{"id":"ASB-A-265015796","details":"In checkKeyIntentParceledCorrectly() of ActivityManagerService.java, there is a possible bypass of Parcel Mismatch mitigations due to a logic error in the code. This could lead to local escalation of privilege and the ability to launch arbitrary activities in settings with no additional execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-265015796","CVE-2023-21131"],"modified":"2026-04-28T15:17:37.552933Z","published":"2023-06-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2023-06-01"},{"type":"FIX","url":"https://android.googlesource.com/platform/frameworks/base/+/87cb895ccdbf478c01793cb60449a607f46faa71"}],"affected":[{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"13-next:0"},{"fixed":"13-next:2023-06-01"}]}],"versions":["13-next"],"ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/e53a96304352e2965176c8d32ac1b504e52ef185"],"types":["EoP"],"vanir_signatures":[{"target":{"function":"checkKeyIntent","file":"services/core/java/com/android/server/accounts/AccountManagerService.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/e53a96304352e2965176c8d32ac1b504e52ef185","signature_version":"v1","signature_type":"Function","id":"ASB-A-265015796-1ec0f71f","deprecated":false,"digest":{"function_hash":"126667157862992427433369528170749915470","length":1357}},{"target":{"file":"services/tests/servicestests/src/com/android/server/accounts/TestAccountType1Authenticator.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/e53a96304352e2965176c8d32ac1b504e52ef185","signature_version":"v1","signature_type":"Line","id":"ASB-A-265015796-22efd9f7","deprecated":false,"digest":{"threshold":0.9,"line_hashes":["269279726235430834764489983668303619838","301224970527528093857810951546620913378","21632083541574899027784884738572544808","4845074139378926213251432966634929394","320216593919433781621935692553782658334","324837120757869052253621695671215606261","251119019915510195351260001878140273028","254874581105462892909677502338533864400","142086462005718979998326854186549052833","175095796486878655846427029602433457625","142698784215887767922290825670245646189","10108048241515839246863293803886664129","255972344253536343053766771728880192920","90710581335430139946644631752229268697","38052643692161471399819362323589378100","297527544305584402684091488961664188139","140884936251336567771304088220050665775"]}},{"target":{"function":"startAddAccountSession","file":"services/tests/servicestests/src/com/android/server/accounts/TestAccountType1Authenticator.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/e53a96304352e2965176c8d32ac1b504e52ef185","signature_version":"v1","signature_type":"Function","id":"ASB-A-265015796-3fb52d72","deprecated":false,"digest":{"function_hash":"159812158505881692603263724157810429103","length":1829}},{"target":{"file":"services/tests/servicestests/src/com/android/server/accounts/AccountManagerServiceTestFixtures.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/e53a96304352e2965176c8d32ac1b504e52ef185","signature_version":"v1","signature_type":"Line","id":"ASB-A-265015796-9fbf166a","deprecated":false,"digest":{"threshold":0.9,"line_hashes":["143566305696549729250864797577073939561","237911787562081032811532570904034081774","89237235422803990013979387293218386727","258778326798078190204209901010877057539","145003715184701734149269194664031412738","103634752343492226123316120153807405817","283472481419056861986397542446129973637","240358671385401931374510550252436498065"]}},{"target":{"function":"checkKeyIntentParceledCorrectly","file":"services/core/java/com/android/server/accounts/AccountManagerService.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/e53a96304352e2965176c8d32ac1b504e52ef185","signature_version":"v1","signature_type":"Function","id":"ASB-A-265015796-c4abe529","deprecated":false,"digest":{"function_hash":"269099889183086233890055092617498564435","length":409}},{"target":{"file":"services/core/java/com/android/server/accounts/AccountManagerService.