{"id":"ASB-A-276729064","details":"In visitUris of Notification.java, there is a possible bypass of user profile boundaries due to a missing permission check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-276729064","CVE-2023-21244"],"modified":"2026-05-01T15:24:27.653932Z","published":"2023-10-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2023-10-01"},{"type":"FIX","url":"https://android.googlesource.com/platform/frameworks/base/+/3a448067ac9ebdf669951e90678c2daa592a81d3"},{"type":"FIX","url":"https://android.googlesource.com/platform/frameworks/base/+/20aedba4998373addc2befcc455a118585559fef"},{"type":"FIX","url":"https://android.googlesource.com/platform/frameworks/base/+/5a3d0c131175d923cf35c7beb3ee77a9e6485dad"}],"affected":[{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"14-next:0"},{"fixed":"14-next:2023-10-01"}]}],"versions":["14-next"],"ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/43b1711332763788c7abf05c3baa931296c45bbb"],"vanir_signatures":[{"id":"ASB-A-276729064-628798b5","target":{"function":"visitUris","file":"core/java/android/app/Notification.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/43b1711332763788c7abf05c3baa931296c45bbb","signature_type":"Function","signature_version":"v1","digest":{"length":2344,"function_hash":"206080643568669631124953396971239018720"},"deprecated":false},{"id":"ASB-A-276729064-822599ed","target":{"file":"core/java/android/app/Notification.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/43b1711332763788c7abf05c3baa931296c45bbb","signature_type":"Line","signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["293871498699140096628809383344655540256","230570210740888002440340466972946828022","39809601059937207692447550842248064792","247274710125108089918752834510465687719"]},"deprecated":false}],"severity":"High","types":["EoP"],"spl":"2023-10-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-276729064.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"11:0"},{"fixed":"11:2023-10-01"}]}],"versions":["11"],"ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/63f8ce3efd9a564ae83f1de38791a6d67c5a8ddb","https://android.googlesource.com/platform/frameworks/base/+/f9d8830e3264c66d0f39b1d45eadd4039695a112","https://android.googlesource.com/platform/frameworks/base/+/88e597d2b31d054ab5286b3a666accb08a8db5d5"],"vanir_signatures":[{"id":"ASB-A-276729064-290b3ace","target":{"function":"visitUris","file":"core/java/android/app/Notification.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/88e597d2b31d054ab5286b3a666accb08a8db5d5","signature_type":"Function","signature_version":"v1","digest":{"length":2160,"function_hash":"45946678691237749534323708555600184252"},"deprecated":false},{"id":"ASB-A-276729064-4513277a","target":{"function":"visitUris","file":"core/java/android/app/Notification.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/f9d8830e3264c66d0f39b1d45eadd4039695a112","signature_type":"Function","signature_version":"v1","digest":{"length":2445,"function_hash":"88690414053046570452154742374956197705"},"deprecated":false},{"id":"ASB-A-276729064-4f1dbb1c","target":{"file":"core/java/android/app/Notification.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/63f8ce3efd9a564ae83f1de38791a6d67c5a8ddb","signature_type":"Line","signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["220635192558347618428557710966537549630","253334370248267018892539242638085805436","176838862555710248654229688049677396583","336609230544111782529988548778564228079"]},"deprecated":false},{"id":"ASB-A-276729064-667ac546","target":{"function":"visitUris","file":"core/java/android/app/Notification.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/63f8ce3efd9a564ae83f1de38791a6d67c5a8ddb","signature_type":"Function","signature_version":"v1","digest":{"length":1962,"function_hash":"293252752328763131305245326835911220509"},"deprecated":false},{"id":"ASB-A-276729064-683002b8","target":{"file":"core/java/android/app/Notification.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/88e597d2b31d054ab5286b3a666accb08a8db5d5","signature_type":"Line","signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["220635192558347618428557710966537549630","253334370248267018892539242638085805436","176838862555710248654229688049677396583","336609230544111782529988548778564228079"]},"deprecated":false},{"id":"ASB-A-276729064-a2b0774c","target":{"file":"core/java/android/app/Notification.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/f9d8830e3264c66d0f39b1d45eadd4039695a112","signature_type":"Line","signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["284329220841021444102925843668787196027","334607245087039204157752518052222270092","192320463376510956991726854410949333725","12001060641025117291543897072481618492","280321219625922107598767162843685911426","91752997814129602926830114776134072092","282535532950185268076359292992678730011","92878655030594803546377182083274181073","138889379725379236404616749524878705537","69832214355760839001124167003115298049","108587633537507210242609878158511307392","238482942521325421166953426418539953961","336609230544111782529988548778564228079"]},"deprecated":false}],"severity":"High","types":["EoP"],"spl":"2023-10-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-276729064.