{"id":"ASB-A-276898626","details":"In computeValuesFromData of FileUtils.java, there is a possible way to insert files to other apps' external private directories due to a path traversal error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-276898626","CVE-2023-35670"],"modified":"2026-05-22T15:55:21.353668239Z","published":"2023-09-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2023-09-01"},{"type":"FIX","url":"https://android.googlesource.com/platform/packages/providers/MediaProvider/+/db3c69afcb0a45c8aa2f333fcde36217889899fe"}],"affected":[{"package":{"name":"platform/packages/providers/MediaProvider","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"13-next:0"},{"fixed":"13-next:2023-09-01"}]}],"versions":["13-next"],"ecosystem_specific":{"severity":"High","fixes":["https://android.googlesource.com/platform/packages/providers/MediaProvider/+/3c0f583f5dc3f4d395fa2423ab72dbd902c0c6c8"],"vanir_signatures":[{"signature_version":"v1","source":"https://android.googlesource.com/platform/packages/providers/MediaProvider/+/3c0f583f5dc3f4d395fa2423ab72dbd902c0c6c8","target":{"file":"src/com/android/providers/media/util/FileUtils.java","function":"computeValuesFromData"},"deprecated":false,"id":"ASB-A-276898626-3ff99ef2","digest":{"length":1905,"function_hash":"6406338152720126945800453499627840321"},"signature_type":"Function"},{"signature_version":"v1","source":"https://android.googlesource.com/platform/packages/providers/MediaProvider/+/3c0f583f5dc3f4d395fa2423ab72dbd902c0c6c8","target":{"file":"src/com/android/providers/media/util/FileUtils.java"},"deprecated":false,"id":"ASB-A-276898626-45a78815","digest":{"threshold":0.9,"line_hashes":["125609767762432918130547645580830607188","218391332044321606179272345368532972540","222223266991210981316726410718662469786","183550690111887495611785732150827443326","17627634772115027652408831197323303394"]},"signature_type":"Line"}],"types":["EoP"],"spl":"2023-09-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-276898626.json"}},{"package":{"name":"platform/packages/providers/MediaProvider","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"11:0"},{"fixed":"11:2023-09-01"}]}],"versions":["11"],"ecosystem_specific":{"severity":"High","fixes":["https://android.googlesource.com/platform/packages/providers/MediaProvider/+/3c0f583f5dc3f4d395fa2423ab72dbd902c0c6c8"],"vanir_signatures":[{"signature_version":"v1","source":"https://android.googlesource.com/platform/packages/providers/MediaProvider/+/3c0f583f5dc3f4d395fa2423ab72dbd902c0c6c8","target":{"file":"src/com/android/providers/media/util/FileUtils.java"},"deprecated":false,"id":"ASB-A-276898626-f88adcb3","digest":{"threshold":0.9,"line_hashes":["125609767762432918130547645580830607188","218391332044321606179272345368532972540","222223266991210981316726410718662469786","183550690111887495611785732150827443326","17627634772115027652408831197323303394"]},"signature_type":"Line"},{"id":"ASB-A-276898626-f90e0cf6","deprecated":false,"target":{"file":"src/com/android/providers/media/util/FileUtils.java","function":"computeValuesFromData"},"signature_version":"v1","digest":{"length":1905,"function_hash":"6406338152720126945800453499627840321"},"source":"https://android.googlesource.com/platform/packages/providers/MediaProvider/+/3c0f583f5dc3f4d395fa2423ab72dbd902c0c6c8","signature_type":"Function"}],"types":["EoP"],"spl":"2023-09-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-276898626.json"}},{"package":{"name":"platform/packages/providers/MediaProvider","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12:0"},{"fixed":"12:2023-09-01"}]}],"versions":["12"],"ecosystem_specific":{"vanir_signatures":[{"signature_version":"v1","id":"ASB-A-276898626-5b65ddcb","target":{"file":"src/com/android/providers/media/util/FileUtils.java"},"deprecated":false,"digest":{"threshold":0.9,"line_hashes":["125609767762432918130547645580830607188","218