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/e53a96304352e2965176c8d32ac1b504e52ef185","signature_version":"v1","signature_type":"Line","id":"ASB-A-265015796-cb53e2c5","deprecated":false,"digest":{"threshold":0.9,"line_hashes":["45948630037709568820452494792232919816","34958516450218475959801359463520909847","314125733985499676275220318918945810805","102361261050912304624631272624197807995","336516437240532901905451514394087270457","304062951215594446792620591010380672916","309559088534552329809466612778027109779","182152067414903247376724271560502768759","279710915710661289844876685284334949757","209302156857942646960233017042372488863","33066578238356257485160908839629263424"]}}],"severity":"High","spl":"2023-06-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-265015796.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"11:0"},{"fixed":"11:2023-06-01"}]}],"versions":["11"],"ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/92114886bdce8467c52c655c186f3e7ab1e134d8"],"types":["EoP"],"vanir_signatures":[{"target":{"function":"checkKeyIntent","file":"services/core/java/com/android/server/accounts/AccountManagerService.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/92114886bdce8467c52c655c186f3e7ab1e134d8","signature_version":"v1","signature_type":"Function","id":"ASB-A-265015796-1e0d540b","deprecated":false,"digest":{"function_hash":"134427852295498243245548412185747219053","length":1368}},{"target":{"file":"services/tests/servicestests/src/com/android/server/accounts/AccountManagerServiceTestFixtures.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/92114886bdce8467c52c655c186f3e7ab1e134d8","signature_version":"v1","signature_type":"Line","id":"ASB-A-265015796-1e1d1958","deprecated":false,"digest":{"threshold":0.9,"line_hashes":["143566305696549729250864797577073939561","237911787562081032811532570904034081774","89237235422803990013979387293218386727","258778326798078190204209901010877057539","145003715184701734149269194664031412738","103634752343492226123316120153807405817","283472481419056861986397542446129973637","240358671385401931374510550252436498065"]}},{"target":{"file":"services/core/java/com/android/server/accounts/AccountManagerService.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/92114886bdce8467c52c655c186f3e7ab1e134d8","signature_version":"v1","signature_type":"Line","id":"ASB-A-265015796-5fa05811","deprecated":false,"digest":{"threshold":0.9,"line_hashes":["45948630037709568820452494792232919816","34958516450218475959801359463520909847","314125733985499676275220318918945810805","102361261050912304624631272624197807995","130191105519504475699726976314981713920","305600613251274760190282936265020246449","16189201188266487278709774551804721771","182152067414903247376724271560502768759","279710915710661289844876685284334949757","209302156857942646960233017042372488863","33066578238356257485160908839629263424"]}},{"target":{"function":"checkKeyIntentParceledCorrectly","file":"services/core/java/com/android/server/accounts/AccountManagerService.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/92114886bdce8467c52c655c186f3e7ab1e134d8","signature_version":"v1","signature_type":"Function","id":"ASB-A-265015796-8995d6d3","deprecated":false,"digest":{"function_hash":"30346023895425935454475021047545318937","length":377}},{"target":{"function":"startAddAccountSession","file":"services/tests/servicestests/src/com/android/server/accounts/TestAccountType1Authenticator.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/92114886bdce8467c52c655c186f3e7ab1e134d8","signature_version":"v1","signature_type":"Function","id":"ASB-A-265015796-8d411cfa","deprecated":false,"digest":{"function_hash":"159812158505881692603263724157810429103","length":1829}},{"target":{"file":"services/tests/servicestests/src/com/android/server/accounts/TestAccountType1Authenticator.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/92114886bdce8467c52c655c186f3e7ab1e134d8","signature_version":"v1","signature_type":"Line","id":"ASB-A-265015796-cac94b5b","deprecated":false,"digest":{"threshold":0.9,"line_hashes":["269279726235430834764489983668303619838","301224970527528093857810951546620913378","21632083541574899027784884738572544808","4845074139378926213251432966634929394","320216593919433781621935692553782658334","324837120757869052253621695671215606261","251119019915510195351260001878140273028","254874581105462892909677502338533864400","142086462005718979998326854186549052833","175095796486878655846427029602433457625","142698784215887767922290825670245646189","10108048241515839246863293803886664129","255972344253536343053766771728880192920","90710581335430139946644631752229268697","38052643692161471399819362323589378100","297527544305584402684091488961664188139","140884936251336567771304088220050665775"]}}],"severity":"High","spl":"2023-06-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-265015796.