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12:0"},{"fixed":"12:2023-10-01"}]}],"versions":["12"],"ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/43b1711332763788c7abf05c3baa931296c45bbb","https://android.googlesource.com/platform/frameworks/base/+/28428b737903c9b82d7ce3682336d15d8ad00762","https://android.googlesource.com/platform/frameworks/base/+/88e597d2b31d054ab5286b3a666accb08a8db5d5"],"vanir_signatures":[{"id":"ASB-A-276729064-03b5ca52","target":{"function":"visitUris","file":"core/java/android/app/Notification.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/43b1711332763788c7abf05c3baa931296c45bbb","signature_type":"Function","signature_version":"v1","digest":{"length":2344,"function_hash":"206080643568669631124953396971239018720"},"deprecated":false},{"id":"ASB-A-276729064-4242f22a","target":{"file":"core/java/android/app/Notification.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/43b1711332763788c7abf05c3baa931296c45bbb","signature_type":"Line","signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["293871498699140096628809383344655540256","230570210740888002440340466972946828022","39809601059937207692447550842248064792","247274710125108089918752834510465687719"]},"deprecated":false},{"id":"ASB-A-276729064-63f6e12f","target":{"function":"visitUris","file":"core/java/android/app/Notification.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/88e597d2b31d054ab5286b3a666accb08a8db5d5","signature_type":"Function","signature_version":"v1","digest":{"length":2160,"function_hash":"45946678691237749534323708555600184252"},"deprecated":false},{"id":"ASB-A-276729064-71d63a4a","match_only_versions":["12"],"digest":{"threshold":0.9,"line_hashes":["30674339052424001950516864286665931655","334607245087039204157752518052222270092","192320463376510956991726854410949333725","12001060641025117291543897072481618492","280321219625922107598767162843685911426","91752997814129602926830114776134072092","282535532950185268076359292992678730011","92878655030594803546377182083274181073","138889379725379236404616749524878705537","69832214355760839001124167003115298049","108587633537507210242609878158511307392","209214712958229127365277677898883133842","247274710125108089918752834510465687719"]},"target":{"file":"core/java/android/app/Notification.java"},"signature_type":"Line","source":"https://android.googlesource.com/platform/frameworks/base/+/28428b737903c9b82d7ce3682336d15d8ad00762","signature_version":"v1","deprecated":false},{"id":"ASB-A-276729064-81b5eefb","target":{"file":"core/java/android/app/Notification.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/88e597d2b31d054ab5286b3a666accb08a8db5d5","signature_type":"Line","signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["220635192558347618428557710966537549630","253334370248267018892539242638085805436","176838862555710248654229688049677396583","336609230544111782529988548778564228079"]},"deprecated":false},{"id":"ASB-A-276729064-c5aa945a","target":{"function":"visitUris","file":"core/java/android/app/Notification.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/28428b737903c9b82d7ce3682336d15d8ad00762","signature_type":"Function","signature_version":"v1","digest":{"length":2768,"function_hash":"328630913936997539884917677266248587884"},"deprecated":false}],"severity":"High","types":["EoP"],"spl":"2023-10-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-276729064.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12L:0"},{"fixed":"12L:2023-10-01"}]}],"versions":["12L"],"ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/43b1711332763788c7abf05c3baa931296c45bbb","https://android.googlesource.com/platform/frameworks/base/+/bdc9b977e376fb3b6047530a179d00fd77f2aec1","https://android.googlesource.com/platform/frameworks/base/+/88e597d2b31d054ab5286b3a666accb08a8db5d5"],"vanir_signatures":[{"id":"ASB-A-276729064-05cf81c8","target":{"file":"core/java/android/app/Notification.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/88e597d2b31d054ab5286b3a666accb08a8db5d5","signature_type":"Line","signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["220635192558347618428557710966537549630","253334370248267018892539242638085805436","176838862555710248654229688049677396583","336609230544111782529988548778564228079"]},"deprecated":false},{"id":"ASB-A-276729064-52ddc4f9","target":{"file":"core/java/android/app/Notification.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/43b1711332763788c7abf05c3baa931296c45bbb","signature_type":"Line","signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["293871498699140096628809383344655540256","230570210740888002440340466972946828022","39809601059937207692447550842248064792","247274710125108089918752834510465687719"]},"deprecated":false},{"id":"ASB-A-276729064-88f0fc61","target":{"function":"visitUris","file":"core/java/android/app/Notification.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/bdc9b977e376fb3b6047530a179d00fd77f2aec1","signature_type":"Function","signature_version":"v1","digest":{"length":2768,"function_hash":"328630913936997539884917677266248587884"},"deprecated":false},{"id":"ASB-A-276729064-b260ca8e","target":{"function":"visitUris","file":"core/java/android/app/Notification.