{"id":"ASB-A-271846393","details":"In bindOutputSwitcherAndBroadcastButton of MediaControlPanel.java, there is a possible launch arbitrary activity under SysUI due to Unsafe Intent. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-271846393","CVE-2023-21126"],"modified":"2026-04-30T15:48:46.890647Z","published":"2023-06-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2023-06-01"},{"type":"FIX","url":"https://android.googlesource.com/platform/frameworks/base/+/b8e6044520761f537473d0a04a651118236d2c52"},{"type":"FIX","url":"https://android.googlesource.com/platform/frameworks/base/+/0f857518e3dd6490508a88ceac39309e77cb231b"},{"type":"FIX","url":"https://android.googlesource.com/platform/frameworks/base/+/3721a8ad742248e7c017115c088291015f40319d"}],"affected":[{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"13-next:0"},{"fixed":"13-next:2023-06-01"}]}],"versions":["13-next"],"ecosystem_specific":{"spl":"2023-06-01","severity":"High","types":["EoP"],"fixes":["https://android.googlesource.com/platform/frameworks/base/+/335a3cb7b413fc178f0b190491b870b3327bd7b0"],"vanir_signatures":[{"target":{"file":"packages/SystemUI/src/com/android/systemui/media/controls/ui/MediaControlPanel.java"},"digest":{"line_hashes":["230872425411386100821262663441988830426","335998729608648514097043981959000028980","6240304599612048398399617321758657203","268339633816058748215191839376924963178","10228577753352876288741638779151831847","270418421542754298583062484102757970802","147287380065484115844283658550797767117","29032248104267286140973246322924577667","170114685066064521645076838693224070955","200233769167039245806986392946345344761","125369772353286533227611411828141335885"],"threshold":0.9},"source":"https://android.googlesource.com/platform/frameworks/base/+/335a3cb7b413fc178f0b190491b870b3327bd7b0","signature_type":"Line","deprecated":false,"signature_version":"v1","id":"ASB-A-271846393-0c32d536"},{"target":{"function":"fixNotification","file":"services/core/java/com/android/server/notification/NotificationManagerService.java"},"digest":{"length":4333,"function_hash":"267687680715147476082275790442084180232"},"source":"https://android.googlesource.com/platform/frameworks/base/+/335a3cb7b413fc178f0b190491b870b3327bd7b0","signature_type":"Function","deprecated":false,"signature_version":"v1","id":"ASB-A-271846393-4bcc79a2"},{"target":{"function":"bindOutputSwitcherAndBroadcastButton","file":"packages/SystemUI/src/com/android/systemui/media/controls/ui/MediaControlPanel.java"},"digest":{"length":2645,"function_hash":"307490493470022176088052483815322606955"},"source":"https://android.googlesource.com/platform/frameworks/base/+/335a3cb7b413fc178f0b190491b870b3327bd7b0","signature_type":"Function","deprecated":false,"signature_version":"v1","id":"ASB-A-271846393-746757cd"},{"target":{"file":"services/core/java/com/android/server/notification/NotificationManagerService.java"},"digest":{"line_hashes":["253903984705424358086722864435461574030","257869991310084047521084060057549809502","183057806017896848842730402937084941303","72332517352184135979223273446677720591"],"threshold":0.9},"source":"https://android.googlesource.com/platform/frameworks/base/+/335a3cb7b413fc178f0b190491b870b3327bd7b0","signature_type":"Line","deprecated":false,"signature_version":"v1","id":"ASB-A-271846393-eda05240"}]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-271846393.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"13:0"},{"fixed":"13:2023-06-01"}]}],"versions":["13"],"ecosystem_specific":{"spl":"2023-06-01","severity":"High","types":["EoP"],"fixes":["https://android.googlesource.com/platform/frameworks/base/+/6c4a347bd225f6427b50978ae02ad6f1af15f538","https://android.googlesource.com/platform/frameworks/base/+/3ee3b7a20a109063cdc2233a1429f78ad8c5ab79","https://android.googlesource.com/platform/frameworks/base/+/3c3056c16970d561175192e7a8909a9de784ae54"],"vanir_signatures":[{"target":{"function":"startPendingIntentDismissingKeyguard","file":"packages/SystemUI/src/com/android/systemui/statusbar/phone/CentralSurfacesImpl.