{"id":"ASB-A-277741109","details":"In visitUris of RemoteViews.java, there is a possible cross-user media read due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-277741109","CVE-2023-21279"],"modified":"2026-05-22T15:55:21.353668239Z","published":"2023-08-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2023-08-01"},{"type":"FIX","url":"https://android.googlesource.com/platform/frameworks/base/+/155b14600fb13553a47b4e45fe0acd163da07453"}],"affected":[{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"13-next:0"},{"fixed":"13-next:2023-08-01"}]}],"versions":["13-next"],"ecosystem_specific":{"severity":"High","fixes":["https://android.googlesource.com/platform/frameworks/base/+/1327550f2e6a36b33473ad82ae52377de644833b"],"vanir_signatures":[{"id":"ASB-A-277741109-445cf1e3","deprecated":false,"target":{"file":"core/java/android/widget/RemoteViews.java","function":"visitUris"},"source":"https://android.googlesource.com/platform/frameworks/base/+/1327550f2e6a36b33473ad82ae52377de644833b","signature_version":"v1","digest":{"function_hash":"332780869755485867808535814879376698615","length":316},"signature_type":"Function"},{"signature_version":"v1","id":"ASB-A-277741109-c9fed530","deprecated":false,"target":{"file":"core/java/android/widget/RemoteViews.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/1327550f2e6a36b33473ad82ae52377de644833b","digest":{"threshold":0.9,"line_hashes":["18893358093154404341348852068354358806","275218925872896456245916266479716530481","10039153857474388100689592245698426073","248275908032692090292148866998833167361"]},"signature_type":"Line"}],"types":["ID"],"spl":"2023-08-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-277741109.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12:0"},{"fixed":"12:2023-08-01"}]}],"versions":["12"],"ecosystem_specific":{"severity":"High","fixes":["https://android.googlesource.com/platform/frameworks/base/+/ae0d45137b0f8ea49a085bbce4d39f901685c4a5"],"vanir_signatures":[{"target":{"file":"core/java/android/widget/RemoteViews.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/ae0d45137b0f8ea49a085bbce4d39f901685c4a5","signature_version":"v1","id":"ASB-A-277741109-14ac3a57","deprecated":false,"digest":{"threshold":0.9,"line_hashes":["18893358093154404341348852068354358806","275218925872896456245916266479716530481","10039153857474388100689592245698426073","248275908032692090292148866998833167361"]},"signature_type":"Line"},{"id":"ASB-A-277741109-a73d40cd","deprecated":false,"target":{"file":"core/java/android/widget/RemoteViews.java","function":"visitUris"},"source":"https://android.googlesource.com/platform/frameworks/base/+/ae0d45137b0f8ea49a085bbce4d39f901685c4a5","signature_version":"v1","digest":{"length":316,"function_hash":"332780869755485867808535814879376698615"},"signature_type":"Function"}],"types":["ID"],"spl":"2023-08-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-277741109.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12L:0"},{"fixed":"12L:2023-08-01"}]}],"versions":["12L"],"ecosystem_specific":{"severity":"High","fixes":["https://android.googlesource.com/platform/frameworks/base/+/ae0d45137b0f8ea49a085bbce4d39f901685c4a5"],"vanir_signatures":[{"id":"ASB-A-277741109-143df73a","deprecated":false,"target":{"file":"core/java/android/widget/RemoteViews.java","function":"visitUris"},"source":"https://android.googlesource.com/platform/frameworks/base/+/ae0d45137b0f8ea49a085bbce4d39f901685c4a5","signature_version":"v1","digest":{"length":316,"function_hash":"332780869755485867808535814879376698615"},"signature_type":"Function"},{"id":"ASB-A-277741109-17521968","deprecated":false,"target":{"file":"core/java/android/widget/RemoteViews.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/ae0d45137b0f8ea49a085bbce4d39f901685c4a5","signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["18893358093154404341348852068354358806","275218925872896456245916266479716530481","10039153857474388100689592245698426073","248275908032692090292148866998833167361"]},"signature_type":"Line"}],"types":["ID"],"spl":"2023-08-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-277741109.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"13:0"},{"fixed":"13:2023-08-01"}]}],"versions":["13"],"ecosystem_specific":{"severity":"High","fixes":["https://android.googlesource.com/platform/frameworks/base/+/902f020bc81e5b584d5cb0276568b888a728fc4a"],"spl":"2023-08-01","types":["ID"],"vanir_signatures":[{"source":"https://android.googlesource.com/platform/frameworks/base/+/902f020bc81e5b584d5cb0276568b888a728fc4a","signature_version":"v1","id":"ASB-A-277741109-bf2806a7","deprecated":false,"target":{"file":"core/java/android/widget/RemoteViews.java","function":"visitUris"},"digest":{"function_hash":"332780869755485867808535814879376698615","length":316},"signature_type":"Function"},{"id":"ASB-A-277741109-bf4ebeeb","deprecated":false,"target":{"file":"core/java/android/widget/RemoteViews.java"},"source":"https://android.googlesource.com/platform/frameworks/base/+/902f020bc81e5b584d5cb0276568b888a728fc4a","signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["18893358093154404341348852068354358806","275218925872896456245916266479716530481","10039153857474388100689592245698426073","248275908032692090292148866998833167361"]},"signature_type":"Line"}]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-277741109.json"}}],"schema_version":"1.7.5"}