391332044321606179272345368532972540","222223266991210981316726410718662469786","183550690111887495611785732150827443326","17627634772115027652408831197323303394"]},"source":"https://android.googlesource.com/platform/packages/providers/MediaProvider/+/3c0f583f5dc3f4d395fa2423ab72dbd902c0c6c8","signature_type":"Line"},{"id":"ASB-A-276898626-b063d789","deprecated":false,"target":{"file":"src/com/android/providers/media/util/FileUtils.java","function":"computeValuesFromData"},"signature_version":"v1","digest":{"length":1905,"function_hash":"6406338152720126945800453499627840321"},"source":"https://android.googlesource.com/platform/packages/providers/MediaProvider/+/3c0f583f5dc3f4d395fa2423ab72dbd902c0c6c8","signature_type":"Function"}],"severity":"High","fixes":["https://android.googlesource.com/platform/packages/providers/MediaProvider/+/3c0f583f5dc3f4d395fa2423ab72dbd902c0c6c8"],"types":["EoP"],"spl":"2023-09-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-276898626.json"}},{"package":{"name":"platform/packages/providers/MediaProvider","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12L:0"},{"fixed":"12L:2023-09-01"}]}],"versions":["12L"],"ecosystem_specific":{"severity":"High","fixes":["https://android.googlesource.com/platform/packages/providers/MediaProvider/+/3c0f583f5dc3f4d395fa2423ab72dbd902c0c6c8"],"vanir_signatures":[{"deprecated":false,"source":"https://android.googlesource.com/platform/packages/providers/MediaProvider/+/3c0f583f5dc3f4d395fa2423ab72dbd902c0c6c8","target":{"file":"src/com/android/providers/media/util/FileUtils.java"},"signature_version":"v1","id":"ASB-A-276898626-b50cdf6e","digest":{"threshold":0.9,"line_hashes":["125609767762432918130547645580830607188","218391332044321606179272345368532972540","222223266991210981316726410718662469786","183550690111887495611785732150827443326","17627634772115027652408831197323303394"]},"signature_type":"Line"},{"id":"ASB-A-276898626-c81a0f9c","deprecated":false,"target":{"file":"src/com/android/providers/media/util/FileUtils.java","function":"computeValuesFromData"},"signature_version":"v1","digest":{"length":1905,"function_hash":"6406338152720126945800453499627840321"},"source":"https://android.googlesource.com/platform/packages/providers/MediaProvider/+/3c0f583f5dc3f4d395fa2423ab72dbd902c0c6c8","signature_type":"Function"}],"types":["EoP"],"spl":"2023-09-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-276898626.json"}},{"package":{"name":"platform/packages/providers/MediaProvider","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"13:0"},{"fixed":"13:2023-09-01"}]}],"versions":["13"],"ecosystem_specific":{"severity":"High","fixes":["https://android.googlesource.com/platform/packages/providers/MediaProvider/+/3c0f583f5dc3f4d395fa2423ab72dbd902c0c6c8"],"vanir_signatures":[{"signature_version":"v1","id":"ASB-A-276898626-54b48acb","target":{"file":"src/com/android/providers/media/util/FileUtils.java","function":"computeValuesFromData"},"deprecated":false,"digest":{"length":1905,"function_hash":"6406338152720126945800453499627840321"},"source":"https://android.googlesource.com/platform/packages/providers/MediaProvider/+/3c0f583f5dc3f4d395fa2423ab72dbd902c0c6c8","signature_type":"Function"},{"signature_version":"v1","id":"ASB-A-276898626-5c9d616a","target":{"file":"src/com/android/providers/media/util/FileUtils.java"},"deprecated":false,"digest":{"threshold":0.9,"line_hashes":["125609767762432918130547645580830607188","218391332044321606179272345368532972540","222223266991210981316726410718662469786","183550690111887495611785732150827443326","17627634772115027652408831197323303394"]},"source":"https://android.googlesource.com/platform/packages/providers/MediaProvider/+/3c0f583f5dc3f4d395fa2423ab72dbd902c0c6c8","signature_type":"Line"}],"types":["EoP"],"spl":"2023-09-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-276898626.json"}}],"schema_version":"1.7.5"}