{"id":"ASB-A-270049379","details":"In setMediaButtonBroadcastReceiver of MediaSessionRecord.java, there is a possible permanent DoS due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-270049379","CVE-2023-21280"],"modified":"2026-04-28T15:17:37.552933Z","published":"2023-08-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2023-08-01"},{"type":"FIX","url":"https://android.googlesource.com/platform/frameworks/base/+/06e772e05514af4aa427641784c5eec39a892ed3"}],"affected":[{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"13-next:0"},{"fixed":"13-next:2023-08-01"}]}],"versions":["13-next"],"ecosystem_specific":{"severity":"High","fixes":["https://android.googlesource.com/platform/frameworks/base/+/c573c83a2aa36ca022302f675d705518dd723a3c"],"vanir_signatures":[{"signature_version":"v1","source":"https://android.googlesource.com/platform/frameworks/base/+/c573c83a2aa36ca022302f675d705518dd723a3c","id":"ASB-A-270049379-2f6d3a50","digest":{"threshold":0.9,"line_hashes":["182110983856181510129217674702988413493","322593735838003964997890217811901607217","211834520396439693117491115934872614584","178162158746897668926489404584312476125","26063781366599612095537924233041212811","334082644998293043635481032334739318235","236345528487390275878220842261957413937","123274731320680558117208233198720714529","117790082109853598982266859391488403628","36275357001704057301361924289824477362","2197435627853248736705352859181528711","139972757214791040289723781303860245465","322076418254438078789224535831581253922","2345543855376728000792442315142235988","287102711803760445921392954903838168464","275947674007324668373361275075843201454","53914481670964070342629675062259607123","309957513170072067093477760308286327593","271659141126652695160497016653731360265","44274278879701415859994919349602377465","177837693477925481534174928123200923726","318442857410077174712454032491247650369","11163825275961824935311186104336029326","118719695618142894318002188853355723442","216698286285820199523426823288555281039","92264131064804908625140062117277526643","322100503366092088573202033875636126133","233432588900782482327470867547569671442","238228503547517309759672262739237812140","39429240874014650544371897720248906735","182922793275990794652449262369855734782","74392468451144285206918752771220927544","201852289215691432360497015765237663399"]},"deprecated":false,"signature_type":"Line","target":{"file":"services/core/java/com/android/server/media/MediaSessionRecord.java"}},{"signature_version":"v1","source":"https://android.googlesource.com/platform/frameworks/base/+/c573c83a2aa36ca022302f675d705518dd723a3c","id":"ASB-A-270049379-381ef389","digest":{"function_hash":"327845866746813437448995695459432698965","length":720},"deprecated":false,"signature_type":"Function","target":{"file":"services/core/java/com/android/server/media/MediaSessionRecord.java","function":"setMediaButtonBroadcastReceiver"}}],"spl":"2023-08-01","types":["DoS"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-270049379.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12:0"},{"fixed":"12:2023-08-01"}]}],"versions":["12"],"ecosystem_specific":{"severity":"High","fixes":["https://android.googlesource.com/platform/frameworks/base/+/ba546a306217389a8ff9e5e948612651fd496081"],"vanir_signatures":[{"signature_version":"v1","source":"https://android.googlesource.com/platform/frameworks/base/+/ba546a306217389a8ff9e5e948612651fd496081","id":"ASB-A-270049379-11fb30cc","digest":{"function_hash":"327845866746813437448995695459432698965","length":720},"deprecated":false,"signature_type":"Function","target":{"file":"services/core/java/com/android/server/media/MediaSessionRecord.java","function":"setMediaButtonBroadcastReceiver"}},{"signature_version":"v1","source":"https://android.googlesource.com/platform/frameworks/base/+/ba546a306217389a8ff9e5e948612651fd496081","id":"ASB-A-270049379-901e2c8c","digest":{"threshold":0.9,"line_hashes":["112333010306060271287574479567532271789","173478072067900714635025148433857750736","26063781366599612095537924233041212811","334082644998293043635481032334739318235","236345528487390275878220842261957413937","123274731320680558117208233198720714529","117790082109853598982266859391488403628","2345543855376728000792442315142235988","287102711803760445921392954903838168464","275947674007324668373361275075843201454","53914481670964070342629675062259607123","318442857410077174712454032491247650369","11163825275961824935311186104336029326","118719695618142894318002188853355723442","216698286285820199523426823288555281039","92264131064804908625140062117277526643","322100503366092088573202033875636126133","233432588900782482327470867547569671442","39429240874014650544371897720248906735","182922793275990794652449262369855734782","74392468451144285206918752771220927544","201852289215691432360497015765237663399"]},"deprecated":false,"signature_type":"Line","target":{"file":"services/core/java/com/android/server/media/MediaSessionRecord.java"}}],"spl":"2023-08-01","types":["DoS"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-270049379.