502","163323195360202353972971378277645397893","196737136246763182714678355935877234911","140877233746596711254219934434432080051","27868741867664894162702260508424625566","326692411290225447106468416311027466663","271197561047071638675322122791349406644","202102347137811234824721270542908316933","240673301015471928763093234654380995634","150985011417713154467310296905082941349","148895478068658423118081653364542686348","229576963873663300966969905449561113344","334330305333797608329864193959475347539","110570043621086428945814529144846361935","321798546454385257581027784768169491613","265643929493417852125845845388086789476","137655301728279105138798586559354493568","328567503349184670597287643979372207968"]},"deprecated":false,"signature_type":"Line"}],"spl":"2023-05-01","types":["EoP"],"severity":"High","fixes":["https://android.googlesource.com/platform/packages/apps/Settings/+/99b8b4cd602affa6a8151c37f6a666ea0b7e0631"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-259385017.json"}},{"package":{"name":"platform/packages/apps/Settings","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"11:0"},{"fixed":"11:2023-05-01"}]}],"versions":["11"],"ecosystem_specific":{"vanir_signatures":[{"target":{"file":"src/com/android/settings/applications/specialaccess/notificationaccess/NotificationAccessDetails.java"},"source":"https://android.googlesource.com/platform/packages/apps/Settings/+/5fb0705664449e2a62c6219a8a417749620bb937","signature_version":"v1","id":"ASB-A-259385017-c9e2456e","digest":{"threshold":0.9,"line_hashes":["8287049963772050290548956172220293148","272291396490126000080040708517988334098","8509224761294982306728327176934189632","249033722199238218807734653215153680693","321416480491646694190929521416698814152","107269414546797637812676072006239190099","190837069176629548463978522804478144029","275056010447832419544168982845009319374","66639743089079996721577075337269212972","260421902015728785462815924696288937725","295225870636365965444688894582045108979","303755354804138495481184701803787877320"]},"deprecated":false,"signature_type":"Line"}],"spl":"2023-05-01","types":["EoP"],"severity":"High","fixes":["https://android.googlesource.com/platform/packages/apps/Settings/+/5fb0705664449e2a62c6219a8a417749620bb937"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-259385017.json"}},{"package":{"name":"platform/packages/apps/Settings","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12:0"},{"fixed":"12:2023-05-01"}]}],"versions":["12"],"ecosystem_specific":{"vanir_signatures":[{"target":{"file":"src/com/android/settings/applications/specialaccess/notificationaccess/NotificationAccessDetails.java","function":"retrieveAppEntry"},"source":"https://android.googlesource.com/platform/packages/apps/Settings/+/9a7bd79ca3ba7918e78e88b9638524887473d16c","signature_version":"v1","id":"ASB-A-259385017-2ba28877","digest":{"length":896,"function_hash":"120450392376070500879756491848392551899"},"deprecated":false,"signature_type":"Function"},{"target":{"file":"src/com/android/settings/applications/specialaccess/notificationaccess/NotificationAccessDetails.java"},"source":"https://android.googlesource.com/platform/packages/apps/Settings/+/9a7bd79ca3ba7918e78e88b9638524887473d16c","signature_version":"v1","id":"ASB-A-259385017-c1b4c5c8","digest":{"threshold":0.9,"line_hashes":["122801481725524473723710929709275622710","222390034388202181844242922618841512158","196737136246763182714678355935877234911","140877233746596711254219934434432080051","27868741867664894162702260508424625566","326692411290225447106468416311027466663","70668152671260240201884439802941552087","197591625939384808796586889176456419115","4077395368880426913245385536055685588","184383772242148734332557387196537530507","148895478068658423118081653364542686348","229576963873663300966969905449561113344","334330305333797608329864193959475347539","110570043621086428945814529144846361935","321798546454385257581027784768169491613","129981388302956578162621720284826158104","137655301728279105138798586559354493568","328567503349184670597287643979372207968"]},"deprecated":false,"signature_type":"Line"}],"spl":"2023-05-01","types":["EoP"],"severity":"High","fixes":["https://android.googlesource.com/platform/packages/apps/Settings/+/9a7bd79ca3ba7918e78e88b9638524887473d16c"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-259385017.json"}},{"package":{"name