{"id":"ASB-A-260567867","details":"In multiple functions of AccountManagerService.java, there is a possible loading of arbitrary code into the System Settings app due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-260567867","CVE-2023-21098"],"modified":"2026-04-30T15:48:46.890647Z","published":"2023-04-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2023-04-01"},{"type":"FIX","url":"https://android.googlesource.com/platform/frameworks/base/+/107e6377328486fca55131ea06ca9d6a3c1585e0"}],"affected":[{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"13-next:0"},{"fixed":"13-next:2023-04-01"}]}],"versions":["13-next"],"ecosystem_specific":{"vanir_signatures":[{"id":"ASB-A-260567867-0f0395d8","signature_type":"Function","source":"https://android.googlesource.com/platform/frameworks/base/+/e7c9cedab64313054a5f1d6e249a3d7118f0fe6d","digest":{"length":2630,"function_hash":"24063364796261288084818385041544745461"},"target":{"function":"onResult","file":"services/core/java/com/android/server/accounts/AccountManagerService.java"},"signature_version":"v1","deprecated":false},{"id":"ASB-A-260567867-5018acee","signature_type":"Line","source":"https://android.googlesource.com/platform/frameworks/base/+/e7c9cedab64313054a5f1d6e249a3d7118f0fe6d","digest":{"line_hashes":["102621481333874520227160300226568916637","87791047021780292960520905960333961581","227810543805131443330981162682500543823","249209199335521875619203833124111623883","333632741528280604425310716873061856856","296970883249405432748384307226135802410","322653182359092500475659955130112784308","70126697754156643117209328007530417998","339481037997816317821671594887686512293","221003920048527419293013806736736766485","97919473584709779965486999353676586848","234298834527873990978626021844002463501","300167801387346797691020387596466947641","60697875491319249160746600633389088059","101255738353673951573916089828613134146","117460194778136373718489259647932296637","221339240173144341381788826707641692497","249209199335521875619203833124111623883","333632741528280604425310716873061856856"],"threshold":0.9},"target":{"file":"services/core/java/com/android/server/accounts/AccountManagerService.java"},"signature_version":"v1","deprecated":false},{"id":"ASB-A-260567867-699f2b76","signature_type":"Function","source":"https://android.googlesource.com/platform/frameworks/base/+/e7c9cedab64313054a5f1d6e249a3d7118f0fe6d","digest":{"length":1320,"function_hash":"134451419846464950394386447436239146278"},"target":{"function":"checkKeyIntent","file":"services/core/java/com/android/server/accounts/AccountManagerService.java"},"signature_version":"v1","deprecated":false},{"id":"ASB-A-260567867-732e1150","signature_type":"Function","source":"https://android.googlesource.com/platform/frameworks/base/+/e7c9cedab64313054a5f1d6e249a3d7118f0fe6d","digest":{"length":347,"function_hash":"100361811884416474232114843533415316660"},"target":{"function":"checkKeyIntentParceledCorrectly","file":"services/core/java/com/android/server/accounts/AccountManagerService.java"},"signature_version":"v1","deprecated":false},{"id":"ASB-A-260567867-8d45e500","signature_type":"Function","source":"https://android.googlesource.com/platform/frameworks/base/+/e7c9cedab64313054a5f1d6e249a3d7118f0fe6d","digest":{"length":2228,"function_hash":"274929591755527814202843495797426672204"},"target":{"function":"onResult","file":"services/core/java/com/android/server/accounts/AccountManagerService.java"},"signature_version":"v1","deprecated":false}],"severity":"High","fixes":["https://android.googlesource.com/platform/frameworks/base/+/e7c9cedab64313054a5f1d6e249a3d7118f0fe6d"],"spl":"2023-04-01","types":["EoP"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-260567867.