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12:0"},{"fixed":"12:2023-06-01"}]}],"versions":["12"],"ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/5e01f68bdabe8aa7154e1ed936235b5304f4c0cd"],"types":["EoP"],"vanir_signatures":[{"target":{"function":"startAddAccountSession","file":"services/tests/servicestests/src/com/android/server/accounts/TestAccountType1Authenticator.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/5e01f68bdabe8aa7154e1ed936235b5304f4c0cd","signature_version":"v1","signature_type":"Function","id":"ASB-A-265015796-264fb8f7","deprecated":false,"digest":{"function_hash":"159812158505881692603263724157810429103","length":1829}},{"target":{"file":"services/tests/servicestests/src/com/android/server/accounts/TestAccountType1Authenticator.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/5e01f68bdabe8aa7154e1ed936235b5304f4c0cd","signature_version":"v1","signature_type":"Line","id":"ASB-A-265015796-59f5082f","deprecated":false,"digest":{"threshold":0.9,"line_hashes":["269279726235430834764489983668303619838","301224970527528093857810951546620913378","21632083541574899027784884738572544808","4845074139378926213251432966634929394","320216593919433781621935692553782658334","324837120757869052253621695671215606261","251119019915510195351260001878140273028","254874581105462892909677502338533864400","142086462005718979998326854186549052833","175095796486878655846427029602433457625","142698784215887767922290825670245646189","10108048241515839246863293803886664129","255972344253536343053766771728880192920","90710581335430139946644631752229268697","38052643692161471399819362323589378100","297527544305584402684091488961664188139","140884936251336567771304088220050665775"]}},{"target":{"function":"checkKeyIntentParceledCorrectly","file":"services/core/java/com/android/server/accounts/AccountManagerService.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/5e01f68bdabe8aa7154e1ed936235b5304f4c0cd","signature_version":"v1","signature_type":"Function","id":"ASB-A-265015796-648eb966","deprecated":false,"digest":{"function_hash":"30346023895425935454475021047545318937","length":377}},{"target":{"function":"checkKeyIntent","file":"services/core/java/com/android/server/accounts/AccountManagerService.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/5e01f68bdabe8aa7154e1ed936235b5304f4c0cd","signature_version":"v1","signature_type":"Function","id":"ASB-A-265015796-8aeabf15","deprecated":false,"digest":{"function_hash":"249424314480977025865006628511544501288","length":1374}},{"target":{"file":"services/core/java/com/android/server/accounts/AccountManagerService.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/5e01f68bdabe8aa7154e1ed936235b5304f4c0cd","signature_version":"v1","signature_type":"Line","id":"ASB-A-265015796-a151cf0d","deprecated":false,"digest":{"threshold":0.9,"line_hashes":["45948630037709568820452494792232919816","34958516450218475959801359463520909847","314125733985499676275220318918945810805","102361261050912304624631272624197807995","336516437240532901905451514394087270457","304062951215594446792620591010380672916","309559088534552329809466612778027109779","182152067414903247376724271560502768759","279710915710661289844876685284334949757","209302156857942646960233017042372488863","33066578238356257485160908839629263424"]}},{"target":{"file":"services/tests/servicestests/src/com/android/server/accounts/AccountManagerServiceTestFixtures.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/5e01f68bdabe8aa7154e1ed936235b5304f4c0cd","signature_version":"v1","signature_type":"Line","id":"ASB-A-265015796-d75b92b6","deprecated":false,"digest":{"threshold":0.9,"line_hashes":["143566305696549729250864797577073939561","237911787562081032811532570904034081774","89237235422803990013979387293218386727","258778326798078190204209901010877057539","145003715184701734149269194664031412738","103634752343492226123316120153807405817","283472481419056861986397542446129973637","240358671385401931374510550252436498065"]}}],"severity":"High","spl":"2023-06-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-265015796.