{"id":"ASB-A-263358101","details":"In registerReceiverWithFeature of ActivityManagerService.java, there is a possible way for isolated processes to register a broadcast receiver due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-263358101","CVE-2023-21117"],"modified":"2026-04-30T15:48:46.890647Z","published":"2023-05-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2023-05-01"},{"type":"FIX","url":"https://android.googlesource.com/platform/frameworks/base/+/8542596db53b1acfb0bf461c93900ff78b34edad"}],"affected":[{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"13-next:0"},{"fixed":"13-next:2023-05-01"}]}],"versions":["13-next"],"ecosystem_specific":{"types":["EoP"],"vanir_signatures":[{"signature_type":"Function","id":"ASB-A-263358101-b98b346f","digest":{"function_hash":"152932676432980376312038644622776302193","length":6173},"target":{"file":"services/core/java/com/android/server/am/ActivityManagerService.java","function":"registerReceiverWithFeature"},"source":"https://android.googlesource.com/platform/frameworks/base/+/43b8a91b0584dd1c6a136702e68e1f0cd519cb51","deprecated":false,"signature_version":"v1"},{"signature_type":"Line","id":"ASB-A-263358101-f4189bc6","digest":{"threshold":0.9,"line_hashes":["214473966615738178518306172651600075848","144445493020248977507263260612794207235","123846932426842070665861656378649937707","248061898277295565704131184295158899185","250881491421487870269010148820150436192","261597286108408192172661765512123600610","12383996178456683922944852262336941246","126682358563243152092669369697831739500","289569127497408046308750434801925785998"]},"target":{"file":"services/core/java/com/android/server/am/ActivityManagerService.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/43b8a91b0584dd1c6a136702e68e1f0cd519cb51","deprecated":false,"signature_version":"v1"}],"fixes":["https://android.googlesource.com/platform/frameworks/base/+/43b8a91b0584dd1c6a136702e68e1f0cd519cb51"],"spl":"2023-05-01","severity":"High"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-263358101.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"13:0"},{"fixed":"13:2023-05-01"}]}],"versions":["13"],"ecosystem_specific":{"types":["EoP"],"vanir_signatures":[{"signature_type":"Function","id":"ASB-A-263358101-2025e6bd","digest":{"function_hash":"63084740659856142944913298477939814480","length":6202},"target":{"file":"services/core/java/com/android/server/am/ActivityManagerService.java","function":"registerReceiverWithFeature"},"source":"https://android.googlesource.com/platform/frameworks/base/+/ca49ddc03fc161e11e4ea99a3e70ef766715410f","deprecated":false,"signature_version":"v1"},{"signature_type":"Line","id":"ASB-A-263358101-af28caf6","digest":{"threshold":0.9,"line_hashes":["214473966615738178518306172651600075848","144445493020248977507263260612794207235","123846932426842070665861656378649937707","248061898277295565704131184295158899185","250881491421487870269010148820150436192","261597286108408192172661765512123600610","12383996178456683922944852262336941246","126682358563243152092669369697831739500","289569127497408046308750434801925785998"]},"target":{"file":"services/core/java/com/android/server/am/ActivityManagerService.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/ca49ddc03fc161e11e4ea99a3e70ef766715410f","deprecated":false,"signature_version":"v1"}],"fixes":["https://android.googlesource.com/platform/frameworks/base/+/ca49ddc03fc161e11e4ea99a3e70ef766715410f"],"spl":"2023-05-01","severity":"High"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-263358101.json"}}],"schema_version":"1.7.5"}