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/88e597d2b31d054ab5286b3a666accb08a8db5d5","signature_type":"Function","signature_version":"v1","digest":{"length":2160,"function_hash":"45946678691237749534323708555600184252"},"deprecated":false},{"id":"ASB-A-276729064-bfd28233","target":{"function":"visitUris","file":"core/java/android/app/Notification.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/43b1711332763788c7abf05c3baa931296c45bbb","signature_type":"Function","signature_version":"v1","digest":{"length":2344,"function_hash":"206080643568669631124953396971239018720"},"deprecated":false},{"id":"ASB-A-276729064-d5100e7e","match_only_versions":["12L"],"digest":{"threshold":0.9,"line_hashes":["30674339052424001950516864286665931655","334607245087039204157752518052222270092","192320463376510956991726854410949333725","12001060641025117291543897072481618492","280321219625922107598767162843685911426","91752997814129602926830114776134072092","282535532950185268076359292992678730011","92878655030594803546377182083274181073","138889379725379236404616749524878705537","69832214355760839001124167003115298049","108587633537507210242609878158511307392","209214712958229127365277677898883133842","247274710125108089918752834510465687719"]},"target":{"file":"core/java/android/app/Notification.java"},"signature_type":"Line","source":"https://android.googlesource.com/platform/frameworks/base/+/bdc9b977e376fb3b6047530a179d00fd77f2aec1","signature_version":"v1","deprecated":false}],"severity":"High","types":["EoP"],"spl":"2023-10-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-276729064.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"13:0"},{"fixed":"13:2023-10-01"}]}],"versions":["13"],"ecosystem_specific":{"fixes":["https://android.googlesource.com/platform/frameworks/base/+/43b1711332763788c7abf05c3baa931296c45bbb","https://android.googlesource.com/platform/frameworks/base/+/f69ded9ec319f753d1464586ee28248b84a2bacd","https://android.googlesource.com/platform/frameworks/base/+/4e19431a60300c6ea6c7f7dd64299916e4eb09bc"],"vanir_signatures":[{"id":"ASB-A-276729064-1efbcc25","target":{"file":"core/java/android/app/Notification.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/4e19431a60300c6ea6c7f7dd64299916e4eb09bc","signature_type":"Line","signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["250638055627944970047384174701610575040","230570210740888002440340466972946828022","39809601059937207692447550842248064792","247274710125108089918752834510465687719"]},"deprecated":false},{"id":"ASB-A-276729064-270eb8a4","target":{"file":"core/java/android/app/Notification.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/43b1711332763788c7abf05c3baa931296c45bbb","signature_type":"Line","signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["293871498699140096628809383344655540256","230570210740888002440340466972946828022","39809601059937207692447550842248064792","247274710125108089918752834510465687719"]},"deprecated":false},{"id":"ASB-A-276729064-517b3a06","target":{"function":"visitUris","file":"core/java/android/app/Notification.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/f69ded9ec319f753d1464586ee28248b84a2bacd","signature_type":"Function","signature_version":"v1","digest":{"length":2816,"function_hash":"26819728346843679430745099701471672379"},"deprecated":false},{"id":"ASB-A-276729064-9ad50160","match_only_versions":["13"],"digest":{"threshold":0.9,"line_hashes":["30674339052424001950516864286665931655","334607245087039204157752518052222270092","192320463376510956991726854410949333725","12001060641025117291543897072481618492","280321219625922107598767162843685911426","91752997814129602926830114776134072092","282535532950185268076359292992678730011","92878655030594803546377182083274181073","138889379725379236404616749524878705537","69832214355760839001124167003115298049","108587633537507210242609878158511307392","209214712958229127365277677898883133842","247274710125108089918752834510465687719"]},"target":{"file":"core/java/android/app/Notification.java"},"signature_type":"Line","source":"https://android.googlesource.com/platform/frameworks/base/+/f69ded9ec319f753d1464586ee28248b84a2bacd","signature_version":"v1","deprecated":false},{"id":"ASB-A-276729064-be677faf","target":{"function":"visitUris","file":"core/java/android/app/Notification.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/43b1711332763788c7abf05c3baa931296c45bbb","signature_type":"Function","signature_version":"v1","digest":{"length":2344,"function_hash":"206080643568669631124953396971239018720"},"deprecated":false},{"id":"ASB-A-276729064-e6092937","target":{"function":"visitUris","file":"core/java/android/app/Notification.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/4e19431a60300c6ea6c7f7dd64299916e4eb09bc","signature_type":"Function","signature_version":"v1","digest":{"length":2531,"function_hash":"101329898979370720004053874639125298630"},"deprecated":false}],"severity":"High","types":["EoP"],"spl":"2023-10-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-276729064.json"}}],"schema_version":"1.7.5"}