{"id":"ASB-A-265798288","details":"In checkKeyIntentParceledCorrectly of AccountManagerService.java, there is a possible way to control other running activities due to unsafe deserialization. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-265798288","CVE-2023-35669"],"modified":"2026-05-25T16:46:24.913870386Z","published":"2023-09-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2023-09-01"},{"type":"FIX","url":"https://android.googlesource.com/platform/frameworks/base/+/f810d81839af38ee121c446105ca67cb12992fc6"}],"affected":[{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"13-next:0"},{"fixed":"13-next:2023-09-01"}]}],"versions":["13-next"],"ecosystem_specific":{"spl":"2023-09-01","severity":"High","fixes":["https://android.googlesource.com/platform/frameworks/base/+/8476b140eed0235df4e8f07d94420a1471191b55"],"types":["EoP"],"vanir_signatures":[{"id":"ASB-A-265798288-41663f73","target":{"file":"services/core/java/com/android/server/accounts/AccountManagerService.java"},"digest":{"line_hashes":["105742063094871766937010577244347100362","41831547722346298418863001400473844494","210507454749626293904794193921105781012","171630030037310044988416393019877335182"],"threshold":0.9},"signature_type":"Line","signature_version":"v1","source":"https://android.googlesource.com/platform/frameworks/base/+/8476b140eed0235df4e8f07d94420a1471191b55","deprecated":true},{"id":"ASB-A-265798288-7bbfd9e5","target":{"file":"services/core/java/com/android/server/accounts/AccountManagerService.java","function":"checkKeyIntentParceledCorrectly"},"digest":{"function_hash":"5312624277853522920463986731625181836","length":724},"signature_type":"Function","signature_version":"v1","source":"https://android.googlesource.com/platform/frameworks/base/+/8476b140eed0235df4e8f07d94420a1471191b55","deprecated":true}]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-265798288.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"11:0"},{"fixed":"11:2023-09-01"}]}],"versions":["11"],"ecosystem_specific":{"spl":"2023-09-01","severity":"High","fixes":["https://android.googlesource.com/platform/frameworks/base/+/b117b506ec0504ff9eb2fa523e82f1879ecb8cc1"],"types":["EoP"],"vanir_signatures":[{"id":"ASB-A-265798288-1f2eb017","digest":{"line_hashes":["284645906073750632685697538823996009341","86394597463221776563906047067977057223","10888822352540682865424533372652671058","122492226656786962457012965894461988286"],"threshold":0.9},"target":{"file":"services/core/java/com/android/server/accounts/AccountManagerService.java"},"signature_type":"Line","signature_version":"v1","source":"https://android.googlesource.com/platform/frameworks/base/+/b117b506ec0504ff9eb2fa523e82f1879ecb8cc1","deprecated":true},{"id":"ASB-A-265798288-71ec04b0","digest":{"function_hash":"65087535959933335363694556889345845267","length":692},"target":{"file":"services/core/java/com/android/server/accounts/AccountManagerService.java","function":"checkKeyIntentParceledCorrectly"},"signature_type":"Function","signature_version":"v1","source":"https://android.googlesource.com/platform/frameworks/base/+/b117b506ec0504ff9eb2fa523e82f1879ecb8cc1","deprecated":true}]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-265798288.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12:0"},{"fixed":"12:2023-09-01"}]}],"versions":["12"],"ecosystem_specific":{"spl":"2023-09-01","severity":"High","fixes":["https://android.googlesource.com/platform/frameworks/base/+/b117b506ec0504ff9eb2fa523e82f1879ecb8cc1"],"types":["EoP"],"vanir_signatures":[{"id":"ASB-A-265798288-48b8361a","digest":{"line_hashes":["284645906073750632685697538823996009341","86394597463221776563906047067977057223","10888822352540682865424533372652671058","122492226656786962457012965894461988286"],"threshold":0.9},"target":{"file":"services/core/java/com/android/server/accounts/AccountManagerService.java"},"signature_type":"Line","signature_version":"v1","source":"https://android.googlesource.com/platform/frameworks/base/+/b117b506ec0504ff9eb2fa523e82f1879ecb8cc1","deprecated":true},{"id":"ASB-A-265798288-f868995f","target":{"file":"services/core/java/com/android/server/accounts/AccountManagerService.java","function":"checkKeyIntentParceledCorrectly"},"digest":{"function_hash":"65087535959933335363694556889345845267","length":692},"signature_type":"Function","signature_version":"v1","source":"https://android.googlesource.com/platform/frameworks/base/+/b117b506ec0504ff9eb2fa523e82f1879ecb8cc1","deprecated":true}]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-265798288.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12L:0"},{"fixed":"12L:2023-09-01"}]}],"versions":["12L"],"ecosystem_specific":{"spl":"2023-09-01","severity":"High","fixes":["https://android.googlesource.com/platform/frameworks/base/+/b117b506ec0504ff9eb2fa523e82f1879ecb8cc1"],"types":["EoP"],"vanir_signatures":[{"id":"ASB-A-265798288-05d24594","digest":{"function_hash":"65087535959933335363694556889345845267","length":692},"target":{"file":"services/core/java/com/android/server/accounts/AccountManagerService.java","function":"checkKeyIntentParceledCorrectly"},"signature_type":"Function","signature_version":"v1","source":"https://android.googlesource.com/platform/frameworks/base/+/b117b506ec0504ff9eb2fa523e82f1879ecb8cc1","deprecated":true},{"id":"ASB-A-265798288-115acde3","digest":{"line_hashes":["284645906073750632685697538823996009341","86394597463221776563906047067977057223","10888822352540682865424533372652671058","122492226656786962457012965894461988286"],"threshold":0.9},"target":{"file":"services/core/java/com/android/server/accounts/AccountManagerService.java"},"signature_type":"Line","signature_version":"v1","source":"https://android.googlesource.com/platform/frameworks/base/+/b117b506ec0504ff9eb2fa523e82f1879ecb8cc1","deprecated":true}]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-265798288.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"13:0"},{"fixed":"13:2023-09-01"}]}],"versions":["13"],"ecosystem_specific":{"spl":"2023-09-01","severity":"High","fixes":["https://android.googlesource.com/platform/frameworks/base/+/8476b140eed0235df4e8f07d94420a1471191b55"],"types":["EoP"],"vanir_signatures":[{"id":"ASB-A-265798288-79cbb13c","digest":{"line_hashes":["105742063094871766937010577244347100362","41831547722346298418863001400473844494","210507454749626293904794193921105781012","171630030037310044988416393019877335182"],"threshold":0.9},"target":{"file":"services/core/java/com/android/server/accounts/AccountManagerService.java"},"signature_type":"Line","signature_version":"v1","source":"https://android.googlesource.com/platform/frameworks/base/+/8476b140eed0235df4e8f07d94420a1471191b55","deprecated":true},{"id":"ASB-A-265798288-ea7ab32b","target":{"file":"services/core/java/com/android/server/accounts/AccountManagerService.java","function":"checkKeyIntentParceledCorrectly"},"digest":{"function_hash":"5312624277853522920463986731625181836","length":724},"signature_type":"Function","signature_version":"v1","source":"https://android.googlesource.com/platform/frameworks/base/+/8476b140eed0235df4e8f07d94420a1471191b55","deprecated":true}]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-265798288.json"}}],"schema_version":"1.7.5"}