{"id":"ASB-A-283006437","details":"In restorePermissionState of PermissionManagerServiceImpl.java, there is a possible way for an app to keep permissions that should be revoked due to incorrect permission flags cleared during an update. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-283006437","CVE-2023-21270"],"modified":"2026-04-23T15:15:38.048727Z","published":"2023-08-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2023-08-01"},{"type":"FIX","url":"https://android.googlesource.com/platform/frameworks/base/+/e7ccba6da2c3febeb449c172c1d8091f7a35193d"},{"type":"FIX","url":"https://android.googlesource.com/platform/frameworks/base/+/e7ccba6da2c3febeb449c172c1d8091f7a35193d"}],"affected":[{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"13-next:0"},{"fixed":"13-next:2023-08-01"}]}],"versions":["13-next"],"ecosystem_specific":{"severity":"High","fixes":["https://android.googlesource.com/platform/frameworks/base/+/75d59e2c837fe80573d005d614b5605f049d670b"],"vanir_signatures":[{"signature_version":"v1","signature_type":"Function","id":"ASB-A-283006437-b41927e2","digest":{"function_hash":"142246288412129094408514203199238561948","length":8812},"deprecated":false,"source":"https://android.googlesource.com/platform/frameworks/base/+/75d59e2c837fe80573d005d614b5605f049d670b","target":{"function":"restorePermissionState","file":"services/core/java/com/android/server/pm/permission/PermissionManagerServiceImpl.java"}},{"signature_version":"v1","signature_type":"Line","id":"ASB-A-283006437-df1c9da6","digest":{"line_hashes":["241855179621913930701588804709780155522","275479356698363652495977846336318607251","255741566803734956684115847599940359502","329511216806155411583397618051815937323","230890054020277999966381857942827090781","30743053879712092806019355833439531329","164061260477018033836468278206461597782","186425670345635799098268351722874335822","276325974263410010527862255220314547069","218520723691657242980782739382052017414","155526587664885433202374294265209902170","204856196167746811870896199949595693266","295885706405182841829403271221225263171","145729099851963986731834857453604949671","292148157103032482322089350809150613971","167382233552830894443080007920035353773","314429486213177128614653224747932411797","276325974263410010527862255220314547069","118032391002288377293566182663078948299","314595102839975675297811354990239556759","120323400186829302355158193795315749404","163986750517143368853988482277776772815","197201103724724939510754681281531348217","194974524402462089005617861962819942918","92828404067021723650658033648695093647","166946909467751980189952350180328577663","15866680198536122678978656592794424777","176595566564772642823644730206600131131","178686642698283105794922610506754798137","234428186770411006908902272106075667589","75963442116464278584509164306047510920","74776902845116693701746993520768117870","12555057430024890003862183139881997738","107490859850623254815892131356663147820","194923508558333860654626642113920483145","25435482031621032640164583620808387257","286001486748147234981313512722507028679","20353192589936882140155114595647809471","249850546937422752978060123149387108317","259493669906692371733530881195881315277","331702832483086198673641645128446701892","112187493214145262221793608858508324924","73191787758393067461880425633411347621","67881705992814538402892150868489171754"],"threshold":0.9},"deprecated":false,"source":"https://android.googlesource.com/platform/frameworks/base/+/75d59e2c837fe80573d005d614b5605f049d670b","target":{"file":"services/core/java/com/android/server/pm/permission/PermissionManagerServiceImpl.java"}}],"types":["EoP"],"spl":"2023-08-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-283006437.json"}},{"package":{"name":"platform/packages/apps/Launcher3","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"13-next:0"},{"fixed":"13-next:2023-08-01"}]}],"versions":["13-next"],"ecosystem_specific":{"severity":"High","fixes":["https://android.googlesource.com/platform/packages/apps/Launcher3/+/6f7a11861f9158061e90d0645c4d891f29cdfc59"],"types":["EoP"],"spl":"2023-08-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-283006437.