":"platform/packages/apps/Settings","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12L:0"},{"fixed":"12L:2023-05-01"}]}],"versions":["12L"],"ecosystem_specific":{"vanir_signatures":[{"target":{"file":"src/com/android/settings/applications/specialaccess/notificationaccess/NotificationAccessDetails.java"},"source":"https://android.googlesource.com/platform/packages/apps/Settings/+/d374ca1324396068477b682c6a5a3eaf6d6da208","signature_version":"v1","id":"ASB-A-259385017-50bf6293","digest":{"threshold":0.9,"line_hashes":["122801481725524473723710929709275622710","222390034388202181844242922618841512158","196737136246763182714678355935877234911","140877233746596711254219934434432080051","27868741867664894162702260508424625566","326692411290225447106468416311027466663","70668152671260240201884439802941552087","197591625939384808796586889176456419115","4077395368880426913245385536055685588","184383772242148734332557387196537530507","148895478068658423118081653364542686348","229576963873663300966969905449561113344","334330305333797608329864193959475347539","110570043621086428945814529144846361935","321798546454385257581027784768169491613","265643929493417852125845845388086789476","137655301728279105138798586559354493568","328567503349184670597287643979372207968"]},"deprecated":false,"signature_type":"Line"},{"target":{"file":"src/com/android/settings/applications/specialaccess/notificationaccess/NotificationAccessDetails.java","function":"retrieveAppEntry"},"source":"https://android.googlesource.com/platform/packages/apps/Settings/+/d374ca1324396068477b682c6a5a3eaf6d6da208","signature_version":"v1","id":"ASB-A-259385017-5a35c1ba","digest":{"length":799,"function_hash":"126812758670877602072831679107254504906"},"deprecated":false,"signature_type":"Function"}],"spl":"2023-05-01","types":["EoP"],"severity":"High","fixes":["https://android.googlesource.com/platform/packages/apps/Settings/+/d374ca1324396068477b682c6a5a3eaf6d6da208"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-259385017.json"}},{"package":{"name":"platform/packages/apps/Settings","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"13:0"},{"fixed":"13:2023-05-01"}]}],"versions":["13"],"ecosystem_specific":{"vanir_signatures":[{"target":{"file":"src/com/android/settings/applications/specialaccess/notificationaccess/NotificationAccessDetails.java","function":"retrieveAppEntry"},"source":"https://android.googlesource.com/platform/packages/apps/Settings/+/250edeead7625827110b6b944934fa470f7c0b47","signature_version":"v1","id":"ASB-A-259385017-044646d5","digest":{"length":799,"function_hash":"126812758670877602072831679107254504906"},"deprecated":false,"signature_type":"Function"},{"target":{"file":"src/com/android/settings/applications/specialaccess/notificationaccess/NotificationAccessDetails.java"},"source":"https://android.googlesource.com/platform/packages/apps/Settings/+/250edeead7625827110b6b944934fa470f7c0b47","signature_version":"v1","id":"ASB-A-259385017-d5445c53","digest":{"threshold":0.9,"line_hashes":["122801481725524473723710929709275622710","222390034388202181844242922618841512158","283965336966937628894612660817621901131","272405940110754710207879884765393292318","196727238334898885538839268810150074966","315194688582831595259135626079335554853","46706889825726414093546133437972081899","38679744851214130239580683317555628502","163323195360202353972971378277645397893","196737136246763182714678355935877234911","140877233746596711254219934434432080051","27868741867664894162702260508424625566","326692411290225447106468416311027466663","271197561047071638675322122791349406644","202102347137811234824721270542908316933","240673301015471928763093234654380995634","150985011417713154467310296905082941349","148895478068658423118081653364542686348","229576963873663300966969905449561113344","334330305333797608329864193959475347539","110570043621086428945814529144846361935","321798546454385257581027784768169491613","265643929493417852125845845388086789476","137655301728279105138798586559354493568","328567503349184670597287643979372207968"]},"deprecated":false,"signature_type":"Line"}],"spl":"2023-05-01","types":["EoP"],"severity":"High","fixes":["https://android.googlesource.com/platform/packages/apps/Settings/+/250edeead7625827110b6b944934fa470f7c0b47"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-259385017.json"}}],"schema_version":"1.7.5"}