{"id":"ASB-A-261589597","details":"In multiple places of AccessibilityService, there is a possible way to hide the app from the user due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-261589597","CVE-2023-21109"],"modified":"2026-04-29T15:10:00.007170Z","published":"2023-05-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2023-05-01"},{"type":"FIX","url":"https://android.googlesource.com/platform/frameworks/base/+/2c1f16db893680b0db29ffa222652fea3e5b87e0"}],"affected":[{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"13-next:0"},{"fixed":"13-next:2023-05-01"}]}],"versions":["13-next"],"ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/c909ac47796c74c7c7aeb661424af4ce2292d693"],"vanir_signatures":[{"id":"ASB-A-261589597-2d03f03d","target":{"file":"services/accessibility/java/com/android/server/accessibility/AccessibilityManagerService.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/c909ac47796c74c7c7aeb661424af4ce2292d693","signature_type":"Line","signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["48694407734698710333817151001293651637","314536423431872940325646138748132163141","158041874584000712439746295766875668738","329939988617601460708251749600273920647"]},"deprecated":true},{"id":"ASB-A-261589597-80c396fd","match_only_versions":["13-next"],"digest":{"threshold":0.9,"line_hashes":["147900558044786314545792267672359057071","305030024658995885760197020537217538051","34580958047436048544740729871600899808","63745783541070982358345387298588196107"]},"target":{"file":"core/java/android/accessibilityservice/AccessibilityService.java"},"signature_type":"Line","source":"https://android.googlesource.com/platform/frameworks/base/+/c909ac47796c74c7c7aeb661424af4ce2292d693","signature_version":"v1","deprecated":true},{"id":"ASB-A-261589597-b6f86095","match_only_versions":["13-next"],"digest":{"length":424,"function_hash":"165698572771369437219152039154783444871"},"target":{"function":"sendServiceInfo","file":"core/java/android/accessibilityservice/AccessibilityService.java"},"signature_type":"Function","source":"https://android.googlesource.com/platform/frameworks/base/+/c909ac47796c74c7c7aeb661424af4ce2292d693","signature_version":"v1","deprecated":true},{"id":"ASB-A-261589597-b7f90edc","target":{"function":"readInstalledAccessibilityServiceLocked","file":"services/accessibility/java/com/android/server/accessibility/AccessibilityManagerService.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/c909ac47796c74c7c7aeb661424af4ce2292d693","signature_type":"Function","signature_version":"v1","digest":{"length":1392,"function_hash":"327644116232500776411480852830376714587"},"deprecated":true},{"id":"ASB-A-261589597-f758204d","target":{"file":"core/java/android/accessibilityservice/AccessibilityServiceInfo.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/c909ac47796c74c7c7aeb661424af4ce2292d693","signature_type":"Line","signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["170037414358564621991525497824986822371","244205176284508835220576540860640103823","118372462599051336567357512769278181216","314577834603114930318408273265161439235","97382286431948649308030780653505556793","233867508006465175029397194017396114778","98606073892487192750627463589260288854"]},"deprecated":true}],"severity":"High","types":["EoP"],"spl":"2023-05-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-261589597.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"11:0"},{"fixed":"11:2023-05-01"}]}],"versions":["11"],"ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/553232c29079fbeab28f95307d025c1426aa7142"],"vanir_signatures":[{"id":"ASB-A-261589597-3bc0e283","target":{"file":"core/java/android/accessibilityservice/AccessibilityServiceInfo.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/553232c29079fbeab28f95307d025c1426aa7142","signature_type":"Line","signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["170037414358564621991525497824986822371","244205176284508835220576540860640103823","118372462599051336567357512769278181216","314577834603114930318408273265161439235","97382286431948649308030780653505556793","233867508006465175029397194017396114778","98606073892487192750627463589260288854"]},"deprecated":false},{"id":"ASB-A-261589597-3e315a52","target":{"function":"readInstalledAccessibilityServiceLocked","file":"services/accessibility/java/com/android/server/accessibility/AccessibilityManagerService.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/553232c29079fbeab28f95307d025c1426aa7142","signature_type":"Function","signature_version":"v1","digest":{"length":1392,"function_hash":"327644116232500776411480852830376714587"},"deprecated":false},{"id":"ASB-A-261589597-94b2da83","target":{"function":"sendServiceInfo","file":"core/java/android/accessibilityservice/AccessibilityService.