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12:0"},{"fixed":"12:2023-08-01"}]}],"versions":["12"],"ecosystem_specific":{"severity":"High","fixes":["https://android.googlesource.com/platform/frameworks/base/+/0e1ebd84e27f5d4fa8bc6577705293251bcbac4f"],"vanir_signatures":[{"signature_version":"v1","signature_type":"Function","id":"ASB-A-283006437-1ee35752","digest":{"function_hash":"245572871958414356327954138591672841843","length":8212},"deprecated":false,"source":"https://android.googlesource.com/platform/frameworks/base/+/0e1ebd84e27f5d4fa8bc6577705293251bcbac4f","target":{"function":"restorePermissionState","file":"services/core/java/com/android/server/pm/permission/PermissionManagerService.java"}},{"signature_version":"v1","signature_type":"Line","id":"ASB-A-283006437-444d16b0","digest":{"line_hashes":["241855179621913930701588804709780155522","275479356698363652495977846336318607251","255741566803734956684115847599940359502","329511216806155411583397618051815937323","230890054020277999966381857942827090781","30743053879712092806019355833439531329","164061260477018033836468278206461597782","186425670345635799098268351722874335822","276325974263410010527862255220314547069","218520723691657242980782739382052017414","155526587664885433202374294265209902170","204856196167746811870896199949595693266","295885706405182841829403271221225263171","145729099851963986731834857453604949671","292148157103032482322089350809150613971","167382233552830894443080007920035353773","314429486213177128614653224747932411797","276325974263410010527862255220314547069","118032391002288377293566182663078948299","314595102839975675297811354990239556759","163722187449539808166127513629106944859","146762435681937213432946232827403882886","37911553657853436485296153724958281419","108645160186932075327622118651056146738","92828404067021723650658033648695093647","166946909467751980189952350180328577663","15866680198536122678978656592794424777","176595566564772642823644730206600131131","178686642698283105794922610506754798137","234428186770411006908902272106075667589","75963442116464278584509164306047510920","74776902845116693701746993520768117870","12555057430024890003862183139881997738","107490859850623254815892131356663147820","194923508558333860654626642113920483145","25435482031621032640164583620808387257","286001486748147234981313512722507028679","20353192589936882140155114595647809471","249850546937422752978060123149387108317","160578629446369328838463630213056123111","55800704381838252904979346999253933746","250265219113820724228197185886707073118","19782484586458661874039702862718242670","25424149211409059614636043450427951459"],"threshold":0.9},"deprecated":false,"source":"https://android.googlesource.com/platform/frameworks/base/+/0e1ebd84e27f5d4fa8bc6577705293251bcbac4f","target":{"file":"services/core/java/com/android/server/pm/permission/PermissionManagerService.java"}}],"types":["EoP"],"spl":"2023-08-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-283006437.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"12L:0"},{"fixed":"12L:2023-08-01"}]}],"versions":["12L"],"ecosystem_specific":{"severity":"High","fixes":["https://android.googlesource.com/platform/frameworks/base/+/0e1ebd84e27f5d4fa8bc6577705293251bcbac4f"],"vanir_signatures":[{"signature_version":"v1","signature_type":"Line","id":"ASB-A-283006437-2df8e8a0","digest":{"line_hashes":["241855179621913930701588804709780155522","275479356698363652495977846336318607251","255741566803734956684115847599940359502","329511216806155411583397618051815937323","230890054020277999966381857942827090781","30743053879712092806019355833439531329","164061260477018033836468278206461597782","186425670345635799098268351722874335822","276325974263410010527862255220314547069","218520723691657242980782739382052017414","155526587664885433202374294265209902170","204856196167746811870896199949595693266","295885706405182841829403271221225263171","145729099851963986731834857453604949671","292148157103032482322089350809150613971","167382233552830894443080007920035353773","314429486213177128614653224747932411797","276325974263410010527862255220314547069","118032391002288377293566182663078948299","314595102839975675297811354990239556759","163722187449539808166127513629106944859","146762435681937213432946232827403882886","37911553657853436485296153724958281419","108645160186932075327622118651056146738","92828404067021723650658033648695093647","166946909467751980189952350180328577663","15866680198536122678978656592794424777","176595566564772642823644730206600131131","178686642698283105794922610506754798137","234428186770411006908902272106075667589","75963442116464278584509164306047510920","74776902845116693701746993520768117870","12555057430024890003862183139881997738","107490859850623254815892131356663147820","194923508558333860654626642113920483145","25435482031621032640164583620808387257","286001486748147234981313512722507028679","20353192589936882140155114595647