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"11:0"},{"fixed":"11:2023-04-01"}]}],"versions":["11"],"ecosystem_specific":{"vanir_signatures":[{"id":"ASB-A-260567867-44161b57","signature_type":"Function","source":"https://android.googlesource.com/platform/frameworks/base/+/9f623983a8d4ec48d58b0eda56fa461fc6748981","digest":{"length":2614,"function_hash":"41023448064838139733511489886308780141"},"target":{"function":"onResult","file":"services/core/java/com/android/server/accounts/AccountManagerService.java"},"signature_version":"v1","deprecated":false},{"id":"ASB-A-260567867-6d37caa9","signature_type":"Function","source":"https://android.googlesource.com/platform/frameworks/base/+/9f623983a8d4ec48d58b0eda56fa461fc6748981","digest":{"length":1331,"function_hash":"52865478785358617343039264453162914792"},"target":{"function":"checkKeyIntent","file":"services/core/java/com/android/server/accounts/AccountManagerService.java"},"signature_version":"v1","deprecated":false},{"id":"ASB-A-260567867-8462678d","signature_type":"Function","source":"https://android.googlesource.com/platform/frameworks/base/+/9f623983a8d4ec48d58b0eda56fa461fc6748981","digest":{"length":333,"function_hash":"94708205251876746338000343560764915402"},"target":{"function":"checkKeyIntentParceledCorrectly","file":"services/core/java/com/android/server/accounts/AccountManagerService.java"},"signature_version":"v1","deprecated":false},{"id":"ASB-A-260567867-85083a16","signature_type":"Line","source":"https://android.googlesource.com/platform/frameworks/base/+/9f623983a8d4ec48d58b0eda56fa461fc6748981","digest":{"line_hashes":["102621481333874520227160300226568916637","17410907499065417407586688844885386759","137971137004370039771630188077221928616","171654467451521752340925975754762571437","200743198349192667103830392242710855312","243628083512321978905245199028732910147","143497601475118715788948267903722960923","34403552962753278911522365955453991311","212527219679643165604639129087184543552","278096025294005194601942749711161288359","210066205031285334355977896094228933501","254649137641918737601387565419334774469","60013202798819483283863555381222552713","101255738353673951573916089828613134146","50186522400419522845497711063170164678","267026741779168971949661977336207845381","171654467451521752340925975754762571437","200743198349192667103830392242710855312"],"threshold":0.9},"target":{"file":"services/core/java/com/android/server/accounts/AccountManagerService.java"},"signature_version":"v1","deprecated":false},{"id":"ASB-A-260567867-a7b9bb0b","signature_type":"Function","source":"https://android.googlesource.com/platform/frameworks/base/+/9f623983a8d4ec48d58b0eda56fa461fc6748981","digest":{"length":2212,"function_hash":"267799739317786220573746323388235990046"},"target":{"function":"onResult","file":"services/core/java/com/android/server/accounts/AccountManagerService.java"},"signature_version":"v1","deprecated":false}],"severity":"High","fixes":["https://android.googlesource.com/platform/frameworks/base/+/9f623983a8d4ec48d58b0eda56fa461fc6748981"],"spl":"2023-04-01","types":["EoP"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-260567867.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12:0"},{"fixed":"12:2023-04-01"}]}],"versions":["12"],"ecosystem_specific":{"vanir_signatures":[{"id":"ASB-A-260567867-27a42bd3","signature_type":"Function","source":"https://android.googlesource.com/platform/frameworks/base/+/9f623983a8d4ec48d58b0eda56fa461fc6748981","digest":{"length":1331,"function_hash":"52865478785358617343039264453162914792"},"target":{"function":"checkKeyIntent","file":"services/core/java/com/android/server/accounts/AccountManagerService.java"},"signature_version":"v1","deprecated":false},{"id":"ASB-A-260567867-40603fb1","signature_type":"Line","source":"https://android.googlesource.com/platform/frameworks/base/+/9f623983a8d4ec48d58b0eda56fa461fc6748981","digest":{"line_hashes":["102621481333874520227160300226568916637","17410907499065417407586688844885386759","137971137004370039771630188077221928616","171654467451521752340925975754762571437","200743198349192667103830392242710855312","243628083512321978905245199028732910147","143497601475118715788948267903722960923","34403552962753278911522365955453991311","212527219679643165604639129087184543552","278096025294005194601942749711161288359","210066205031285334355977896094228933501","254649137641918737601387565419334774469","60013202798819483283863555381222552713","101255738353673951573916089828613134146","50186522400419522845497711063170164678","267026741779168971949661977336207845381","171654467451521752340925975754762571437","200743198349192667103830392242710855312"],"threshold":0.9},"target":{"file":"services/core/java/com/android/server/accounts/AccountManagerService.java"},"signature_version":"v1","deprecated":false},{"id":"ASB-A-260567867-450f3afb","signature_type":"Function","source":"https://android.googlesource.com/platform/frameworks/base/+/9f623983a8d4ec48d58b0eda56fa461fc6748981","digest":