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/553232c29079fbeab28f95307d025c1426aa7142","signature_type":"Function","signature_version":"v1","digest":{"length":400,"function_hash":"291975609762650079011159303815140279746"},"deprecated":false},{"id":"ASB-A-261589597-9bb88a62","target":{"file":"core/java/android/accessibilityservice/AccessibilityService.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/553232c29079fbeab28f95307d025c1426aa7142","signature_type":"Line","signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["161630145876711414564351607509148585028","208779422458420669090741997733246251966","53421519010825774745735383141132778459","63745783541070982358345387298588196107"]},"deprecated":false},{"id":"ASB-A-261589597-f10861cb","target":{"file":"services/accessibility/java/com/android/server/accessibility/AccessibilityManagerService.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/553232c29079fbeab28f95307d025c1426aa7142","signature_type":"Line","signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["48694407734698710333817151001293651637","314536423431872940325646138748132163141","158041874584000712439746295766875668738","329939988617601460708251749600273920647"]},"deprecated":false}],"severity":"High","types":["EoP"],"spl":"2023-05-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-261589597.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12:0"},{"fixed":"12:2023-05-01"}]}],"versions":["12"],"ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/553232c29079fbeab28f95307d025c1426aa7142"],"vanir_signatures":[{"id":"ASB-A-261589597-1ab4ea24","target":{"function":"sendServiceInfo","file":"core/java/android/accessibilityservice/AccessibilityService.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/553232c29079fbeab28f95307d025c1426aa7142","signature_type":"Function","signature_version":"v1","digest":{"length":400,"function_hash":"291975609762650079011159303815140279746"},"deprecated":false},{"id":"ASB-A-261589597-2a3eff5a","target":{"file":"services/accessibility/java/com/android/server/accessibility/AccessibilityManagerService.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/553232c29079fbeab28f95307d025c1426aa7142","signature_type":"Line","signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["48694407734698710333817151001293651637","314536423431872940325646138748132163141","158041874584000712439746295766875668738","329939988617601460708251749600273920647"]},"deprecated":false},{"id":"ASB-A-261589597-6fc63038","target":{"function":"readInstalledAccessibilityServiceLocked","file":"services/accessibility/java/com/android/server/accessibility/AccessibilityManagerService.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/553232c29079fbeab28f95307d025c1426aa7142","signature_type":"Function","signature_version":"v1","digest":{"length":1392,"function_hash":"327644116232500776411480852830376714587"},"deprecated":false},{"id":"ASB-A-261589597-797cbd00","target":{"file":"core/java/android/accessibilityservice/AccessibilityService.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/553232c29079fbeab28f95307d025c1426aa7142","signature_type":"Line","signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["161630145876711414564351607509148585028","208779422458420669090741997733246251966","53421519010825774745735383141132778459","63745783541070982358345387298588196107"]},"deprecated":false},{"id":"ASB-A-261589597-de61399c","target":{"file":"core/java/android/accessibilityservice/AccessibilityServiceInfo.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/553232c29079fbeab28f95307d025c1426aa7142","signature_type":"Line","signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["170037414358564621991525497824986822371","244205176284508835220576540860640103823","118372462599051336567357512769278181216","314577834603114930318408273265161439235","97382286431948649308030780653505556793","233867508006465175029397194017396114778","98606073892487192750627463589260288854"]},"deprecated":false}],"severity":"High","types":["EoP"],"spl":"2023-05-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-261589597.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12L:0"},{"fixed":"12L:2023-05-01"}]}],"versions":["12L"],"ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/553232c29079fbeab28f95307d025c1426aa7142"],"vanir_signatures":[{"id":"ASB-A-261589597-027c2757","target":{"file":"services/accessibility/java/com/android/server/accessibility/AccessibilityManagerService.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/553232c29079fbeab28f95307d025c1426aa7142","signature_type":"Line","signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["48694407734698710333817151001293651637","314536423431872940325646138748132163141","158041874584000712439746295766875668738","329939988617601460708251749600273920647"]},"deprecated":false},{"id":"ASB-A-261589597-2b4a7cfa","target":{"function":"readInstalledAccessibilityServiceLocked","file":"services/accessibility/java/com/android/server/accessibility/AccessibilityManagerService.