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12L:0"},{"fixed":"12L:2023-06-01"}]}],"versions":["12L"],"ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/a90f96a4c4e6b4b80a0556995751fdbe5e905aeb"],"types":["EoP"],"vanir_signatures":[{"target":{"function":"checkKeyIntentParceledCorrectly","file":"services/core/java/com/android/server/accounts/AccountManagerService.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/a90f96a4c4e6b4b80a0556995751fdbe5e905aeb","signature_version":"v1","signature_type":"Function","id":"ASB-A-265015796-632b4107","deprecated":false,"digest":{"function_hash":"30346023895425935454475021047545318937","length":377}},{"target":{"file":"services/tests/servicestests/src/com/android/server/accounts/AccountManagerServiceTestFixtures.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/a90f96a4c4e6b4b80a0556995751fdbe5e905aeb","signature_version":"v1","signature_type":"Line","id":"ASB-A-265015796-98321bc2","deprecated":false,"digest":{"threshold":0.9,"line_hashes":["143566305696549729250864797577073939561","237911787562081032811532570904034081774","89237235422803990013979387293218386727","258778326798078190204209901010877057539","145003715184701734149269194664031412738","103634752343492226123316120153807405817","283472481419056861986397542446129973637","240358671385401931374510550252436498065"]}},{"target":{"function":"startAddAccountSession","file":"services/tests/servicestests/src/com/android/server/accounts/TestAccountType1Authenticator.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/a90f96a4c4e6b4b80a0556995751fdbe5e905aeb","signature_version":"v1","signature_type":"Function","id":"ASB-A-265015796-a081d82e","deprecated":false,"digest":{"function_hash":"159812158505881692603263724157810429103","length":1829}},{"target":{"file":"services/tests/servicestests/src/com/android/server/accounts/TestAccountType1Authenticator.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/a90f96a4c4e6b4b80a0556995751fdbe5e905aeb","signature_version":"v1","signature_type":"Line","id":"ASB-A-265015796-b19b699d","deprecated":false,"digest":{"threshold":0.9,"line_hashes":["269279726235430834764489983668303619838","301224970527528093857810951546620913378","21632083541574899027784884738572544808","4845074139378926213251432966634929394","320216593919433781621935692553782658334","324837120757869052253621695671215606261","251119019915510195351260001878140273028","254874581105462892909677502338533864400","142086462005718979998326854186549052833","175095796486878655846427029602433457625","142698784215887767922290825670245646189","10108048241515839246863293803886664129","255972344253536343053766771728880192920","90710581335430139946644631752229268697","38052643692161471399819362323589378100","297527544305584402684091488961664188139","140884936251336567771304088220050665775"]}},{"target":{"function":"checkKeyIntent","file":"services/core/java/com/android/server/accounts/AccountManagerService.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/a90f96a4c4e6b4b80a0556995751fdbe5e905aeb","signature_version":"v1","signature_type":"Function","id":"ASB-A-265015796-c8901725","deprecated":false,"digest":{"function_hash":"249424314480977025865006628511544501288","length":1374}},{"target":{"file":"services/core/java/com/android/server/accounts/AccountManagerService.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/a90f96a4c4e6b4b80a0556995751fdbe5e905aeb","signature_version":"v1","signature_type":"Line","id":"ASB-A-265015796-e406e971","deprecated":false,"digest":{"threshold":0.9,"line_hashes":["45948630037709568820452494792232919816","34958516450218475959801359463520909847","314125733985499676275220318918945810805","102361261050912304624631272624197807995","336516437240532901905451514394087270457","304062951215594446792620591010380672916","309559088534552329809466612778027109779","182152067414903247376724271560502768759","279710915710661289844876685284334949757","209302156857942646960233017042372488863","33066578238356257485160908839629263424"]}}],"severity":"High","spl":"2023-06-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-265015796.