{"length":333,"function_hash":"94708205251876746338000343560764915402"},"target":{"function":"checkKeyIntentParceledCorrectly","file":"services/core/java/com/android/server/accounts/AccountManagerService.java"},"signature_version":"v1","deprecated":false},{"id":"ASB-A-260567867-53e9a05e","signature_type":"Function","source":"https://android.googlesource.com/platform/frameworks/base/+/9f623983a8d4ec48d58b0eda56fa461fc6748981","digest":{"length":2614,"function_hash":"41023448064838139733511489886308780141"},"target":{"function":"onResult","file":"services/core/java/com/android/server/accounts/AccountManagerService.java"},"signature_version":"v1","deprecated":false},{"id":"ASB-A-260567867-c75e5dd8","signature_type":"Function","source":"https://android.googlesource.com/platform/frameworks/base/+/9f623983a8d4ec48d58b0eda56fa461fc6748981","digest":{"length":2212,"function_hash":"267799739317786220573746323388235990046"},"target":{"function":"onResult","file":"services/core/java/com/android/server/accounts/AccountManagerService.java"},"signature_version":"v1","deprecated":false}],"severity":"High","fixes":["https://android.googlesource.com/platform/frameworks/base/+/9f623983a8d4ec48d58b0eda56fa461fc6748981"],"spl":"2023-04-01","types":["EoP"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-260567867.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12L:0"},{"fixed":"12L:2023-04-01"}]}],"versions":["12L"],"ecosystem_specific":{"vanir_signatures":[{"id":"ASB-A-260567867-147a6479","signature_type":"Function","source":"https://android.googlesource.com/platform/frameworks/base/+/9f623983a8d4ec48d58b0eda56fa461fc6748981","digest":{"length":2212,"function_hash":"267799739317786220573746323388235990046"},"target":{"function":"onResult","file":"services/core/java/com/android/server/accounts/AccountManagerService.java"},"signature_version":"v1","deprecated":false},{"id":"ASB-A-260567867-6cbd2519","signature_type":"Function","source":"https://android.googlesource.com/platform/frameworks/base/+/9f623983a8d4ec48d58b0eda56fa461fc6748981","digest":{"length":1331,"function_hash":"52865478785358617343039264453162914792"},"target":{"function":"checkKeyIntent","file":"services/core/java/com/android/server/accounts/AccountManagerService.java"},"signature_version":"v1","deprecated":false},{"id":"ASB-A-260567867-814bca32","signature_type":"Function","source":"https://android.googlesource.com/platform/frameworks/base/+/9f623983a8d4ec48d58b0eda56fa461fc6748981","digest":{"length":333,"function_hash":"94708205251876746338000343560764915402"},"target":{"function":"checkKeyIntentParceledCorrectly","file":"services/core/java/com/android/server/accounts/AccountManagerService.java"},"signature_version":"v1","deprecated":false},{"id":"ASB-A-260567867-b420f77c","signature_type":"Line","source":"https://android.googlesource.com/platform/frameworks/base/+/9f623983a8d4ec48d58b0eda56fa461fc6748981","digest":{"line_hashes":["102621481333874520227160300226568916637","17410907499065417407586688844885386759","137971137004370039771630188077221928616","171654467451521752340925975754762571437","200743198349192667103830392242710855312","243628083512321978905245199028732910147","143497601475118715788948267903722960923","34403552962753278911522365955453991311","212527219679643165604639129087184543552","278096025294005194601942749711161288359","210066205031285334355977896094228933501","254649137641918737601387565419334774469","60013202798819483283863555381222552713","101255738353673951573916089828613134146","50186522400419522845497711063170164678","267026741779168971949661977336207845381","171654467451521752340925975754762571437","200743198349192667103830392242710855312"],"threshold":0.9},"target":{"file":"services/core/java/com/android/server/accounts/AccountManagerService.java"},"signature_version":"v1","deprecated":false},{"id":"ASB-A-260567867-b9f8b81f","signature_type":"Function","source":"https://android.googlesource.com/platform/frameworks/base/+/9f623983a8d4ec48d58b0eda56fa461fc6748981","digest":{"length":2614,"function_hash":"41023448064838139733511489886308780141"},"target":{"function":"onResult","file":"services/core/java/com/android/server/accounts/AccountManagerService.java"},"signature_version":"v1","deprecated":false}],"severity":"High","fixes":["https://android.googlesource.com/platform/frameworks/base/+/9f623983a8d4ec48d58b0eda56fa461fc6748981"],"spl":"2023-04-01","types":["EoP"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-260567867.