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/553232c29079fbeab28f95307d025c1426aa7142","signature_type":"Function","signature_version":"v1","digest":{"length":1392,"function_hash":"327644116232500776411480852830376714587"},"deprecated":false},{"id":"ASB-A-261589597-481d026d","target":{"file":"core/java/android/accessibilityservice/AccessibilityServiceInfo.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/553232c29079fbeab28f95307d025c1426aa7142","signature_type":"Line","signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["170037414358564621991525497824986822371","244205176284508835220576540860640103823","118372462599051336567357512769278181216","314577834603114930318408273265161439235","97382286431948649308030780653505556793","233867508006465175029397194017396114778","98606073892487192750627463589260288854"]},"deprecated":false},{"id":"ASB-A-261589597-ae8f7c85","target":{"function":"sendServiceInfo","file":"core/java/android/accessibilityservice/AccessibilityService.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/553232c29079fbeab28f95307d025c1426aa7142","signature_type":"Function","signature_version":"v1","digest":{"length":400,"function_hash":"291975609762650079011159303815140279746"},"deprecated":false},{"id":"ASB-A-261589597-f884e09c","target":{"file":"core/java/android/accessibilityservice/AccessibilityService.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/553232c29079fbeab28f95307d025c1426aa7142","signature_type":"Line","signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["161630145876711414564351607509148585028","208779422458420669090741997733246251966","53421519010825774745735383141132778459","63745783541070982358345387298588196107"]},"deprecated":false}],"severity":"High","types":["EoP"],"spl":"2023-05-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-261589597.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"13:0"},{"fixed":"13:2023-05-01"}]}],"versions":["13"],"ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/553232c29079fbeab28f95307d025c1426aa7142"],"vanir_signatures":[{"id":"ASB-A-261589597-106d560a","target":{"file":"core/java/android/accessibilityservice/AccessibilityServiceInfo.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/553232c29079fbeab28f95307d025c1426aa7142","signature_type":"Line","signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["170037414358564621991525497824986822371","244205176284508835220576540860640103823","118372462599051336567357512769278181216","314577834603114930318408273265161439235","97382286431948649308030780653505556793","233867508006465175029397194017396114778","98606073892487192750627463589260288854"]},"deprecated":false},{"id":"ASB-A-261589597-20867de9","target":{"function":"sendServiceInfo","file":"core/java/android/accessibilityservice/AccessibilityService.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/553232c29079fbeab28f95307d025c1426aa7142","signature_type":"Function","signature_version":"v1","digest":{"length":400,"function_hash":"291975609762650079011159303815140279746"},"deprecated":false},{"id":"ASB-A-261589597-48184e17","target":{"file":"core/java/android/accessibilityservice/AccessibilityService.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/553232c29079fbeab28f95307d025c1426aa7142","signature_type":"Line","signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["161630145876711414564351607509148585028","208779422458420669090741997733246251966","53421519010825774745735383141132778459","63745783541070982358345387298588196107"]},"deprecated":false},{"id":"ASB-A-261589597-5a86d5d4","target":{"function":"readInstalledAccessibilityServiceLocked","file":"services/accessibility/java/com/android/server/accessibility/AccessibilityManagerService.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/553232c29079fbeab28f95307d025c1426aa7142","signature_type":"Function","signature_version":"v1","digest":{"length":1392,"function_hash":"327644116232500776411480852830376714587"},"deprecated":false},{"id":"ASB-A-261589597-c160e3ad","target":{"file":"services/accessibility/java/com/android/server/accessibility/AccessibilityManagerService.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/553232c29079fbeab28f95307d025c1426aa7142","signature_type":"Line","signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["48694407734698710333817151001293651637","314536423431872940325646138748132163141","158041874584000712439746295766875668738","329939988617601460708251749600273920647"]},"deprecated":false}],"severity":"High","types":["EoP"],"spl":"2023-05-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-261589597.json"}}],"schema_version":"1.7.5"}