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"13:0"},{"fixed":"13:2023-06-01"}]}],"versions":["13"],"ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/64f6c1e13588af3cf4d88a39d9d540c140982043"],"types":["EoP"],"vanir_signatures":[{"target":{"function":"checkKeyIntent","file":"services/core/java/com/android/server/accounts/AccountManagerService.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/64f6c1e13588af3cf4d88a39d9d540c140982043","signature_version":"v1","signature_type":"Function","id":"ASB-A-265015796-17d3d5ef","deprecated":false,"digest":{"function_hash":"126667157862992427433369528170749915470","length":1357}},{"target":{"file":"services/tests/servicestests/src/com/android/server/accounts/TestAccountType1Authenticator.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/64f6c1e13588af3cf4d88a39d9d540c140982043","signature_version":"v1","signature_type":"Line","id":"ASB-A-265015796-3aaf61cc","deprecated":false,"digest":{"threshold":0.9,"line_hashes":["269279726235430834764489983668303619838","301224970527528093857810951546620913378","21632083541574899027784884738572544808","4845074139378926213251432966634929394","320216593919433781621935692553782658334","324837120757869052253621695671215606261","251119019915510195351260001878140273028","254874581105462892909677502338533864400","142086462005718979998326854186549052833","175095796486878655846427029602433457625","142698784215887767922290825670245646189","10108048241515839246863293803886664129","255972344253536343053766771728880192920","90710581335430139946644631752229268697","38052643692161471399819362323589378100","297527544305584402684091488961664188139","140884936251336567771304088220050665775"]}},{"target":{"file":"services/core/java/com/android/server/accounts/AccountManagerService.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/64f6c1e13588af3cf4d88a39d9d540c140982043","signature_version":"v1","signature_type":"Line","id":"ASB-A-265015796-67220105","deprecated":false,"digest":{"threshold":0.9,"line_hashes":["45948630037709568820452494792232919816","34958516450218475959801359463520909847","314125733985499676275220318918945810805","102361261050912304624631272624197807995","336516437240532901905451514394087270457","304062951215594446792620591010380672916","309559088534552329809466612778027109779","182152067414903247376724271560502768759","279710915710661289844876685284334949757","209302156857942646960233017042372488863","33066578238356257485160908839629263424"]}},{"target":{"function":"checkKeyIntentParceledCorrectly","file":"services/core/java/com/android/server/accounts/AccountManagerService.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/64f6c1e13588af3cf4d88a39d9d540c140982043","signature_version":"v1","signature_type":"Function","id":"ASB-A-265015796-6cfae03a","deprecated":false,"digest":{"function_hash":"269099889183086233890055092617498564435","length":409}},{"target":{"function":"startAddAccountSession","file":"services/tests/servicestests/src/com/android/server/accounts/TestAccountType1Authenticator.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/64f6c1e13588af3cf4d88a39d9d540c140982043","signature_version":"v1","signature_type":"Function","id":"ASB-A-265015796-989fe79a","deprecated":false,"digest":{"function_hash":"159812158505881692603263724157810429103","length":1829}},{"target":{"file":"services/tests/servicestests/src/com/android/server/accounts/AccountManagerServiceTestFixtures.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/64f6c1e13588af3cf4d88a39d9d540c140982043","signature_version":"v1","signature_type":"Line","id":"ASB-A-265015796-ddb6359d","deprecated":false,"digest":{"threshold":0.9,"line_hashes":["143566305696549729250864797577073939561","237911787562081032811532570904034081774","89237235422803990013979387293218386727","258778326798078190204209901010877057539","145003715184701734149269194664031412738","103634752343492226123316120153807405817","283472481419056861986397542446129973637","240358671385401931374510550252436498065"]}}],"severity":"High","spl":"2023-06-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-265015796.json"}}],"schema_version":"1.7.5"}