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"13:0"},{"fixed":"13:2023-04-01"}]}],"versions":["13"],"ecosystem_specific":{"vanir_signatures":[{"id":"ASB-A-260567867-517e3a33","signature_type":"Function","source":"https://android.googlesource.com/platform/frameworks/base/+/3723f400e2f7f6b72be5d76ae6058e2be579b002","digest":{"length":5624,"function_hash":"187948086070591231297392488894148739647"},"target":{"function":"getAuthToken","file":"services/core/java/com/android/server/accounts/AccountManagerService.java"},"signature_version":"v1","deprecated":false},{"id":"ASB-A-260567867-8ba17ec0","signature_type":"Function","source":"https://android.googlesource.com/platform/frameworks/base/+/3723f400e2f7f6b72be5d76ae6058e2be579b002","digest":{"length":2212,"function_hash":"267799739317786220573746323388235990046"},"target":{"function":"onResult","file":"services/core/java/com/android/server/accounts/AccountManagerService.java"},"signature_version":"v1","deprecated":false},{"match_only_versions":["13"],"signature_type":"Function","id":"ASB-A-260567867-b857cd09","source":"https://android.googlesource.com/platform/frameworks/base/+/3723f400e2f7f6b72be5d76ae6058e2be579b002","deprecated":false,"digest":{"length":1606,"function_hash":"261227585194831626479415770564533148761"},"target":{"function":"onResult","file":"services/core/java/com/android/server/accounts/AccountManagerService.java"},"signature_version":"v1"},{"id":"ASB-A-260567867-b906f6fc","signature_type":"Function","source":"https://android.googlesource.com/platform/frameworks/base/+/3723f400e2f7f6b72be5d76ae6058e2be579b002","digest":{"length":2614,"function_hash":"41023448064838139733511489886308780141"},"target":{"function":"onResult","file":"services/core/java/com/android/server/accounts/AccountManagerService.java"},"signature_version":"v1","deprecated":false},{"id":"ASB-A-260567867-ca1cbc91","signature_type":"Function","source":"https://android.googlesource.com/platform/frameworks/base/+/3723f400e2f7f6b72be5d76ae6058e2be579b002","digest":{"length":1320,"function_hash":"134451419846464950394386447436239146278"},"target":{"function":"checkKeyIntent","file":"services/core/java/com/android/server/accounts/AccountManagerService.java"},"signature_version":"v1","deprecated":false},{"id":"ASB-A-260567867-eb9ea585","signature_type":"Function","source":"https://android.googlesource.com/platform/frameworks/base/+/3723f400e2f7f6b72be5d76ae6058e2be579b002","digest":{"length":347,"function_hash":"100361811884416474232114843533415316660"},"target":{"function":"checkKeyIntentParceledCorrectly","file":"services/core/java/com/android/server/accounts/AccountManagerService.java"},"signature_version":"v1","deprecated":false},{"id":"ASB-A-260567867-f6e0a46f","signature_type":"Line","source":"https://android.googlesource.com/platform/frameworks/base/+/3723f400e2f7f6b72be5d76ae6058e2be579b002","digest":{"line_hashes":["3345597861118770780059298766421267087","242732919793228362579209848120206281270","191848758192162543277547550033520109670","141394416191930872290709805739668594678","102621481333874520227160300226568916637","17410907499065417407586688844885386759","137971137004370039771630188077221928616","171654467451521752340925975754762571437","200743198349192667103830392242710855312","296970883249405432748384307226135802410","322653182359092500475659955130112784308","70126697754156643117209328007530417998","339481037997816317821671594887686512293","221003920048527419293013806736736766485","97919473584709779965486999353676586848","234298834527873990978626021844002463501","300167801387346797691020387596466947641","60697875491319249160746600633389088059","101255738353673951573916089828613134146","50186522400419522845497711063170164678","267026741779168971949661977336207845381","171654467451521752340925975754762571437","200743198349192667103830392242710855312"],"threshold":0.9},"target":{"file":"services/core/java/com/android/server/accounts/AccountManagerService.java"},"signature_version":"v1","deprecated":false}],"severity":"High","fixes":["https://android.googlesource.com/platform/frameworks/base/+/3723f400e2f7f6b72be5d76ae6058e2be579b002"],"spl":"2023-04-01","types":["EoP"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-260567867.json"}}],"schema_version":"1.7.5"}