{"id":"ASB-A-281018094","details":"In visitUris of RemoteViews.java, there is a possible way to reveal images across users due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-281018094","CVE-2023-21277"],"modified":"2026-05-22T15:55:21.353668239Z","published":"2023-08-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2023-08-01"},{"type":"FIX","url":"https://android.googlesource.com/platform/frameworks/base/+/9b58aee2a4528c60b0aa2540bd0f48d2871d2dc7"}],"affected":[{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"13-next:0"},{"fixed":"13-next:2023-08-01"}]}],"versions":["13-next"],"ecosystem_specific":{"spl":"2023-08-01","vanir_signatures":[{"source":"https://android.googlesource.com/platform/frameworks/base/+/123df0906b86454542faf236a05e00e802068e56","digest":{"line_hashes":["329665021611362043020227002656192683749","33777507542537233731901269949093178718","124601394975036829142918177453582828532","284236484958232671673872160266776287285","213586894066632749964895258528904068608","175496572067704317475568725408983891312","283390899376001510600988390542171144052","83283854559210764264479836884934600211"],"threshold":0.9},"signature_version":"v1","signature_type":"Line","id":"ASB-A-281018094-0e07044e","target":{"file":"core/java/android/widget/RemoteViews.java"},"deprecated":false}],"fixes":["https://android.googlesource.com/platform/frameworks/base/+/123df0906b86454542faf236a05e00e802068e56"],"severity":"High","types":["ID"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-281018094.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12:0"},{"fixed":"12:2023-08-01"}]}],"versions":["12"],"ecosystem_specific":{"spl":"2023-08-01","vanir_signatures":[{"source":"https://android.googlesource.com/platform/frameworks/base/+/634a69b7700017eac534f3f58cdcc2572f3cc659","digest":{"line_hashes":["329665021611362043020227002656192683749","33777507542537233731901269949093178718","124601394975036829142918177453582828532","284236484958232671673872160266776287285","213586894066632749964895258528904068608","175496572067704317475568725408983891312","283390899376001510600988390542171144052","83283854559210764264479836884934600211"],"threshold":0.9},"signature_version":"v1","signature_type":"Line","id":"ASB-A-281018094-84c3610d","target":{"file":"core/java/android/widget/RemoteViews.java"},"deprecated":false}],"fixes":["https://android.googlesource.com/platform/frameworks/base/+/634a69b7700017eac534f3f58cdcc2572f3cc659"],"severity":"High","types":["ID"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-281018094.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12L:0"},{"fixed":"12L:2023-08-01"}]}],"versions":["12L"],"ecosystem_specific":{"spl":"2023-08-01","vanir_signatures":[{"source":"https://android.googlesource.com/platform/frameworks/base/+/634a69b7700017eac534f3f58cdcc2572f3cc659","digest":{"line_hashes":["329665021611362043020227002656192683749","33777507542537233731901269949093178718","124601394975036829142918177453582828532","284236484958232671673872160266776287285","213586894066632749964895258528904068608","175496572067704317475568725408983891312","283390899376001510600988390542171144052","83283854559210764264479836884934600211"],"threshold":0.9},"signature_version":"v1","signature_type":"Line","id":"ASB-A-281018094-057349d9","target":{"file":"core/java/android/widget/RemoteViews.java"},"deprecated":false}],"fixes":["https://android.googlesource.com/platform/frameworks/base/+/634a69b7700017eac534f3f58cdcc2572f3cc659"],"severity":"High","types":["ID"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-281018094.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"13:0"},{"fixed":"13:2023-08-01"}]}],"versions":["13"],"ecosystem_specific":{"spl":"2023-08-01","vanir_signatures":[{"source":"https://android.googlesource.com/platform/frameworks/base/+/634a69b7700017eac534f3f58cdcc2572f3cc659","digest":{"line_hashes":["329665021611362043020227002656192683749","33777507542537233731901269949093178718","124601394975036829142918177453582828532","284236484958232671673872160266776287285","213586894066632749964895258528904068608","175496572067704317475568725408983891312","283390899376001510600988390542171144052","83283854559210764264479836884934600211"],"threshold":0.9},"signature_version":"v1","signature_type":"Line","id":"ASB-A-281018094-84aee7e0","target":{"file":"core/java/android/widget/RemoteViews.java"},"deprecated":false}],"fixes":["https://android.googlesource.com/platform/frameworks/base/+/634a69b7700017eac534f3f58cdcc2572f3cc659"],"severity":"High","types":["ID"]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-281018094.json"}}],"schema_version":"1.7.5"}