{"id":"ASB-A-277593270","details":"In visitUris of Notification.java, there is a possible way to reveal image contents from another user due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-277593270","CVE-2023-21291"],"modified":"2026-05-26T15:46:26.044149249Z","published":"2023-10-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2023-10-01"},{"type":"FIX","url":"https://android.googlesource.com/platform/frameworks/base/+/cb6282e8970f4c9db5497889699e68fb2038566e"}],"affected":[{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"14-next:0"},{"fixed":"14-next:2023-10-01"}]}],"versions":["14-next"],"ecosystem_specific":{"types":["ID"],"severity":"High","fixes":["https://android.googlesource.com/platform/frameworks/base/+/6e63b6fdf970aaa19a841147a8a597341155d002"],"spl":"2023-10-01","vanir_signatures":[{"id":"ASB-A-277593270-2f65964e","source":"https://android.googlesource.com/platform/frameworks/base/+/6e63b6fdf970aaa19a841147a8a597341155d002","target":{"function":"visitUris","file":"core/java/android/app/Notification.java"},"signature_type":"Function","digest":{"function_hash":"211897266273394984951965211210741774695","length":2693},"signature_version":"v1","deprecated":false},{"id":"ASB-A-277593270-e0e4f1d9","source":"https://android.googlesource.com/platform/frameworks/base/+/6e63b6fdf970aaa19a841147a8a597341155d002","signature_type":"Line","target":{"file":"core/java/android/app/Notification.java"},"digest":{"threshold":0.9,"line_hashes":["94526450022358076459367478520942778064","108587633537507210242609878158511307392","330256235508212579091580069432880451417","40704445761018675421325249252067312474"]},"deprecated":false,"signature_version":"v1"}]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-277593270.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"11:0"},{"fixed":"11:2023-10-01"}]}],"versions":["11"],"ecosystem_specific":{"types":["ID"],"severity":"High","fixes":["https://android.googlesource.com/platform/frameworks/base/+/47e661cbf37e1dedf676f482ac07ffc433c92d0b"],"spl":"2023-10-01","vanir_signatures":[{"id":"ASB-A-277593270-62c27299","source":"https://android.googlesource.com/platform/frameworks/base/+/47e661cbf37e1dedf676f482ac07ffc433c92d0b","signature_type":"Line","target":{"file":"core/java/android/app/Notification.java"},"digest":{"line_hashes":["316516132769194949413512709267249649654","264942182053378596134081566774471213955","247322044271246743110306386928965046179","12625151890281633509791349691203671706","250355707399476349248094593331893087654","85361567836549786583552437419191806729","38685585823063218631057783778472494502","94526450022358076459367478520942778064","108587633537507210242609878158511307392","43273779088960479236135335489858639335","258025917437115633400785737774894002022","5289229656043205278996606631390320872","320066665078770780086856835570891542320","14347283401526855222890457754870854335","240260929455567683118381257454690675838","171556776989756579298430663289023950237","78678490828774591215713291072493620655","339334797139232744457755303340108540263"],"threshold":0.9},"signature_version":"v1","deprecated":false},{"id":"ASB-A-277593270-d962051a","source":"https://android.googlesource.com/platform/frameworks/base/+/47e661cbf37e1dedf676f482ac07ffc433c92d0b","signature_type":"Function","target":{"function":"visitUris","file":"core/java/android/app/Notification.java"},"digest":{"function_hash":"192999924147252103358144812676210217197","length":2247},"signature_version":"v1","deprecated":false}]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-277593270.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12:0"},{"fixed":"12:2023-10-01"}]}],"versions":["12"],"ecosystem_specific":{"types":["ID"],"severity":"High","fixes":["https://android.googlesource.com/platform/frameworks/base/+/beb185c5cd60edc68f4ef386c4407eba9c02c698"],"spl":"2023-10-01","vanir_signatures":[{"id":"ASB-A-277593270-2fe1dccc","source":"https://android.googlesource.com/platform/frameworks/base/+/beb185c5cd60edc68f4ef386c4407eba9c02c698","signature_type":"Function","target":{"function":"visitUris","file":"core/java/android/app/Notification.java"},"digest":{"function_hash":"166640238257881346846278577137916103432","length":2629},"signature_version":"v1","deprecated":false},{"id":"ASB-A-277593270-6dc4e504","source":"https://android.googlesource.com/platform/frameworks/base/+/beb185c5cd60edc68f4ef386c4407eba9c02c698","signature_type":"Line","target":{"file":"core/java/android/app/Notification.java"},"digest":{"threshold":0.9,"line_hashes":["94526450022358076459367478520942778064","108587633537507210242609878158511307392","330256235508212579091580069432880451417","40704445761018675421325249252067312474"]},"signature_version":"v1","deprecated":false}]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-277593270.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12L:0"},{"fixed":"12L:2023-10-01"}]}],"versions":["12L"],"ecosystem_specific":{"types":["ID"],"severity":"High","fixes":["https://android.googlesource.com/platform/frameworks/base/+/8378f404de96927b1051765e93ad242860f5442c"],"spl":"2023-10-01","vanir_signatures":[{"id":"ASB-A-277593270-0449f704","source":"https://android.googlesource.com/platform/frameworks/base/+/8378f404de96927b1051765e93ad242860f5442c","target":{"function":"visitUris","file":"core/java/android/app/Notification.java"},"signature_type":"Function","digest":{"function_hash":"166640238257881346846278577137916103432","length":2629},"signature_version":"v1","deprecated":false},{"id":"ASB-A-277593270-c277b37b","source":"https://android.googlesource.com/platform/frameworks/base/+/8378f404de96927b1051765e93ad242860f5442c","signature_type":"Line","target":{"file":"core/java/android/app/Notification.java"},"digest":{"threshold":0.9,"line_hashes":["94526450022358076459367478520942778064","108587633537507210242609878158511307392","330256235508212579091580069432880451417","40704445761018675421325249252067312474"]},"signature_version":"v1","deprecated":false}]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-277593270.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"13:0"},{"fixed":"13:2023-10-01"}]}],"versions":["13"],"ecosystem_specific":{"types":["ID"],"severity":"High","fixes":["https://android.googlesource.com/platform/frameworks/base/+/936b58b12851269b878b44cc8df790b3afe9c3f5"],"spl":"2023-10-01","vanir_signatures":[{"id":"ASB-A-277593270-3e6c1b54","source":"https://android.googlesource.com/platform/frameworks/base/+/936b58b12851269b878b44cc8df790b3afe9c3f5","signature_type":"Function","target":{"function":"visitUris","file":"core/java/android/app/Notification.java"},"digest":{"function_hash":"222977736820050613282485201134050420200","length":2677},"signature_version":"v1","deprecated":false},{"id":"ASB-A-277593270-6420faba","source":"https://android.googlesource.com/platform/frameworks/base/+/936b58b12851269b878b44cc8df790b3afe9c3f5","signature_type":"Line","target":{"file":"core/java/android/app/Notification.java"},"digest":{"threshold":0.9,"line_hashes":["94526450022358076459367478520942778064","108587633537507210242609878158511307392","330256235508212579091580069432880451417","40704445761018675421325249252067312474"]},"deprecated":false,"signature_version":"v1"}]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-277593270.json"}}],"schema_version":"1.7.5"}