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/3ee3b7a20a109063cdc2233a1429f78ad8c5ab79","exact_target_file_match_only":true,"signature_type":"Function","id":"ASB-A-271846393-02634982","digest":{"length":1041,"function_hash":"286088843615190968846333630048081541692"},"deprecated":false,"signature_version":"v1"},{"target":{"function":"onNotificationClicked","file":"packages/SystemUI/src/com/android/systemui/statusbar/phone/StatusBarNotificationActivityStarter.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/3ee3b7a20a109063cdc2233a1429f78ad8c5ab79","exact_target_file_match_only":true,"signature_type":"Function","id":"ASB-A-271846393-056f5202","digest":{"length":1303,"function_hash":"178616258967409317397577551229532770967"},"deprecated":false,"signature_version":"v1"},{"target":{"file":"packages/SystemUI/src/com/android/systemui/statusbar/phone/StatusBarRemoteInputCallback.java"},"match_only_versions":["13"],"exact_target_file_match_only":true,"signature_type":"Line","id":"ASB-A-271846393-0c18efce","digest":{"line_hashes":["50454412654763931134233321317447229068","30013225977220218034766024897994265391","293822949742712987548957482238716755057","242150876751779382888717150321923980653","40800314990889636612815428278997086650"],"threshold":0.9},"deprecated":false,"signature_version":"v1","source":"https://android.googlesource.com/platform/frameworks/base/+/3ee3b7a20a109063cdc2233a1429f78ad8c5ab79"},{"target":{"file":"services/core/java/com/android/server/pm/PackageManagerInternalBase.java"},"digest":{"line_hashes":["206535368192165133378864555332304687207","197278158694007071014626855053256538322","102611065600773785065285762143892405323","330408950157360963923318400147103041533"],"threshold":0.9},"source":"https://android.googlesource.com/platform/frameworks/base/+/6c4a347bd225f6427b50978ae02ad6f1af15f538","signature_type":"Line","deprecated":false,"signature_version":"v1","id":"ASB-A-271846393-1dd69cf5"},{"target":{"function":"handleRemoteViewClick","file":"packages/SystemUI/src/com/android/systemui/statusbar/phone/StatusBarRemoteInputCallback.java"},"match_only_versions":["13"],"exact_target_file_match_only":true,"signature_type":"Function","id":"ASB-A-271846393-37edc787","digest":{"length":635,"function_hash":"184541793108889883826723746171360051309"},"deprecated":false,"signature_version":"v1","source":"https://android.googlesource.com/platform/frameworks/base/+/3ee3b7a20a109063cdc2233a1429f78ad8c5ab79"},{"target":{"file":"packages/SystemUI/src/com/android/systemui/media/MediaControlPanel.java"},"digest":{"line_hashes":["182059258388804975474889324181877838990","335998729608648514097043981959000028980","6240304599612048398399617321758657203","268339633816058748215191839376924963178","10228577753352876288741638779151831847","228918169161884123250268003204920681","158268664502523512606263587910112303237","151975675633060941526667962719081131298","209588549583639288037407407012691368536"],"threshold":0.9},"source":"https://android.googlesource.com/platform/frameworks/base/+/3c3056c16970d561175192e7a8909a9de784ae54","signature_type":"Line","deprecated":false,"signature_version":"v1","id":"ASB-A-271846393-3803b6fc"},{"target":{"function":"bindOutputSwitcherChip","file":"packages/SystemUI/src/com/android/systemui/media/MediaControlPanel.java"},"digest":{"length":1525,"function_hash":"71265258157114590545540351001838412508"},"source":"https://android.googlesource.com/platform/frameworks/base/+/3c3056c16970d561175192e7a8909a9de784ae54","signature_type":"Function","deprecated":false,"signature_version":"v1","id":"ASB-A-271846393