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12L:0"},{"fixed":"12L:2023-08-01"}]}],"versions":["12L"],"ecosystem_specific":{"severity":"High","fixes":["https://android.googlesource.com/platform/frameworks/base/+/ba546a306217389a8ff9e5e948612651fd496081"],"vanir_signatures":[{"signature_version":"v1","source":"https://android.googlesource.com/platform/frameworks/base/+/ba546a306217389a8ff9e5e948612651fd496081","id":"ASB-A-270049379-4691e76d","digest":{"threshold":0.9,"line_hashes":["112333010306060271287574479567532271789","173478072067900714635025148433857750736","26063781366599612095537924233041212811","334082644998293043635481032334739318235","236345528487390275878220842261957413937","123274731320680558117208233198720714529","117790082109853598982266859391488403628","2345543855376728000792442315142235988","287102711803760445921392954903838168464","275947674007324668373361275075843201454","53914481670964070342629675062259607123","318442857410077174712454032491247650369","11163825275961824935311186104336029326","118719695618142894318002188853355723442","216698286285820199523426823288555281039","92264131064804908625140062117277526643","322100503366092088573202033875636126133","233432588900782482327470867547569671442","39429240874014650544371897720248906735","182922793275990794652449262369855734782","74392468451144285206918752771220927544","201852289215691432360497015765237663399"]},"deprecated":false,"signature_type":"Line","target":{"file":"services/core/java/com/android/server/media/MediaSessionRecord.java"}},{"signature_version":"v1","source":"https://android.googlesource.com/platform/frameworks/base/+/ba546a306217389a8ff9e5e948612651fd496081","id":"ASB-A-270049379-b3326fc6","digest":{"function_hash":"327845866746813437448995695459432698965","length":720},"deprecated":false,"signature_type":"Function","target":{"file":"services/core/java/com/android/server/media/MediaSessionRecord.java","function":"setMediaButtonBroadcastReceiver"}}],"spl":"2023-08-01","types":["DoS"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-270049379.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"13:0"},{"fixed":"13:2023-08-01"}]}],"versions":["13"],"ecosystem_specific":{"severity":"High","fixes":["https://android.googlesource.com/platform/frameworks/base/+/ba546a306217389a8ff9e5e948612651fd496081"],"vanir_signatures":[{"signature_version":"v1","source":"https://android.googlesource.com/platform/frameworks/base/+/ba546a306217389a8ff9e5e948612651fd496081","id":"ASB-A-270049379-16c9a032","digest":{"function_hash":"327845866746813437448995695459432698965","length":720},"deprecated":false,"signature_type":"Function","target":{"file":"services/core/java/com/android/server/media/MediaSessionRecord.java","function":"setMediaButtonBroadcastReceiver"}},{"signature_version":"v1","source":"https://android.googlesource.com/platform/frameworks/base/+/ba546a306217389a8ff9e5e948612651fd496081","id":"ASB-A-270049379-dcc7c7ad","digest":{"threshold":0.9,"line_hashes":["112333010306060271287574479567532271789","173478072067900714635025148433857750736","26063781366599612095537924233041212811","334082644998293043635481032334739318235","236345528487390275878220842261957413937","123274731320680558117208233198720714529","117790082109853598982266859391488403628","2345543855376728000792442315142235988","287102711803760445921392954903838168464","275947674007324668373361275075843201454","53914481670964070342629675062259607123","318442857410077174712454032491247650369","11163825275961824935311186104336029326","118719695618142894318002188853355723442","216698286285820199523426823288555281039","92264131064804908625140062117277526643","322100503366092088573202033875636126133","233432588900782482327470867547569671442","39429240874014650544371897720248906735","182922793275990794652449262369855734782","74392468451144285206918752771220927544","201852289215691432360497015765237663399"]},"deprecated":false,"signature_type":"Line","target":{"file":"services/core/java/com/android/server/media/MediaSessionRecord.java"}}],"spl":"2023-08-01","types":["DoS"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-270049379.json"}}],"schema_version":"1.7.5"}