809471","249850546937422752978060123149387108317","160578629446369328838463630213056123111","55800704381838252904979346999253933746","250265219113820724228197185886707073118","19782484586458661874039702862718242670","25424149211409059614636043450427951459"],"threshold":0.9},"deprecated":false,"source":"https://android.googlesource.com/platform/frameworks/base/+/0e1ebd84e27f5d4fa8bc6577705293251bcbac4f","target":{"file":"services/core/java/com/android/server/pm/permission/PermissionManagerService.java"}},{"signature_version":"v1","signature_type":"Function","id":"ASB-A-283006437-a3f25229","digest":{"function_hash":"245572871958414356327954138591672841843","length":8212},"deprecated":false,"source":"https://android.googlesource.com/platform/frameworks/base/+/0e1ebd84e27f5d4fa8bc6577705293251bcbac4f","target":{"function":"restorePermissionState","file":"services/core/java/com/android/server/pm/permission/PermissionManagerService.java"}}],"types":["EoP"],"spl":"2023-08-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-283006437.json"}},{"package":{"name":"platform/frameworks/base","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"13:0"},{"fixed":"13:2023-08-01"}]}],"versions":["13"],"ecosystem_specific":{"severity":"High","fixes":["https://android.googlesource.com/platform/frameworks/base/+/4ebd48959ce962b87c3468724ee4d7390714e3f3"],"vanir_signatures":[{"signature_version":"v1","signature_type":"Function","id":"ASB-A-283006437-11162f0b","digest":{"function_hash":"145104657252555869640414577518760746497","length":8661},"deprecated":false,"source":"https://android.googlesource.com/platform/frameworks/base/+/4ebd48959ce962b87c3468724ee4d7390714e3f3","target":{"function":"restorePermissionState","file":"services/core/java/com/android/server/pm/permission/PermissionManagerServiceImpl.java"}},{"signature_version":"v1","signature_type":"Line","id":"ASB-A-283006437-437192db","digest":{"line_hashes":["241855179621913930701588804709780155522","275479356698363652495977846336318607251","255741566803734956684115847599940359502","329511216806155411583397618051815937323","230890054020277999966381857942827090781","30743053879712092806019355833439531329","164061260477018033836468278206461597782","186425670345635799098268351722874335822","276325974263410010527862255220314547069","218520723691657242980782739382052017414","155526587664885433202374294265209902170","204856196167746811870896199949595693266","295885706405182841829403271221225263171","145729099851963986731834857453604949671","292148157103032482322089350809150613971","167382233552830894443080007920035353773","314429486213177128614653224747932411797","276325974263410010527862255220314547069","118032391002288377293566182663078948299","314595102839975675297811354990239556759","163722187449539808166127513629106944859","146762435681937213432946232827403882886","37911553657853436485296153724958281419","108645160186932075327622118651056146738","92828404067021723650658033648695093647","166946909467751980189952350180328577663","15866680198536122678978656592794424777","176595566564772642823644730206600131131","178686642698283105794922610506754798137","234428186770411006908902272106075667589","75963442116464278584509164306047510920","74776902845116693701746993520768117870","12555057430024890003862183139881997738","107490859850623254815892131356663147820","194923508558333860654626642113920483145","25435482031621032640164583620808387257","286001486748147234981313512722507028679","20353192589936882140155114595647809471","249850546937422752978060123149387108317","160578629446369328838463630213056123111","55800704381838252904979346999253933746","250265219113820724228197185886707073118","19782484586458661874039702862718242670","25424149211409059614636043450427951459"],"threshold":0.9},"deprecated":false,"source":"https://android.googlesource.com/platform/frameworks/base/+/4ebd48959ce962b87c3468724ee4d7390714e3f3","target":{"file":"services/core/java/com/android/server/pm/permission/PermissionManagerServiceImpl.java"}}],"types":["EoP"],"spl":"2023-08-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-283006437.json"}},{"package":{"name":"platform/packages/apps/Launcher3","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"13:0"},{"fixed":"13:2023-08-01"}]}],"versions":["13"],"ecosystem_specific":{"severity":"High","fixes":["https://android.googlesource.com/platform/packages/apps/Launcher3/+/bdf75772ea2bfd60f004a5d326478bd83deda9a0"],"types":["EoP"],"spl":"2023-08-01"},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-283006437.json"}}],"schema_version":"1.7.5"}