-4e2db01b"},{"target":{"function":"queryIntentActivities","file":"services/core/java/com/android/server/pm/PackageManagerInternalBase.java"},"digest":{"length":197,"function_hash":"78745471563276901678845532427090193812"},"source":"https://android.googlesource.com/platform/frameworks/base/+/6c4a347bd225f6427b50978ae02ad6f1af15f538","signature_type":"Function","deprecated":false,"signature_version":"v1","id":"ASB-A-271846393-502537c9"},{"target":{"function":"queryIntentComponentsForIntentSender","file":"services/core/java/com/android/server/am/ActivityManagerService.java"},"match_only_versions":["13"],"source":"https://android.googlesource.com/platform/frameworks/base/+/6c4a347bd225f6427b50978ae02ad6f1af15f538","signature_type":"Function","id":"ASB-A-271846393-531242fa","digest":{"length":1021,"function_hash":"174970559769128569528789129778070214766"},"deprecated":false,"signature_version":"v1"},{"target":{"file":"services/core/java/com/android/server/am/ActivityManagerService.java"},"match_only_versions":["13"],"source":"https://android.googlesource.com/platform/frameworks/base/+/6c4a347bd225f6427b50978ae02ad6f1af15f538","signature_type":"Line","id":"ASB-A-271846393-88d7613c","digest":{"line_hashes":["135542876691881457800174126891548670462","101494581465747771988168920529117761495","131922853351039576208234686243169401070","9413301174270534008443788113338114451","115382658339630236465444767598201868514","240451254422274110276975739140569497810","214438263518390320628691608255003429185","34845624562396525403054196938655793516","178599353584987838950370902475955887095","8205114977588376554469430109309893620","245685455233671269279525686641618557432","262184241501960405093244552451478728060","62955635762453522672927935346905470104","262318357714189165330933641641657186838","241973081496200180792888983685832963467","47395095852786439646745444343823516853","8794521445931323481114660403684841272","108121731112564968108325370293693694843","174115300151019868265826333063888095008","182471343304056705691555222777593887353","215387031388644380581660308928954296454","89125285953424595303937648151201236370","100152070943127767372669874702743098404"],"threshold":0.9},"deprecated":false,"signature_version":"v1"},{"target":{"file":"services/core/java/com/android/server/pm/ComputerEngine.java"},"digest":{"line_hashes":["219103171606208111390459282156658106579","42751191032676820378334489928836626626","212879122132098680344943225565944546688"],"threshold":0.9},"source":"https://android.googlesource.com/platform/frameworks/base/+/6c4a347bd225f6427b50978ae02ad6f1af15f538","signature_type":"Line","deprecated":false,"signature_version":"v1","id":"ASB-A-271846393-8b4150f5"},{"target":{"file":"packages/SystemUI/src/com/android/systemui/statusbar/phone/CentralSurfacesImpl.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/3ee3b7a20a109063cdc2233a1429f78ad8c5ab79","exact_target_file_match_only":true,"signature_type":"Line","id":"ASB-A-271846393-93038577","digest":{"line_hashes":["227111203126462132839911405617692621574","299731065251190970605764112717447872684","181064642354844931985489510036490731993","83614579089263366459761726885417309166"],"threshold":0.9},"deprecated":false,"signature_version":"v1"},{"target":{"file":"services/core/java/com/android/server/notification/NotificationManagerService.java"},"digest":{"line_hashes":["253903984705424358086722864435461574030","287775789796330345679124622318788623133","54266001961200714770078663532211025569","165569965810641641097497766197025949713"],"threshold":0.9},"source":"https://android.googlesource.com/platform/frameworks/base/+/3c3056c16970d561175192e7a8909a9de784ae54","signature_type":"Line","deprecated":false,"signature_version":"v1","id":"ASB-A-271846393-97722b11"},{"target":{"file":"services/core/java/com/android/server/pm/Computer.java"},"digest":{"line_hashes":["46199225223002498813501284967081537155","184384096706449390226371002128345091409","142758306640343396013190116045428603001","261710390796188921390051419611002869500"],"threshold":0.9},"source":"https://android.googlesource.com/platform/frameworks/base/+/6c4a347bd225f6427b50978ae02ad6f1af15f538","signature_type":"Line","deprecated":false,"signature_version":"v1","id":"ASB-A-271846393-a7821dcb"},{"target":{"file":"packages/SystemUI/src/com/android/systemui/ActivityIntentHelper.java"},"match_only_versions":["13"],"exact_target_file_match_only":true,"signature_type":"Line","id":"ASB-A-271846393-aae65a75","digest":{"line_hashes":["279452420605944529287858660104943227928","297817759332956460786286352756478452973","283718113760667542417593542265634207274","297142545432450160884900722838657984254","171166836102926374318215215279548522872","44929399260439157859268675000730310207","36657217421929944235347609769914142476","297899968368295158094566844842418354821","47104960082448654964506702767101529405","112438216916822437734175830135656700409","104763288006786384546874089997686914683","6786696123406831254262800566828319140","209987263421852108559154336121566171762","220942021495262776868147244381106568562","266341740573206455300379416695739530969","89116456000894999502422585451747833580","279005987229065417342160784455435867539","63516849009322620667611818542424714483","67754155622386422899887103761490160876","175840438916755706840317225996919333203","209538324099419047165411068880982334196","93927960070191315016039441139628115968","31907771833404063579795170068209517135","101997094792374482962736997198288031261","15854559075848294332399399505026274927","76429923685655151830610341265204503946","214179078821018585551078105206271108550","254582942163694371096891418714042637901","252224366672296261498230455905136005603"],"threshold":0.9},"deprecated":false,"signature_version":"v1","source":"https://android.googlesource.com/platform/frameworks/base/+/3ee3b7a20a109063cdc2233a1429f78ad8c5ab79"},{"target":{"function":"fixNotification","file":"services/core/java/com/android/server/notification/NotificationManagerService.java"},"digest":{"length":1864,"function_hash":"265197953717209014322459107828658171341"},"source":"https://android.googlesource.com/platform/frameworks/base/+/3c3056c16970d561175192e7a8909a9de784ae54","signature_type":"Function","deprecated":false,"signature_version":"v1","id":"ASB-A-271846393-ee9a8818"},{"target":{"function":"getTargetActivityInfo","file":"packages/SystemUI/src/com/android/systemui/ActivityIntentHelper.java"},"match_only_versions":["13"],"exact_target_file_match_only":true,"signature_type":"Function","id":"ASB-A-271846393-f8039713","digest":{"length":522,"function_hash":"258082371803861302409038893350652173138"},"deprecated":false,"signature_version":"v1","source":"https://android.googlesource.com/platform/frameworks/base/+/3ee3b7a20a109063cdc2233a1429f78ad8c5ab79"},{"target":{"file":"packages/SystemUI/src/com/android/systemui/statusbar/phone/StatusBarNotificationActivityStarter.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/3ee3b7a20a109063cdc2233a1429f78ad8c5ab79","exact_target_file_match_only":true,"signature_type":"Line","id":"ASB-A-271846393-ff2b786e","digest":{"line_hashes":["154158448839737934387782205624416406452","189343675409681482264294634432802115312","159589826654596615965487049535684055662","290480052243468584272391351789721865298","251378210182350005787949925835752974625","48070887955904611512823487357584091551","292249950543453124863373236695554660520","120792672116670357853305694201266022212","27545028907470929425206290872797400585"],"threshold":0.9},"deprecated":false,"signature_version":"v1"}]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-271846393.json"}}],"schema_version":"1.7.5"}